Archive for the Commentary Category

Peloton Has 99 Problems And Data Leakage Is One Of Them

Posted in Commentary with tags on May 5, 2021 by itnerd

Peleton is having a bad day today. Today Peloton recalled all their treadmills after reported injuries and a death. But they also have a data privacy issue on their hands. Zack Whittaker who is reporting for TechCrunch details the issue:

Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed anyone to pull users’ private account data directly from Peloton’s servers, even with their profile set to private. Peloton, the at-home fitness brand synonymous with its indoor stationary bike and beleaguered treadmills, has more than three million subscribers. Even President Biden is said to own one. The exercise bike alone costs upwards of $1,800, but anyone can sign up for a monthly subscription to join a broad variety of classes.

As Biden was inaugurated (and his Peloton moved to the White House — assuming the Secret Service let him), Jan Masters, a security researcher at Pen Test Partners, found he could make unauthenticated requests to Peloton’s API for user account data without it checking to make sure the person was allowed to request it. (An API allows two things to talk to each other over the internet, like a Peloton bike and the company’s servers storing user data.) But the exposed API let him — and anyone else on the internet — access a Peloton user’s age, gender, city, weight, workout statistics and, if it was the user’s birthday, details that are hidden when users’ profile pages are set to private. Masters reported the leaky API to Peloton on January 20 with a 90-day deadline to fix the bug, the standard window time that security researchers give to companies to fix bugs before details are made public. But that deadline came and went, the bug wasn’t fixed and Masters hadn’t heard back from the company, aside from an initial email acknowledging receipt of the bug report.

That’s a total #Fail. Peloton really is dropping the ball here. But that’s not how the company sees things:

It’s a priority for Peloton to keep our platform secure and we’re always looking to improve our approach and process for working with the external security community. Through our Coordinated Vulnerability Disclosure program, a security researcher informed us that he was able to access our API and see information that’s available on a Peloton profile. We took action, and addressed the issues based on his initial submissions, but we were slow to update the researcher about our remediation efforts. Going forward, we will do better to work collaboratively with the security research community and respond more promptly when vulnerabilities are reported. We want to thank Ken Munro for submitting his reports through our CVD program and for being open to working with us to resolve these issues.

If you want the technical details, the guy who found this issue put up a blog post explaining the vulnerabilities. But let’s be clear, Peloton has to do much, much better than this. They really need to assure their users that their personal information isn’t able to be grabbed and sold on the dark web or something. Without that trust, there’s zero reason for anyone to trust this company or buy their products. Ever.

Hisense Introduces New Technologies To 2021 Premium Product Lineup

Posted in Commentary with tags on May 5, 2021 by itnerd

Hisense, provider of high-performance televisions and appliances, unveils its 2021 Laser TVs, Soundbars, TVs and new premium ULED Series lineup. Featuring new technologies like ULED XD Dual-Cell™ and 8K; upgrades like Quantum Dot and ultra-high speed HDMI 2.1; screen sizes that span 32 to 120-inches; and multiple content platforms and smart home capabilities, Hisense’s new lineup delivers even more premium options to viewers. 

U9DG Series: 4K ULED XD TV with Dual-Cell Technology

Hisense’s new U9DG Series brings the brand’s breakthrough Dual-Cell™ Technology into living rooms this year. Experience movies and TV shows like never before thanks to the impressive contrast of the U9DG Series’ pure whites and deep blacks. Unique to Hisense, Dual-Cell works by layering a luminance control panel behind the 4K panel to manage grayscale and colour more precisely. This television, which features over 2 million dimming zones, reaches an impressive static contrast ratio of 150,000:1, making it one of the most advanced LED TV technologies in the industry. Dark scenes are as distinct as bright ones, with even more detail and richer shades of colour.

