Archive for the Commentary Category

TekSavvy TV Now Available Coast to Coast

Posted in Commentary with tags on October 19, 2021 by itnerd

TekSavvy and its affiliate cable company Hastings Cable Vision Limited, announce the launch of their popular TekSavvy TV product in select regions of Manitoba, Saskatchewan, Alberta, British Columbia, Newfoundland, Nova Scotia, PEI, and New Brunswick. Eligible TekSavvy residential Internet customers with a minimum download speed of 15MBPS can subscribe to TekSavvy TV starting at $20.00 per month for basic service and then add theme packages or choose their own channels with TekSavvy TV Pick Packs.

TekSavvy TV is a next generation video entertainment service that offers customers over 150 live HD channels, cloud based PVR service at an additional monthly charge,  video on demand, lookback & restart, and the ability to watch selected channels on the go through broadcaster GO apps right on their phones and tablets. It’s the channels and content that people know and love, but different in a good way. The best part: customers are not required to rent a set-top-box if they already own a compatible AppleTV, Amazon Fire TV device, or approved Android TV device. TekSavvy TV is a full-service app that can be downloaded to a compatible video streaming device, phone, or tablet from an app store. For customers who don’t have a compatible device they can rent a TekSavvy TV set-top-box for $5.00 per month. 

TekSavvy TV is exclusively available to TekSavvy residential Internet customers with a download speed of 15MBPS or higher and offers over 150 HD popular specialty channels. To learn more about TekSavvy TV and how to become a TekSavvy customer Canadians can visit

Zoho Announces New Apps And Services For Zoho One

Posted in Commentary with tags on October 19, 2021 by itnerd

Zoho Corporation, today introduced new apps and services in Zoho One, the operating system for business. The new release empowers businesses to solve disjointed data challenges and close communications gaps across silos, so organizations can become more productive, adapt more quickly to changing business conditions, and become poised for growth. 

Zoho One aims to resolve operational, digitization, and retention challenges that businesses encounter. Enhancement categories include: 

Unified, Real-time Insights for Critical Business Decisions 

Businesses now have stronger real-time, organization-wide analytics, connecting the dots between data previously lost across departments, teams, and accounts. Powered by Zia, Zoho’s AI assistant, and Zoho’s BI and Analytics Platform, Zoho One allows users to predict and provide insights across the organization enabling confident decision-making. New innovations include: 

  • Embedded and Conversational BIZoho One now features embedded and conversational analytics enabling decision makers to drill down into their data and glean cross-departmental insights, all through natural language commands using Zia Insights. By providing 1,500+ pre-built analytics reports and dashboards, critical business decisions can be made with greater precision and speed. 
  • Data Preparation: This self-service data preparation and management tool is now available in Zoho One. Whether users are preparing data from third-party apps or other sources, DataPrep, powered by machine learning, can help business users integrate, model, cleanse, transform, enrich, and catalog data, as well as integrate with Analytics or a third party for new-found insights. 
  • Work GraphZoho’s new back-end service, an industry-first for business software, maps interactions between people, resources, systems and processes by studying signals and their strength across the board to build a business-wide work graph that is specific to each individual within the organization. The result of a work graph will be seen in the day-to-day productivity of users across various apps. 
  • Enterprise SearchZoho’s actionable, organization-wide search, which is powered by Zia, can now understand natural language requests. Natural language powered search will lead to more accurate data discovery across teams and functions. 

Scale and Manage Operations More Effectively in Unpredictable Climates 

Global health and economic crises have accelerated the need for digital solutions that support varying workplace and business models. Operations have become more complex, making employee data and security a priority. The addition of Mobile Application Management and Zoho Commerce aim to help businesses better manage operations: 

  • Mobile Application Management (MAM): With remote work now persistent, Zoho One now includes enterprise-grade Mobile App Management capabilities. Admins can easily add and manage all of their users’ devices for better insight and control of provisioning, specific app permissions and policies, locking and wiping devices remotely, and more, to support employee mobility and flexibility. 
  • Zoho Commerce: Businesses need to digitize faster than ever. The addition of Zoho Commerce enables retailers to easily build online shops with the tools needed to construct a website, accept orders, track inventory, process payments, manage shipping, market their brand, and analyze data. Zoho Commerce also integrates with third party payment gateways. 

