Archive for the Commentary Category

Australia Passes A New Encryption Law That Qualifies As The Worst Idea Ever

Posted in Commentary with tags on December 7, 2018 by itnerd

Australia has passed a new encryption law which the folks down under claim is essential for national security and an important part of law enforcement efforts in fighting terrorism. Essentially, the legislation allows for law enforcement and select government agencies to ask for three different levels of assistance from technology companies in accessing encrypted messages. CNET details those three levels:

  • Technical assistance request: A notice to provide “voluntary assistance” to law enforcement for “safeguarding of national security and the enforcement of the law.”
  • Technical assistance notice: A notice requiring tech companies to offer decryption “they are already capable of providing that is reasonable, proportionate, practicable and technically feasible” where the company already has the “existing means” to decrypt communications (e.g. where messages aren’t end-to-end encrypted).
  • Technical capability notice: A notice issued by the attorney general, requiring tech companies to “build a new capability” to decrypt communications for law enforcement. The bill stipulates this can’t include capabilities that “remove electronic protection, such as encryption.”

This is the dumbest idea ever on a number of levels. First, it sets a dangerous precedent that other countries might be stupid enough to follow. Second, there is almost zero chance that an Apple or Google will willingly go along with this. Finally, you have to trust Australia can keep secrets as what they want is a backdoor. The problem with that is that no government in the history of the universe can keep a secret and you can bet that whatever backdoor access they want will either fall into the wrong hands or get used for something that it was never intended for. That of course is bad.

Australia seriously needs to rethink this because they’re really out to lunch here.

Advertisements

Pulse Secure Expands Zero Trust Security For IoT

Posted in Commentary with tags on December 6, 2018 by itnerd

Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, today announced the release of Pulse Policy Secure (PPS) 9.0R3 to extend its Zero Trust Security model to IIoT devices and smart factories. The new version enables factories to streamline machinery repairs and diminish costly production downtime through IT-managed secure access. It also secures networks by expanding its behavioral analytics to IoT devices, detecting anomalies and preventing their compromise.

 

Pulse Policy Secure (PPS) is an integral part of Pulse Secure’s combined VPN and NAC solution that provides corporate networks with Zero Trust Security through visibility, “comply to connect” policy enforcement and security orchestration with popular network and security infrastructure. PPS dynamically profiles the network to discover, classify and apply policy to IoT devices, and includes a built-in IoT device identification library.  The solution also integrates with Next Generation Firewall (NGFW) solutions to provide identity and device security state data, as well as to fortify micro-segmentation to isolate and manage IoT devices on enterprises networks.

PPS 9.0 extends the Zero Trust Security model to IIoT devices used in smart factories and buildings, with blended IT and OT environments. It automatically discovers and profiles IIoT systems, such as factory floor SCADAs, PLCs and HMIs, or office building HVAC systems, providing dynamic visibility and securing them by enforcing policies for local and remote access by authorized users and contractors. PPS 9.0 also automatically provisions IIoT devices to next-generation firewalls (NGFWs) to facilitate remote access without provisioning overhead.

The latest release of PPS also provides sophisticated behavioral analytics that alert security teams of anomalous IoT device behavior and automatically requires added factors of authentication. PPS 9.0 builds baseline behavior profiles for managed and unmanaged IoT devices utilizing information correlated from multiple sources such as NetFlow, user and device data. With these profiles, the platform detects anomalous activity, malware infections and domain generation attacks, allowing security teams to be more responsive to threats and take preemptive measures before attacks succeed.

The new PPS 9.0 IoT support also provides practical relief for the frequent and costly issue of factory floor equipment outages. Aberdeen recently reported that 82 percent of companies reported unplanned downtime in the past three years, which can cost a company as much as $260,000 an hour.

The resulting downtime breaks production and lowers profit, because factory floor repairs often take days when security requirements mandate that service technicians physically visit the factory to diagnose and repair the problem. The latest PPS release works seamlessly with Pulse Connect Secure to solve the problem in an innovative way. The combined NAC and VPN approach enables IT teams to grant remote secure access—authenticated and encrypted—to support contractors for expedited repair and return to service of factory IIoT systems for greater uptime and productivity. IT teams ensure security with remote zero-trust access via auto-provisioned NGFWs, and by enforcing security policies that authenticate contractors based on their technician role, endpoint device status and authorization to work on the targeted IIoT device.

Availability

The latest features of Pulse Policy Secure 9.0 are available on physical or virtual Pulse Secure Appliances (PSA). Existing customers with PSA appliances under PPS subscription or software maintenance can readily upgrade at no charge. PPS on a virtual appliance with a three-year subscription starts at $31,000 MSRP for 500 concurrent connections. Pulse Connect Secure customers can cost-effectively extend their VPN investment to include network visibility, access control and mobile security with the Pulse Access Suite.