Featuring Quantum Dot technology, Dolby Vision IQ, ultra-high speed HDMI, HDR10+/HDR10/HLG, IMAX enhanced, Filmmaker Mode™, Dolby Atmos® from the TV’s built-in speakers, eARC and WiSA Ready, the U9DG transforms entertainment experiences through ultra-vivid picture quality and immersive moving audio that flows all around a listener. Dolby Vision IQ takes the benefits of Dolby Vision® beyond HDR by leveraging the full intelligence of the TV to deliver a perfect picture in the room at every moment – all without ever needing to pick up a remote. Built-in microphones and smart features, such as far-field voice control and integrated Google Assistant, make the TV a smart home hub. Available in a 75-inch screen and with a beautifully thin bezel design, the U9DG brings a truly unique watch experience to the home and is a must-have for those looking for the latest in TV technology.

U800GR Series: 8K Roku TV™ with ULED Premium Technology 

With 33 million pixels and four times more depth and clarity than a 4K TV, Hisense introduces another new premium option to the ULED Series with the U800GR. Hisense’s latest Roku TV offers heightened precision, textures and fine details for a remarkably realistic viewing experience in 8K. The U800GR Series features ULED Premium Technology, Quantum Dot technology, up to 1,000 nits peak brightness, >7,000:1 contrast, 120Hz refresh rate and up to 180 local dimming zones to deliver dazzling picture quality on its 75” screen. With the 8K AI Upscaler, users can enjoy a more defined, detailed picture even for non-8K content. The Upscaler analyzes the picture frame-by-frame and automatically adjusts pixels to optimize shadows and brightness, producing a more realistic image regardless of the content resolution. 

Hisense Roku TVs offer a customizable home screen, thousands of free and paid streaming channels and advanced features like fast and easy search across top channels. The Roku home screen puts a customer’s favourite entertainment in one place so it’s easier than ever to watch what they love, including live TV, news, sports, hit movies, popular shows and more. The U800GR also features Apple Airplay, and alongside the voice remote, customers can use Alexa-enabled devices and/or Google Assistant to control the TV. 

U88G Series: A Best in Class TV with Premium Upgrades 

The Q9G Series has been critically acclaimed for its bright picture quality and stunning HDR viewing experience. This year, Hisense is bringing major enhancements with the introduction of the U88G Series, making it thechoice for a best-in-class TV and the perfect choice for people looking for picture quality that brings the theater home. 

In addition to 4K Quantum Dot technology, the U88G now features Dolby Vision IQ, ultra-high speed HDMI 2.1, high contrast ratio, up to 360 FALD zones and 1,500 nits peak brightness. Consumers can enjoy a truly cinematic experience with IMAX enhanced, Filmmaker Mode™, Dolby Vision IQ and HDR10+/HDR10. Audio is enhanced with Dolby Atmos, eARC and comes WiSA Ready for a true wireless home theater setup. Including a newly designed anti-glare, anti-reflection screen and floating glass display, the U88G brings elegant design upgrades that elevate the viewing experience. 

In-bezel microphones and far-field voice offer the full array of smart home controls beyond what’s on the screen, making it a true hub for the home. With integrated Google Assistant, the U88G series can control lights and thermostats, add items to grocery lists, or pull up and play favourite shows – all without needing a voice remote. Android TV™ platform brings more than 400,000 movies and shows, plus video streaming from Netflix®, Disney+, Amazon Prime Video, YouTube™, and others, making it easy to find your favourite content. The U88G will be available in 55 and 65-inch sizes. 

U78G Series: Next-Level Gaming 

Gamers will be thrilled with the new U78G series. Available in 55, 65 and 75-inch screen sizes, players can have an immersive experience with newer consoles that support higher quality images and refresh rates. Hisense designed the U78G to bring a knockout experience with upgrades like Game Mode Pro and ultra-high speed HDMI 2.1. 

The new Game Mode Pro recognizes gaming sequences and automatically optimizes display settings for a top-notch experience. The automatic low-latency mode (ALLM) and variable refresh rate (VRR) deliver smooth, fluid game play by minimizing input lag, screen jitter, and frame tearing. The feature brings players instant response times, minimal motion blur and halo effects and immersive surround sound.