Build Strong Employee Experiences, From Anywhere 

To help close the distance between employees, employers, and teams, which has widened with remote work, Zoho One delivers solutions that promote stronger collaboration and employee experience to support any mode of work: 

  • Zoho Learn: Organizations now have a learning management tool that enables interactive training programs and assessments with Zoho’s course builder. Online centralization of company information, training programs, and more, gives businesses a better way to nurture employee growth. 
  • Zoho Lens: To facilitate better communication and collaboration in a remote-work environment, Zoho Lens provides remote assistance and guidance to employees through augmented reality (AR) via real-time AR annotation, VoIP and text chat, and more. 
  • TeamInbox: Teams use this shared email inbox to eliminate task duplication and streamline email conversations in one central location. 
  • Org Dictionary: Another industry-first, this new organization-wide service offers a central dictionary for the entire organization. It automatically incorporates the organization’s employee name and other sources offering a central, consistent diction across various Zoho applications and users. 

Unified and Personalized Experience with Context 

Zoho One’s enhanced user experience allows easy customization and personalization of workspaces: 

  • Unified Console, Dashboards, and Smart-Stack UI: Employees are now able to see their apps, services, and dashboards in one view with centralization across calendars, dashboards, navigation, and more. 
  • Customizable Dashboard with Pre-Built Widgets: Widgets encapsulating data across the organization can be aggregated together in a custom dashboard. This provides users visibility across the organization in a single view with the ability to drill down just one click away. 

A Deep Ecosystem that Extends and Integrates 

Recognizing that businesses value flexibility in choosing apps that serve their specific needs, the Zoho One platform already integrates with 1,000+ third party solutions on Zoho Marketplace and now extends integration with 100+ telephony providers to enable seamless communications between stakeholders. Zoho One also includes a comprehensive platform for developers and business users to create, extend, and integrate. The platform includes newly released no-code tool, Canvas, low-code tool, Zoho Creator, and pro-code platform, Catalyst

Zoho Pricing: Pricing starts at $50 CAD per employee. For comprehensive pricing information, please go to:

Are You Confused About The New MacBook Pro Models? Let Me Help You With That….

Posted in Commentary with tags on October 19, 2021 by itnerd

Yesterday, Apple released new 14 and 16 inch MacBook Pros. But I’ve been flooded with questions as to which one people should get. Well, the answer is really simpler than you think. Let’s start with the processor. Both of them come with M1 Pro processors with the option of the M1 Max processor. Here’s the differences between the two:

M1 Pro chip

  • Up to 10-core CPU with 8 performance cores and 2 efficiency cores
  • Up to 16-core GPU
  • 16-core Neural Engine
  • 200GB/s memory bandwidth
  • Hardware-accelerated H.264, HEVC, ProRes and ProRes RAW
  • Video decode engine 
  • Video encode engine 
  • ProRes encode and decode engine

M1 Max chip

  • 10-core CPU with 8 performance cores and 2 efficiency cores
  • Up to 32-core GPU
  • 16-core Neural Engine
  • 400GB/s memory bandwidth
  • Hardware-accelerated H.264, HEVC, ProRes and ProRes RAW
  • Video decode engine
  • Two video encode engines
  • Two ProRes encode and decode engines

Now you will note in the M1 Pro chip, it says “Up to 10-core CPU” and “Up to 16-core GPU”. That’s because apple has a 14″ model that has a 8-core CPU and a 14-core GPU. So if you’re in the market for a 14″ model, and if you aren’t a power user, or you need to save some cash, that’s the one you should get. Otherwise, I would suggest that you skip that model and go straight to the 10-core CPU model with 16-GPU cores.

Another thing to point out is that these new MacBook Pros max out at 64 GB of RAM. But only if you go with the M1 Max processor. For most people 16GB or 32GB of RAM will do you fine. One thing that is super important to point out is that you cannot upgrade the RAM later. So if you think you need 16GB of RAM, consider getting 32GB. If you think you need 32GB, consider getting 64GB. It’s better to have too much RAM rather than outgrow the machine because you don’t have enough RAM.