Those interested in learning more on the topic are invited to register for the January 8th, 1 p.m. EST webinar, “Zero Trust Secure Success for the Industrial Internet of Things.”

Also available is a  blog, “Pulse Secure Access for Industrial Internet of Things (IIoT),” authored by James Tolosa, senior product marketing manager at Pulse Secure.

 

Guest Post: SAP Concur Says That Another weapon For The War On Talent Is Workplace Technology

Posted in Commentary with tags on December 6, 2018 by itnerd

Companies are struggling to retain their talent—21 per cent of millennials changed jobs within the last year. However, 46 per cent of millennials will stay at their current organization if there’s advanced technologies incorporated into their workday.

By leveraging technology unique to business functions, companies can improve employee satisfaction and productivity through:

  • Automating basic processes – No one wants to spend their time on menial and repetitive tasks. Automation frees employees’ time to focus on career growth activities and strategic functions.
  • Going mobile – Employers should choose mobile-friendly solutions and look for apps that complete several business tasks in one place. This keeps employees from feeling overwhelmed and helps them stay efficient and organized.
  • Meeting employees where they’re already working – Employees spend much of their workday in collaboration apps and email, so companies should deploy APIs that let employees do more in these environments.
  • Not underestimating user satisfaction – Consumers have grown accustomed to simple and personalized technologies for almost everything they do—they expect the same in the workplace.

SAP Concur is helping companies win the war on talent by providing streamlined travel and expense management solutions with the same conveniences from technology we’ve become used to in our personal lives. With artificial intelligence allowing employees to simply snap a photo of their receipts and letting the system convert it into an expense report line item, employees don’t have to worry about keeping track of all their crumpled-up receipts in their wallets. Similarly, Concur Travel makes business travel planning effortless with the flexibility to manage itineraries on the go and offering user-friendly interfaces and an easy-to-use mobile app.

When businesses incorporate advanced technologies that bring modern-day conveniences to the workplace, employees are more productive and satisfied.

Dell Technologies Says 2019 Will Be The Year Of The Data-Driven Digital Ecosystem

Posted in Commentary with tags on December 6, 2018 by itnerd

Society is fascinated by what’s in store for the future of technology, and Dell Technologies predicts that this will be the year of the data-driven ecosystem, bringing us one step closer to where we’ll be in the year 2030, the next era of Human-Machine Partnerships, and a society where we will be immersed in smart living, intelligent work, and a frictionless economy.

This means virtual assistance and virtual intelligence will be more immersed in our work and life than ever before; 5G paving the way for micro-hubs to line our streets, and the opportunity for real-time insights; and multi-cloud environments driving automation, AI and ML processing into high gear to name a few.

2019 Tech Predictions:

  1. Virtual assistance and virtual intelligence will be more immersed in our work and life than ever before
  2. The spark of the next gold rush in tech investments, spurred by the greater value to be derived from data
  3. 5G will pave the way for micro-hubs to line our streets, and the opportunity for real-time insights
  4. Multi-cloud environments will drive automation, AI and ML processing into high gear
  5. Move over Millennials: Make room in the workforce for Gen Z
  6. Greater investments in intelligent cybersecurity that spans edge to core to cloud
  7. Stronger, smarter and greener supply chains

What are your thoughts on Dell’s predictions? Please leave a comment and let us know what you think.

Guest Post: NordVPN Offers Advice on What Users Should Do When It Comes To The Quora Hack

Posted in Commentary with tags on December 6, 2018 by itnerd

Quora, the world’s most popular question-and-answer social media site, was hacked. This Monday, Quora confirmed that unknown hackers had gained access to the account information of about 100 million of its users.

“This year has once again proved that even giant companies are not doing enough to secure sensitive user data. In September, the personal details of about 50 million Facebook users were exposed. Marriott, world’s biggest hotel chain, has just confirmed that the data of half a billion guests had been stolen,” says Ruby Gonzalez, Head of Communications at NordVPN. “We urge all Internet users to share as little as possible online and to use a VPN to encrypt their online activities.”

The personal user data compromised in the Quora breach includes the following:

  • account information (names, emails, hashed passwords, and data imported from linked social networks like Twitter and Facebook);
  • public actions (questions, answers, comments, and upvotes);
  • non-public content (answer requests, downvotes, and direct messages).

What to do if your account gets compromised

If your account has been hacked or compromised in a data breach, you should act quickly, before hackers can get their hands on other important information. NordVPN shares 5 most essential steps to keep yourself safer.

  1. Get back into your account

The first important step for you to do is to log into your account and change password immediately. It shouldn’t be ‘password’ or ‘imthekingoftheworld.’ Your password needs to be strong. Try this trick: think of a statement, for example, “I love to go for a walk every evening.” Then, turn it into 1l2g4awEVe (replacing I with 1, to with 2, for with 4, and every with EV).