The U78G Series brings new upgrades in picture quality including 120Hz refresh rate, 6,000:1 contrast ratio, and 1,000 nits peak brightness. Like the U88G, movies and TV shows are brought to life with IMAX enhanced, Filmmaker Mode™, Dolby Vision IQ and HDR10+/HDR10 while also including premium audio enhancements such as Dolby Atmos, eARC and comes WiSA Ready. 

The new U78G Series also features Android TV so users can stream thousands of movies and shows from a variety of platforms such as Netflix, Amazon Prime Video, Disney+, and YouTube. With built-in Google Assistant™ and the addition of far-field voice control, users can adjust the lights, turn up the volume, order a pizza and do far more right from the TV, using just their voice. 

U68G Series: Bigger Screens, Multiple Platforms and Premium Upgrades 

In 2020, Hisense’s ULED TVs exceeded expectations for customers, leaving viewers impressed with the picture quality and overall performance. This year, Hisense is bringing that experience to even more people through the expansion of its ULED Series lineup to include more options with the U68G. 

Offering Android TV with the U68G, this series has an array of screen sizes and price ranges for every room and every budget. Featuring ULED technology, Dolby Atmos, Dolby Vision, HDR10, 60Hz refresh rate, high contrast ratio, up to 60 FALD zones and 600 nits peak brightness, users can enjoy stellar audio and picture quality at an even better price. The U68G comes in 50, 55, 65, and 75-inch options and upgrades like Filmmaker Mode™, HDR10+, built-in Google Assistant and Chromecast. 

A68G Series: Smart TVs for Every Budget 

Hisense is offering a wide array of screen size options to the new A68G 4K Smart TV Series. Screen sizes span from 43 to 85-inches, making Hisense an option for every room and budget. With an even bigger focus on personalization and content, Hisense is offering viewers many choices and price points alongside richer colours and even more detail. 

L5 4K Ultra Short Throw Laser Cinema: A True-To-Life Picture and Big Screen Experience

Hisense brings an even bigger cinema experience home with the new 120” L5F Laser Cinema. Featuring true-to-life images that exceed the standard 4K colour range, built-in speakers with dbx-tv® cinematic sound, robust Android TV™ platform and a perfectly-paired 120” ALR projector screen. 

The Laser Engine is a breakthrough in TV product development, redefining the way that TVs can present images, and leading the next generation of display technology. The L5’s blue laser light source produces razor-sharp, precise images with stunning detail. Fast-moving images appear smooth and accurate, making it the ideal source for watching sports, enjoying fast-action movies and gaming. 

Hisense Soundbars: Big Sound with a Sleek Design 

In addition to Smart TVs, Hisense has unveiled a new line of soundbars to enhance the TV watching experience. Easy to place and connect, the soundbars are an all-in-one solution equipped with powerful, room-filling sound. Their compact and sleek design doesn’t compromise space, making them the perfect addition to any bedroom, living room, or family room. Users can choose from three new models: the HS214 (108 watts), HS218 (200 watts), and the HS512 (380 watts), which come equipped with Bluetooth, custom Sound Modes for various content and a wireless subwoofer (HS218 and HS512 only). 

The HS214 includes Pure Surround so users can hear every detail outside the screen, from the loudest explosions to the quietest sound effects. The HS218 comes with four speakers and professional master-level sound effect tuning, the TV viewing experience comes to life. Users can enjoy a truly immersive experience with the HS512, thanks to Dolby Atmos, which allows individual sounds to come from all directions to fill the room with astonishing clarity, richness, detail and depth. Hisense soundbars also feature EzPlay which allows users to control the soundbars with their Hisense remote. EzPlay will be available for all current and new soundbars through a software update and will be compatible with the U78G, U88G and U9DG Series TVs. 