Finally, the M1 Max processor is clearly aimed at people who edit video or do GPU intensive tasks. I say that because it has the following:

  • Up to 32-core GPU
  • Two video encode engines
  • Two ProRes encode and decode engines

That will make editing ProRes video in an app like Final Cut insanely fast. If that’s not you, stick with the M1 Pro processor.

Other than that, the rest of it is the same. Mostly. Here’s what is the same, starting with the display:

  • mini-LED backlit display with ProMotion 120Hz and HDR support
  • Up to 1000 nits sustained (full-screen) brightness, 1600 nits peak brightness
  • Wide colour (P3)
  • True Tone
  • 1080p FaceTime HD camera with advanced image signal processor with computational video

So when it comes to the display, you’re really only choosing between 14″ and 16″ screen sizes. You get the same speakers, ports, speakers, 802.11 ax/WiFi-6, and the rest of it. Where you start to see a difference is the battery and power adapters. For the 14″:

  • 70-watt-hour lithium-polymer battery
  • 67W USB-C Power Adapter (included with M1 Pro with 8-core CPU) 
  • 96W USB-C Power Adapter (included with M1 Pro with 10-core CPU or M1 Max, configurable with M1 Pro with 8-core CPU)

For the 16″:

  • 100-watt-hour lithium-polymer battery
  • 140W USB-C Power Adapter

You can’t really do much of anything in terms of configuring what power adapter and battery you get. The choice of CPU governs what battery and power adapter that you get.

Now let’s talk about storage. You can configure these MacBook Pros with up to 8TB of storage. That’s total overkill. Most people don’t need anything more than 2TB, typically 1TB.

Apple included an HDMI port. But it is an HDMI 2.0 port instead of an HDMI 2.1 port. Why does that matter? The HDMI 2.0 port supports a single 4K display with a resolution of up to 60Hz. HDMI 2.1 technology would have allowed the port to run a 4K display with a 120Hz refresh rate. But Apple didn’t go there for reasons I don’t understand. Also you should note the display connectivity options depending on which processor you go with:

  • You can connect up to three Pro Display XDRs and a 4K TV with the M1 Max.
  • You can connect up to two Pro Display XDRs with the M1 Pro.

If you need the ability to connect a lot of monitors, choose accordingly. And plan on using Thunderbolt for your advanced display needs.

Finally, if you look at the weight of the 16″ MacBook Pro, the weight of the M1 Pro model is 0.1 Kg lighter than the weight of the M1 Max model. No clue why that is. I am guessing that it is related to thermals in the form of different fans for the M1 Max model. But I guess I’ll have to wait until iFixit takes them apart to find out.

So, I did order a MacBook Pro seconds after the Apple Event ended on Monday. Here’s what I got:

  • 16” MacBook Pro
  • M1 Pro with 10-core CPU, 16-core GPU, 16-core Neural Engine
  • 1TB storage
  • 32GB of RAM

Why did I go with this configuration? There’s a handful of reasons:

  • Both the M1 Pro and the M1 Max utterly destroy almost anything with an Intel processor when it comes to speed while sucking less power. But I don’t have a reason to use the power that the M1 Max is capable of. So I went with the M1 Pro as it will run circles around the Intel based MacBook Pro that I presently own.
  • I have 512 GB of storage in my current MacBook Pro. And I have only filled 55% of it. So 1TB is more than enough for me.
  • I have 16GB of RAM in my current MacBook Pro. Thus 32GB of RAM is more than enough for me.
  • I only connect one display/projector to my MacBook.

In short, it’s still a significant jump in performance despite the fact that I didn’t get the fully spec’ed model.

Hopefully this article helps you out. If you still need help choosing a new MacBook Pro, drop me a note or leave a comment and I will help you out as best as I can.