If possible, use two-step authentication and get a password manager like LastPass or 1Password. Most importantly, never reuse the same password for all of your accounts.

  1. Take care of your other accounts

If you used the same or similar password for more than one account, change it on all other key platforms and accounts immediately. That includes your email, Facebook, Amazon, Twitter, LinkedIn, and other. Even though hackers, most probably, got hold of your hashed password, there’s still a chance they can decrypt it and get the real password.

Check haveibeenpwned.com to see if you have an account that has been compromised in a data breach before.

  1. Update your settings and available data

Go through the privacy settings and data you provide both on the breached platform and all the other important platforms you use. Make sure you share only the required information and remove what’s not necessary, for example, your phone number and favorite locations. This way, even if your account gets hacked, it will be of less value for hackers.

Common advice is to share as little as possible online. If you are not intent on getting worldwide attention, change your account settings from ‘Public’ to ‘Private.’

  1. Revoke access to third-party apps

In Quora’s case for user convenience, there was a possibility to import some data from linked social networks like Twitter and Facebook. And it seems that hackers got hold of this information as well. Check, whether you permitted access to view one of those accounts.

We recommend reviewing which of your accounts are linked and rethink if you really need that. Revoke access to applications that are no longer in use, as well as suspicious ones.

  1. Beware of phishing scams

Since hackers may have detailed profile information of 100 million users on Quora, we are likely to see more personalized and sophisticated phishing scams in the near future. Phishing scams are very effective, as criminals usually use a piece of real private information.

You should be careful if you get seemingly legitimate, personalized messages from banks or any other familiar organizations. That is especially valid if they ask for more personal details, fund transfers or to click on any link. For additional safety, use a VPN, like NordVPN. Using a VPN when browsing can help to protect you against malicious websites and phishing sites.

 

Are Rogers And Fido Rolling Out eSIM Support?

Posted in Commentary with tags , on December 5, 2018 by itnerd

It seems that Rogers and their flanker brand Fido might be on the verge something that for a change will make their users happy. According to Apple’s website, they now support eSIM. Here’s some snapshots proving that:

Rogers esim

Fido

Weirdly, this other document doesn’t show that either carrier has eSIM support. I’m guessing that it has to be updated. Or maybe someone jumped the gun. I checked both of Rogers Twitter feeds and no mention of eSIM support there. Ditto for Fido. But it does make sense as one of the things that iOS 12.1.1 which was released today did was add eSIM support for more carriers. All Rogers and Fido customers need is some sort of official statement and instructions on how to make this work.

Watch this space for updates.

UPDATE: This is what Rogers is saying on Twitter when they are asked about eSIM support:

This despite the fact that the Apple website page that I referenced at the start of the article has not changed two days after this information was posted. You would think that if Apple screwed up, they would have fixed it by now. Thus one has to assume that Apple is sharing information that to them is correct. What further highlights this disconnect between Rogers/Fido and Apple is that this Apple webpage has been updated to match the other web page that I referenced at the start of this article. Thus you have to wonder what the deal is with Rogers giving responses like the Tweet above seeing as Apple is singing a different tune.

I sense another Rogers PR gong show in the making.

Internal Facebook Emails Published By UK Parliament Detail Use Of Its Free iOS ‘Spyware’ VPN…. Time To #DeleteFacebook

Posted in Commentary with tags on December 5, 2018 by itnerd

I bet that Mark Zuckerberg wishes that he had accepted that invite from the UK government among others right about now. I say that because The UK parliament has today publicly shared secret internal Facebook emails that cover a wide-range of the company’s tactics related to its free iOS VPN app that was used as spyware, recording users’ call and text message history, and much more. You might remember that the VPN app in question created all sorts of negative noise for Facebook before it was removed from the App Store earlier this year. Bloomberg has the details on this bombshell:

The documents, which had been sealed by a California court, led lawmakers to conclude that Facebook undertook deals with third party apps that continued to allow access to personal data.

Damian Collins, head of the committee, added that Facebook shut off access to data required by competing apps, conducted global surveys of the usage of mobile apps by customers possibly without their knowledge, and that a change to Facebook’s Android app policy that resulted in call and message data being recorded was deliberately made difficult for users to know about.

And…

Collins said last week that he would release the emails and that he was free under U.K. law to do so. He’d obtained the documents after compelling the founder of U.S. software company Six4Three to hand them over during a business trip to London.

The full data dump can be found here. It is very much worth your time to look at.

If it wasn’t clear before, it should be absolutely crystal clear now that when it comes to Facebook, not only are you the product, but it can’t be trusted to manage your data in a responsible manner. Thus if you really care about your privacy, you need to #DeleteFacebook and do so now. There is nothing to be gained by being on that platform any longer.