Availability

  • U9DG Series will be available Fall 2021 
  • U800GR Series will be available Fall 2021 
  • U88G Series will be available May 2021 
  • U78G Series will be available Summer 2021 
  • U68G Series is available now 
  • A68G Series is available now 
  • L5 Laser Cinema is available now 
  • Hisense Soundbars are available Spring 2021 

To learn more about all of Hisense’s premium offerings, visit hisense-canada.com

Sonos X JUNOS: All Our Sound Radio Station – Celebrating 50 Years

Posted in Commentary with tags on May 5, 2021 by itnerd

The JUNOS are turning 50 this year! 

In the lead up to this incredible milestone, Sonos is excited to announce the launch of a brand new radio station in partnership with the JUNOS to celebrate the 50th anniversary of the awards. Highlighting the best of Canadian music, with over 500 tracks and hundreds of artists, All Our Sound premieres exclusively on Sonos Radio today.

Artists featured on the station include a mix of winners and Hall of Fame inductees from the last 50 years, and includes personal anecdotes between tracks from artists like the Arkells, Corey Hart, Dallas Smith, The Glorious Sons, July Talk, Lennon Stella, MacKenzie Porter, The Reklaws, Rufus Wainwright, Sarah McLachlan, and Savannah Ré. 

Any Canadians looking to get their JUNOS fix in the lead up to the awards can access a preview of the station here, featuring almost 1.5 hours of content from All Our Sound

Guest Post: Atlas VPN Says Nearly 50% Of Organizations Hit By Ransomware Are US-Based

Posted in Commentary with tags on May 5, 2021 by itnerd

Data presented by the Atlas VPN team shows that 45% of organizations hit by ransomware in 2020 are based in the US.

Enterprises all over the world are being kept hostage by ransomware, and many are being forced to pay criminals because the expense of downtime and loss of reputation if the consumer data goes public outweighs the ransom.

The data was collected from publicly available websites as well as those on the dark web. The dataset included 337 victims from 56 different industries in five regions and 39 countries.

Surprisingly, out of 337 ransomware victims last year, 151 (45%), were operating in the US. 

US organizations are extremely profitable for hackers. They reach a wider market than most other countries, which often means that they have more resources. Moreover, having more employees, contractors and using more services creates a broader attack surface for hackers to exploit.  

On a similar note, 39 (12%) of businesses in Canada got trapped by ransomware and were forced to pay up. Third on the list is Germany, where 26 (8%) organizations suffered from a ransomware attack. 

Fourth is the United Kingdom, and fifth is France, where 17 (5%) and 16 (5%) businesses respectively have been a victim of a ransomware attack. 

Ransomware is a lucrative market. The average ransom paid by organizations in the United States, Canada, and Europe rose by 171% from $115,123 in 2019 to $312,493 in 2020.

Double extortion on the rise

Several ransomware families have demonstrated their ability to exfiltrate data and use double extortion tactics, including NetWalker, RagnarLocker, DoppelPaymer, and several others. 

Instead of only encrypting data on the victim’s computer, hackers also export files to their own computers in order to further compel the victim to pay the ransom. In case the ransom is not paid, criminals threaten to publish the data on leak sites and forums that are operating on the dark web. 

By far the most effective ransomware family is NetWalker, which was used in 33% of attacks last year.  

Interestingly, the FBI has already taken the matter into their own hands and took down the site on the dark web that was providing NetWalker ransomware for sale as a service. 

During the FBI’s investigation, a Canadian national – Sébastien Vchon-Desjardins of Gatineau was charged in the Middle District of Florida. He is alleged to have obtained over $27.6 million as a result of the offenses charged in the indictment. 
 

To read the full article, head over to: https://atlasvpn.com/blog/nearly-50-of-organizations-hit-by-ransomware-are-us-based

Instagram Deletes Signal Ads Because Facebook Doesn’t Want Signal To Show You How Invasive Facebook Ads Truly Are…. So You Should Really #DeleteFacebook

Posted in Commentary with tags , on May 5, 2021 by itnerd

Signal has had a series of Instagram ads blocked from Instagram after it attempted to show users how much data the Facebook owned company collects about them and how it’s used to push targeted ads. The ads used Signal branding and featured the user’s professional role, education, interests, hobbies, location, and relationship status, among other personal data points pruned from their interaction with the platform to. Unsurprisingly the ads never made it to Instagram users’ feeds and Signal’s ad account for the platform was quickly disabled by Instagram.