UPDATE: Reading the fine print some more, I noted that to use the fast charge feature that charges the battery to 50% in 30 minutes REQUIRES a 96W or higher charger. So if you want that feature on the 14″ MacBook Pro, you either need to upgrade to the 96W charger, or you need to not buy the base model, or you need to upgrade the RAM, CPU, or SSD and you will get the 96W charger thrown into the deal.

Trend Micro Expands Its Investments In Cloud Security For Canadian Businesses

Posted in Commentary with tags on October 18, 2021 by itnerd

Trend Micro today announced the launch of its Trend Micro Cloud One regional data center service hosted in the Amazon Web Services (AWS) Canada (Central) Region, to uphold data residency, safeguard data privacy and reduce business risk for Canadian organizations.

Owing to the agility that cloud brings, organizations are increasingly embracing it, making SaaS the preferred model for security solutions delivery. However, many customers face regulatory or policy-based concerns around the location of SaaS platforms or data storage for their workloads. Having a cloud data center within the country improves compliance and reduces friction for guidance and reporting requirements.

Trend Micro Cloud One is the company’s flagship cloud security services platform for protecting servers, resources, and applications in the cloud. The general availability announcement of the data center service in AWS Canada is part of Trend Micro’s commitment to supporting the business priorities of their customers.

Trend Micro chooses October as the launch date to raise awareness for Cybersecurity Awareness Month. The all-in-one platform approach provides automated protection, which will protect Trend Micro’s customers throughout their cloud journey. Data residency and sovereignty concerns are no longer a roadblock for enterprises to leverage the company’s market-leading platform.  

Intuit QuickBooks Canada Survey Reveals More Than Half Canadian SMBs Facing Up To $50k In Late Payments

Posted in Commentary with tags on October 18, 2021 by itnerd

Canadian small businesses have learned many lessons throughout the pandemic. They’ve faced a myriad of challenges, and getting people to pay up has been especially difficult. 3 in 5 Canadian small businesses are experiencing up to $50,000 in late payments today causing many to cut back on resources and supplies — or worse — lay off employees.

In support of Small Business Month, Intuit QuickBooks Canada today released the results of a recent pulse-check survey, capturing key findings from 583 small business owners across the product and service industries in Canada to understand the top lessons learned to better understand how they have pivoted, optimized and overcame challenges over the past year and a half.

Survey findings on Canadian small business owners include: 

Identifying COVID-19 Challenges:

  • Nearly 1 in 5 (17%) Canadian small businesses decreased their revenue by more than 20% during the pandemic.
  • Over half (61%) of Canadian small businesses are experiencing up to $50,000 in outstanding payments today 
    • Late payments have a domino effect on small businesses: Nearly 2 in 5 (37%) Canadian small business owners have had to scale back on resources and supplies because of late payments.
    • 1 in 5 (20%) of Canadian small business owners have had to lay off employees because of late payments.

Identifying COVID-19 Lessons:

  • Small businesses have noted the top lessons learned include building an emergency cash fund (28%), creating a flexible work environment for employees (16%)
  • Only 26% of small businesses across Canada identified that transitioning their business onlineduring the pandemic was a primary focus. 
  • Over 1 in 4 (27%) Canadian small business owners say technology that automates customer reminders, as well as technology that enables payment directly through their digital invoice, would make collecting payments easier and faster.

It’s been challenging to make and receive payments of any kind throughout the pandemic. But the domino effect on SMBs puts their ability to operate and provide jobs at risk. Entrepreneurs need intuitive tools to help them get paid more quickly and easily. Intuit QuickBooks helps small businesses get invoices paid the easily with online payments, real-time tracking, and paper-free from start to finish.

SMBs need you: The pandemic is not over as small businesses continue to recover, and SMBs are looking to consumers for help. Nearly half (46%) of SMBs say the top ways to show your support as a customer is by shopping online and sharing and reposting business information on personal social media platforms using the hashtag #SmallBizLessons.

About the Survey:

The study, conducted leveraging Pollfish on behalf of Intuit QuickBooks Canada, was completed by 583 Canadians. All 583 Canadians identified as small business owners. Of the total, 262 identified as having 1-15 employees and 321 identified as the sole proprietor. The estimated margin of error for the total sample is +/- 5 percent at a 95 percent confidence level. The study took place online on September 22, 2021.

