Archive for the Commentary Category

More Details On The Jeff Bezos Phone Hack Emerge…. Starting With The Fact That It Was An iPhone X That Was Hacked

Posted in Commentary with tags , on January 23, 2020 by itnerd

Yesterday, I wrote about the fact that Jeff Bezos had his phone hacked by the Saudis. Though they deny that it was responsible for the hack. And that massive amounts of data was downloaded. Today more details have come out regarding this hack.

  • Yesterday it wasn’t clear what phone he was using. We now know via the New York Times that it was an iPhone X.
  • This hack apparently led to a blackmail attempt of sorts from America Media Inc who also owns the National Enquirer as what was taken was apparently “embarrasing” texts and photos. That in turn led to the famous “No thank you, Mr Pecker” Medium post.

Now when I started writing this story, I thought all of this sounded familiar. And I was right when I started to look back through the blog. The attack vector, and the type of the attack is very similar to an attack on a human rights activist back in 2016. The source of the attack was malware provided by a shadowy company called NSO who is known to sell their malware to governments who don’t exactly have the best human rights records. And at the time Apple released an emergency patch to iOS 9 to close the holes that were used in that incident. Fast forward to today where the UN Report that led to me writing yesterday’s story also points to NSO:

The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials. This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.

And to add to this, Facebook who owns WhatsApp fixed an issue that fits this attack vector almost a year ago. And the thought was the NSO group was behind that attack.

Now the question is how did we get to where we are now? Well, this is the theory that is floating around if you accept that the Saudis are behind this is a follows:

  • Just before the hack, The Washington Post, which Jeff Bezos owns, was investigating American Media, Inc and it’s role in helping President Donald Trump silence women he had affairs with.
  • The Washington Post also had writing for them a person named Jamal Khashoggi. He was a vocal critic of the Saudi government and was murdered because of that. And a lot of the negative things that he had to say about the Saudi government ended up in the Washington Post
  • The Saudis were likely not happy about the Washington Post reporting. And they have a bit of a reputation of going after people that they perceive as threats in a variety of ways. Thus they hatched this scheme to use the NSO malware to get something on Bezos. And hit the jackpot with whatever “embarrassing texts and photos” that they got off the phone. Whatever “embarrassing” items they got was then turned over to American Media, Inc to try and punish Bezos for the coverage that they didn’t like. American Media in turn tried to use this “embarrassing” info to shut down the investigation into them helping President Trump. Except that it backfired on them when Bezos went public on Medium.

Interesting theory. But what are needed are facts. Only a broader investigation can not only separate fact from fiction, but it should be able to follow the facts to nail down the parties responsible and hold them accountable in any and every way possible. Clearly this was a very targeted and sophisticated attack. And because of that it is one that cannot go unpunished.

LinkedIn’s Latest Global Talent Trends Report Shows The Latest Overarching Themes In Employee Retention & Recruitment

Posted in Commentary with tags on January 22, 2020 by itnerd

The 2020s will be defined by a human centric approach to business. Empathy is reshaping the way talent is hired and retained, as companies work to understand their people more deeply than ever before in order to better serve them. As the corporate purpose evolves to consider more than just shareholder returns, companies are investing in their employees — not only to attract in-demand candidates, but to retain their workforce amid changing expectations.

This overarching theme can be seen in each of the four trends in LinkedIn’s latest Global Talent Trends report:

  • Employee experience – The emergence of employee experience offers new ways to cater to employees and is being used as a measure to increase retention which is why 84 per cent of companies focus on EX.
  • People analytics – Analytics are factoring into hiring practices, 70% of talent professionals predict people analytics to be a major priority for HR/TA over the next 5 years. Yet, more than half (52%) say they need help putting basic people analytics into practice.
  • Internal recruiting – Internal recruiting is undergoing a revival with a focus on advancing people’s careers from within. HR professionals identified improved retention (84%), productivity (69%), and maintaining institutional knowledge (70%) as key drivers of this increasing importance.
  • The multigenerational workforce – Harnessing the power of age diversity and celebrating everyone’s strengths means companies are seeing more age diversity than ever. Nearly 90% of HR professionals agree that a multigenerational workforce makes for a more successful company.

You can have a look at the report here.

Dell launches the UltraSharp 27 4K PremierColor Monitor in Canada

Posted in Commentary with tags on January 22, 2020 by itnerd

Dell’s UltraSharp 27 4K PremierColor Monitor (UP2720Q) has launched in Canada.

Priced at $2599.91 CAD, it is the newest addition to the UltraSharp family, and is the world’s first 27-inch 4K monitor with built-in colorimeter and Thunderbolt 3 connectivity for content creators who require color critical performance. The Adobe RGB color gamut is fully maximized with precise color and detail, offering 100% Adobe RGB, 98% DCI-P3, and 80% BT2020.

For more details about the product, please visit the blog on this new monitor.

Surprise! Cops Can Already Crack iPhones…. So Why Are The Feds In Need Of Apple’s Help?

Posted in Commentary with tags on January 22, 2020 by itnerd

It appears that contrary to what US President Donald Trump and US Attorney General William Barr say, many police departments across the United States already have the ability to crack mobile devices, including the iPhone. And they have been doing so successfully:

Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones. OneZero obtained documents from law enforcement agencies in New York, California, Florida, Texas, Washington, Colorado, Illinois, Ohio, Michigan, New Mexico, and Massachusetts.

These agencies included district attorneys’ offices, local police departments, and county sheriffs’ offices. The number of offices with access to phone-cracking tools across the country is likely far greater than what OneZero uncovered. Not all agencies responded to OneZero‘s request for documents. Some departments and offices claimed the records were exempt from public release. Others told OneZero they would need several months and thousands of dollars to provide the information.