In a blog post Signal described how it generated the ads to show users why they were seeing them:

We created a multi-variant targeted ad designed to show you the personal data that Facebook collects about you and sells access to. The ad would simply display some of the information collected about the viewer which the advertising platform uses. Facebook was not into that idea.

Facebook is more than willing to sell visibility into people’s lives, unless it’s to tell people about how their data is being used. Being transparent about how ads use people’s data is apparently enough to get banned; in Facebook’s world, the only acceptable usage is to hide what you’re doing from your audience.

Any business that has to actively hide what it does in order to conduct business is a business that is to borrow a phrase that the young people say is “sketchy A.F.” If you don’t know what that means, ask a millennial. I did. That means that Facebook is “sketchy A.F.” Not that you or I are surprised by that because this is Facebook we are talking about.

In any case, this is another example as to why you should delete all things Facebook.

A Pair Of Student Aid Websites In BC Possibly Pwned By Hackers

Posted in Commentary with tags , on May 5, 2021 by itnerd

A pair of websites in BC related to student aid have apparently been pwned by hackers. CBC News has the details:

The Ministry of Advanced Education and Skills Training says it has temporarily shut down two British Columbia websites after both appear to have been compromised.

The home pages of StudentAid B.C. and LearnLive B.C. were altered Sunday and replaced with a statement allegedly from a hacker group.

The affected sites offer application assistance or details about scholarships, grants, bursaries, loans and other financial programs for post-secondary students.

A statement from the ministry says it has been alerted to the problem and is investigating, along with the Office of the Chief Information Officer.

Needless to say, this is not good. And it isn’t clear at this point if any information has been leaked. Which is also not good. David Masson, Director of Enterprise Security for Darktrace had this to say:

Threat actors seek to cause maximum disruption, regardless of the victim or organization. In taking down the StudentAid B.C. website right at the beginning of the summer semester, cyber criminals are intending to inflict as much harm as possible to a vulnerable part of the B.C. population. Little has been disclosed about the nature of the attack, and this lack of information will only be causing more concern for organizations who are keen to avoid the same fate.

With machine-speed, novel attacks on the rise throughout Canada, traditional signature and rules-based security systems are simply not able to match the pace of attacker ingenuity. In addition, with security teams still struggling with the fallout from mass and sudden digital transformation, more and more Canadian organizations are turning to AI to identify attacks as they happen and autonomously respond to stop them from causing damage. AI is also capable of automatically investigating incidents such as those that happened on the StudentAid B.C. website, which drastically reduces time spent triaging and reporting, empowering human teams to disclose, reassure quickly, and most critically, to react before the damage is done. 

Hopefully, companies take heed of this warning and do what is required to stop this sort of thing from happening in the future.

Microsoft To Nuke Adobe Flash For Good This Summer

Posted in Commentary with tags , on May 5, 2021 by itnerd

Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate the now unsupported Adobe Flash Player from Windows PCs for good:

The update KB4577586 called “Update for Removal of Adobe Flash Player” has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020 as per an announcement by Adobe and major browser makers in 2017. 

“Starting in June 2021, the KB4577586 “Update for Removal of Adobe Flash Player” will be included in the Preview Update for Windows 10, version 1809 and above platforms. It will also be included in every subsequent Latest Cumulative Update,” Microsoft said. “As of July 2021, the KB4577586 “Update for Removal of Adobe Flash Player” will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard,” it added.

One of these patches will hit the streets in June and the second will hit the streets in July. That will pretty much “Thanos Snap” Adobe Flash out of existence. And it’s about time. Adobe Flash has major security issues and it shouldn’t be on any computer on planet Earth. So the fact that Microsoft is taking this step is something that I applaud.