Sinclair Broadcasting Group Pwned By Ransomware

Posted in Commentary with tags on October 18, 2021 by itnerd

Another day, another company pwned. This time it is the largest TV station operator in the U.S. Sinclair Broadcasting Group has been pwned via a ransomware attack this weekend:

“[T]he event has caused — and may continue to cause — disruption to parts of the company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers,” the company said in a press release posted to the Securities and Exchange Commission website. 

Sinclair began investigating the incident on Saturday, and on Sunday identified “certain servers and workstations in its environment were encrypted with ransomware,” the statement said.

The unidentified hackers also stole data from Sinclair’s network; the company said it was working to determine what information was taken. Sinclair said it had notified law enforcement and US government agencies, and that it was working to “restore operations quickly and securely.”

Well, that’s not a good look for Sinclair. Justin Fier, Director of Cyber Intelligence and Analytics, Darktrace had this to say:

“As shown by the attack on the Sinclair Broadcast Group, holidays or weekends are prime periods for attackers to launch these kinds of attacks. We see ransomware attacks rising across all industry sectors but for broadcasters and media these attacks don’t only disrupt operations but potentially give bad actors a platform to distribute disinformation on a global stage. Often, attackers will use noisy attacks like ransomware to distract security personnel while they conduct more sophisticated, subtle attacks in the background. In the case of the Sinclair breach, simply having access to thebroadcast network may itself be more valuable for attackers than a ransomware payment. 

Despite recent attempts from policy makers – from US sanctions against crypto exchanges to the Europol takedown of ransomware operators in the Ukraine – ransomware is still going strong. The reality is that organization’s backs are against the wall – it is clear that the security team at Sinclair have been caught off guard and outpaced and now must decide between system downtime or paying a hefty ransom. Organizations need a third way out and the only way they can achieve that is by having machines fight back against threats before they are left asking “to pay or not to pay?”.”

Seeing as Sinclair stock is down 4% on the news, it illustrates that the damage from an attack like this goes beyond trying to get back online. Thus making Mr. Fier’s advice even more important.

You CAN Add The Official Ontario COVID-19 Vaccination QR Code To Apple Wallet Right Now… Here’s How

Posted in Commentary on October 18, 2021 by itnerd

Yesterday, I posted this story on how to download your official Ontario COVID-19 Vaccination QR code to your Android or iOS device. In the case of the latter, you can store this on vaccine record on your iPhone in Apple Health. But you couldn’t store the QR code in Apple Health. In that report I said this:

When iOS 15.1 is released (likely in the next week or two), there will also be the ability to add the QR code to Apple Wallet for easier access.

Well, as seem to be a trend, a group of volunteers have fixed that. Because later that day I was directed to this website which allows you to create a QR code entry for Apple Wallet. The process is insanely easy as long as you have downloaded the PDF that you got from this website that has your QR code on it. Now if this group sounds familiar, they should. This was the same group who created an QR code generator with a verification system a few weeks ago. Their original project was retired and replaced with this effort. As a result, this will fill the gap until iOS 15.1 is released to the public. Now in case Android users are wondering why they can’t do the same thing, here’s what this group said:

We are awaiting Google Pay COVID Card API Access from Google at this time.

Google might want to get on that as I tested this out and it worked perfectly. By that I mean that I was able to get the QR code created and into both my Apple Watch and iPhone. I was then able to use the Verify Ontario app to verify that the QR code was authentic.

One final thing, this website generates QR codes for Apple Wallet for the following jurisdictions:

  • Ontario
  • British Columbia
  • Québec, Alberta
  • Nova Scotia
  • Saskatchewan
  • Yukon
  • Northwest Territories
  • California
  • New York
  • Louisiana
  • New Jersey
  • Hawaii
  • Virginia
  • Utah

Hopefully they support more places and Google gets on board with this as I am sure Android users could use this functionality.

UPDATE: @TheDanLevy sent this in via Twitter:

This is a pretty good hack to give you access to your vaccine QR code on your iOS device. In my case, I want it on all my devices. As in both my Apple Watch and iPhone as often travel with just the Apple Watch. Thus the method that my story refers to is of more value to me.