FaceBook To Decide Today Whether To Reinstate Donald Trump’s Account…. Which Causes #DeleteFacebook To Trend World Wide On Twitter

Posted in Commentary with tags on May 5, 2021 by itnerd

It has come to light that Facebook’s Oversight Board is meeting today to decide if former President Donald Trump can return to the platform after being “Thanos Snapped” off the platform as a result of his part in instigating the January 6 riots in Washington DC that left five dead:

The Facebook Oversight Board will announce its decision Wednesday morning whether to allow former President Donald Trump back on the platform, nearly five months after he was suspended following the January 6 attack on the U.S. Capitol. 

If the board decides to let him on the platform, Facebook has seven days to unlock Mr. Trump’s account and turn it back over to him. The decision cannot be appealed. 

The Facebook Oversight Board has 20 members who are based around the world and are lawyers, professors, journalists, and human rights activists. The committee, established by CEO Mark Zuckerberg in 2019, is sometimes referred to as “Facebook’s Supreme Court” because it can overturn decisions made by company executives and its decisions are final. Mr. Trump’s case will be the tenth decision the board has handed down.

This to nobody’s surprise has resulted in #DeleteFacebook trending world wide on Twitter as evidenced by this:

And of course, people have lots to say about this:

Now if you want to #DeleteFacebook, this Mashable article can help you do it. I suggest that you read it because even if you turn off your Facebook account, the platform or others associated with the platform will still make money off of you. That would be bad. And even if you delete your account, it is possible that third parties may still have access to your data. That is also bad and illustrates why everyone should #DeleteFacebook. The platform is so invasive that nobody should be on it. Not to mention the fact that such a divisive figure like Trump might be allowed back onto the platform.

UPDATE: The decision has just been released and the short answer is no. But you should still #DeleteFacebook.

Dell Just Patched A 12 Vulnerability That Exposed Hundreds Of Millions Of Dells To Being Pwned

Posted in Commentary with tags on May 4, 2021 by itnerd

If you own a Dell PC, you need to pay attention to this. Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks:

The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer’s BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC — in what the security community typically describes as a privilege escalation vulnerability.

This is a big deal that affects home and business users. Dell has a document that you should read here which speaks to this issue and how to address it. Thus I would strongly suggest any Dell user take heed of this and act accordingly.

New LinkedIn Data Reveals What Canadians Value In A New Job

Posted in Commentary with tags on May 4, 2021 by itnerd

After a year of unprecedented conditions, a number of Canada’s Top Companies are shaking up how they structure their worksites and workdays, with many planning to offer more flexible and hybrid remote/in-person roles even after the pandemic is over.

So, are they giving people what they want? In the latest edition of the Workforce Confidence Index, LinkedIn looked at what Canadians say they value most in a new job – and how that varies across industries.

  • Nearly half of respondents from Canada’s workforce said that having flexibility over their working hours and location and finding work/life balance had become more important value propositions in a new job after the pandemic than beforehand.
  • 40% of respondents say benefits – such as health care and paid time off – were also more important than they were pre-pandemic, while just over a third said the same was true of salary and workplace culture.
  • Roughly a quarter of respondents overall said a company’s visible commitment to diversity and inclusion was more important to them than it was before the pandemic, while 35% had a heightened focus on building transferable skills.

For the full results, visit here.

Methodology

LinkedIn’s Workforce Confidence Index is based on a quantitative online survey that is distributed to Canada-based members via email every two weeks. Members are randomly sampled and must be opted into research to participate. Students, stay-at-home partners & retirees are excluded from analysis so we’re able to get an accurate representation of those currently active in the workforce. We analyze data in aggregate and will always respect member privacy.

Data is weighted by engagement level, to ensure fair representation of various activity levels on the platform. The results represent the world as seen through the lens of LinkedIn’s membership; variances between LinkedIn’s membership & overall market population are not accounted for. 1725 workers in Canada were surveyed from March 13-April 9 for the research on what the workforce values in a new role.

The LinkedIn Omnibus Research on how jobs have changed is from March 2021, with n>50.