As for the comment about using a random third party site, that’s a fair point and one worth speaking about. The site has a FAQ which says this:

The thing is, you don’t put something like this in there unless you are actually doing what it says. And more importantly, you’re expecting to be called on it by say the Privacy Commissioner Of Ontario. Thus I have some degree of confidence in this site, but everyone must weigh their own level of comfort and risk and choose the option that matches that.

Ontario Releases Official COVID-19 Vaccine QR Codes… Here’s How You Can Get Yours, And What Happens When A Business Scans Your QR Code

Posted in Commentary on October 17, 2021 by itnerd

On Friday, Ontario released their official QR code system to validate that you have had your COVID-19 vaccine so that you can enter certain venues. Specifically:

  • Restaurants and bars (excluding outdoor patios, as well as delivery and takeout)
  • Nightclubs (including outdoor areas of the establishment)
  • Meeting and event spaces, such as banquet halls and conference/convention centres
  • Facilities used for sports and fitness activities and personal fitness training, such as gyms, fitness and recreational facilities with the exception of youth recreational sport
  • Sporting events
  • Casinos, bingo halls and gaming establishments
  • Concerts, music festivals, theaters and cinemas
  • Strip clubs, bathhouses and sex clubs
  • Racing venues (e.g., horse racing)

The QR code issued by Ontario adheres to SMART Health Card QR code standards, which means that this code can be read by BC, Quebec, and the Yukon along with other territories, states, and countries that use this standard.

A business can scan the QR code using the Verify Ontario app and verify that you are eligible to enter the above premises. You will need another piece of ID for the business verify that you are the person that the QR code says that you are. More on how that works in a bit.

Now you can get your QR code from this website as long as you have your green health card handy. Also, it has to be at least 14 days after your second COVID-19 shot before you try to download your QR code. Now during the opening weekend, the Ontario government is restricting access to make sure that the servers don’t melt based on your birth month:

  • January to April: October 15
  • May to August: October 16
  • September to December: October 17

As of October 18 at 6:00 a.m., the enhanced vaccine certificates will be available for all vaccinated Ontarians to download.

I got my QR code in the form of a PDF on Friday and it was very easy. And because I have an iPhone, I can do a couple of things:

  • From the portal, tap the PDF and a blue “Open in” link will appear. Click to open a menu that will allow you to email or download the PDF to your device. I stored the PDF in iCloud Drive so that I have it handy if I need to on all my Apple devices, as well as being backed up to the cloud.
  • You can add the QR code to Apple Health simply by pointing your camera at the QR code and clicking on the word “Health” that appears at the bottom of the QR code. That will store it on all your Apple devices for easy access. This requires iOS 15 to work.
  • When iOS 15.1 is released (likely in the next week or two), there will also be the ability to add the QR code to Apple Wallet for easier access.

As for Android users, From the download portal, tap the three vertical dots icon on the top-right and then tap “Save.” My suggestion would be to save it to Google Drive so that it is available on your phone and is basically backed up to the cloud.

The province says the enhanced vaccine certificate can be printed or downloaded to a phone as businesses must accept both electronic and paper versions. And businesses need to accept both the original vaccine receipts and the QR code. But my suspicion is that the province will eventually change that so that only QR codes would be acceptable by businesses as it is far more secure. Or put another way, it is far less likely to be altered by someone who isn’t vaccinated who just wants to get into a movie or a bar.

Speaking of businesses, when they scan your QR code with the Verify Ontario app, here’s what they will see:

This indicates that the QR code is valid and that the QR code needs to be confirmed with a valid piece of ID. Assuming the ID is on point, entry onto the premises will be granted.

This indicates that there is some sort of issue with the QR code. It may be that the code was issued by a province, state or territory that doesn’t adhere to SMART Health Card QR code standards, or the QR code was made using another method like this one. Entry onto the premises may not be granted in the event that the person doesn’t have a way to prove that they are fully vaccinated.

In this case, the visitor doesn’t meet the eligibility requirements to enter the premises. As in they might not be fully vaccinated, or they might not be 14 days beyond their second dose. Or the certificate might be outright invalid. Entry onto the premises may not be granted.

I tested this app and I can confirm that it does not transmit or store data. The only personal information that it displays is your name and birthdate.

Finally, I suspect the list of premises may be expanded as time goes on, or businesses who are not on the list may start using this app to verify who should enter their premises. Thus it would be wise to have your QR code on hand at all times just in case.

I would be interested in hearing your experience in downloading your QR code and using it. Was it easy to download? Did you have any issue using it at a venue? Leave a comment and share your experience.

UPDATE: Some iOS users have asked me about how the iPhone stores the information that it gets from the QR code into Apple Health. In short, the QR code is a Smart Health Card. When you take the picture of the QR code with your iPhone, Apple Health verifies and stores the entire “verifiable health record” that is contained inside the QR code. Thus the record in Apple Health is an exact digital copy of your vaccination records that is signed with Ontario’s public key.

NSA Issues Warning About Wildcard TLS Certificates In Relation To An Exploit Called ALPACA

Posted in Commentary with tags on October 16, 2021 by itnerd

The U.S. National Security Agency (NSA) recently put out a warning for organizations to avoid the dangers of Wildcard TLS certificates in relation to an exploit called the ALPACA.  According to the statement:

A new style of web application exploitation, dubbed “ALPACA,” increases the risk from using broadly scoped wildcard certificates to verify server identities during the Transport Layer Security (TLS) handshake. Application Layer Protocols Allowing Cross-Protocol Attack (ALPACA) is a technique used to exploit hardened web applications through non- HTTP (Hypertext Transfer Protocol) services secured using the same or a similar TLS certificate. This Cybersecurity Information Sheet details the risks from wildcard certificates and ALPACA, and provides mitigations for both.

Administrators should assess their environments to ensure that their certificate usage, especially the use of wildcard certificates, does not create unmitigated risks, and in particular, that their organizations’ web servers are not vulnerable to ALPACA techniques.

Chris Hickman, chief security officer at Keyfactor had this to say:

“Using wildcard certs is like issuing a driver’s license to an address rather than a person.  It assumes everyone at the address meets the same criteria of identification.

A single certificate should not be used to represent multiple machines or endpoints. While having unique certs for each TLS/SSL endpoint allows for the orderly and unique identification of each asset, it requires comprehensive and automated management of the certificates in order to scale.

Wildcard certificates can be very helpful for organizations seeking to secure a number of subdomains, but their use creates significant security risks since the same private key is used across dispersed systems, increasing the risk of an organization-wide compromise.

Whether you are using wildcard certificates or not, ensure that you have visibility into every certificate your organization possesses and establish processes to renew or replace them. Except for limiting the use of wildcard certificates in your organization, here is what you must do to ensure an effective certificate lifecycle management:

  • Keep an accurate and up-to-date inventory of certificates in your environment, documenting key length, hash algorithm, expiry, locations, and the certificate owner.
  • Ensure that private keys are stored and protected according to industry’s best practices (i.e., using a certified HSM).
  • Automate certificate renewal, revocation, and provisioning processes to prevent unexpected expirations and outages.”

I am personally evaluating both my email servers to see if they are affected by this as I use wildcard certificates to secure them. Even if I am not affected, I will be re-evaluating if I should be using wildcard certificates going forward.

Infographic: Small & Medium Business Trends Report

Posted in Commentary with tags on October 15, 2021 by itnerd

Salesforce’s annual Small Business Trends report with Canadian-specific data is out and it illustrates how small and medium-sized businesses navigated through the last year. They are embracing a digital-first world and are confident in future business success.

For instance, the past 18 months accelerated a number of innovations from SMB owners to digitize. Salesforce’s report found that:

  •  72% of SMBs believe operational shifts they’ve made to business operations over the past year will benefit their business long-term; 
  • 81% of SMBs plan to offer contactless services permanently, such as secure payments (51%), digital customer service (42%) and Ecommerce (35%); and 
  • 90% of SMBs have moved a portion of their operations online in the past year.

Source: Salesforce