And what further backs up the fact that the arguments made by Trunp and Barr are totally bogus are the following two examples:

Law enforcement doesn’t need Apple’s help to crack iPhone. Thus the only reason that Trunp and Barr are making a stink about this is that they want backdoors in iOS (and likely other operating systems) so that data from smartphones can be obtained at any time for any reason. And it’s beyond crystal clear that this is the case. Hopefully when Apple CEO Tim Cook meets Trump at Davos this week, he can point out just how misguided this all is. And how stupid he looks by trying to push a narrative that is clearly false.

A Smartphone Belonging To Jeff Bezos Was Pwned By Saudi Hackers Who Extracted Massive Amounts Of Data

Posted in Commentary with tags on January 22, 2020 by itnerd

News is surfacing today that Amazon founder Jeff Bezos had his smartphone pwned by hackers working for the Saudi Crown Prince. Said hackers then pulled a ton of data off of it. And this was done because of the coverage that the Washington Post, which Bezos owns, has done on the Saudis. None of which was flattering given that one of the reporters was killed by Saudi agents recently. Here are the details via the Washington Post:

United Nations human rights investigators have concluded that an account belonging to Saudi Crown Prince Mohammed bin Salman sent an infected video to Amazon founder Jeff Bezos, triggering a massive extraction of data from the billionaire’s cell phone.

The report by human rights investigators Agnes Callamard and David Kaye says the forensic evidence found in Bezos’s phone “suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia.”

In a report released Wednesday, Callamard and Kaye called for the United States and other nations to investigate the alleged hacking of Bezos’s phone as part of a larger look at what they called “the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents.”

The UN officials’ report was based on a forensic investigation of Bezos’s phone commissioned by the Amazon founder, who also owns The Washington Post. Callamard and Kaye said the crown prince’s involvement in the alleged hack was part of “a pattern of targeted surveillance of perceived opponents” by Saudi authorities and was “relevant to… ongoing evaluation of claims about the Crown Prince’s involvement in the 2018 murder of Saudi and Washington Post journalist Jamal Khashoggi.”

The 2018 hack of Bezos’s phone took place five months before Khashoggi, a Saudi dissident who was under contract with The Post’s editorial department to write opinion columns, was murdered at the Saudi consulate in Istanbul. Five Saudi nationals were sentenced to death last month in connection with the Khashoggi killing after a secret trial in Saudi Arabia.

It isn’t mentioned if Bezos is on Team Android or on Team iPhone, but this whole episode does illustrate the risks of attachments that you receive. In any case, the Saudi’s deny this, which I would expect any nation state accused of hacking to do. But unfortunately for the Saudis this isn’t going to go away as the UN is calling for an investigation and one suspects that more details will come out about this hack that they will not like.

Metrolinx #Fails At Using Social Media To Convince Presto Card Users That Nothing Is Wrong With The Presto Card

Posted in Commentary with tags on January 22, 2020 by itnerd

You might recall that I have written about the Presto Card in the past. This is a transit payment system for the Greater Toronto and Ottawa areas that is similar to London’s Oyster card. And it’s a transit payment system that has a reputation for being incredibly unreliable. The latest example of this popped up today with this story of a woman who loaded her Presto card, which then malfunctioned as she boarded a commuter train, and she was slapped with a $240 fine when she was deemed to be a fare evader. In that story, a Metrolinx spokesperson said this:

Metrolinx said it’s extremely rare for Presto cards to have problems. The company advises riders that because of their zero-tolerance policy, that went into effect in the spring of 2019, if you have trouble paying with your card before boarding the train you should see a customer service agent. 

“You could end up in a situation where you are confronted by a transit safety officer or one of our revenue protection officers and because you won’t have proof of payment and our zero tolerance approach you will likely be ticketed,” Metrolinx media relations spokesperson Matt Llewellyn said.

Cue the blowback. I browsed Twitter and found these examples:

 

I even added my comments into this as my wife has three Presto cards to ensure that she doesn’t get into this situation. That’s right, three of them. More on that in a moment. But first here’s what I posted to Twitter:

So back to why my wife has three Presto Cards for the following reasons:

  • She’s experienced situations where one card is rejected at a Presto terminal. But another card works at the same terminal.
  • One card may need to be reloaded. But it may take a day or sometimes two before that card works properly again after the reloading process if the balance was close to $0 before she reloaded it.
  • The third card is a spare.

Now I rarely take public transit. But I do have a Presto Card and when my wife finds out that I am going to take transit, she will literally force me to take one of her three cards with her because “you need to have an option in case you run into issues with Presto.” And there’s been a couple of times in my few trips on public transit where she’s been right about that. And as you can see from my Tweet above, she’s not the only one who feels that way. Her co-workers do some version of what she does for the same reason. And in talking to people that I know, it’s the same with them. As in they have multiple Presto Cards.

Clearly something is seriously wrong with Presto. Now Metrolinx understandably wants to push back on this, and here’s how they went about it. I got these two Tweets in response to my Tweets:

Here’s the problem. Whomever runs the Twitter account for Metrolinx is copying and pasting some version this response to anyone who has posted something today. To see this in action, simply click this link which will take you to the Metrolinx Twitter account so you can see the repetitive responses in action. This is a #fail because a copy and paste response to people who based on the scale and volume of these Tweets clearly have problems with the product or service that you offer does not say “we hear your frustration, we are sorry and we will do something to fix this.” It instead says that “we want this to go away, so we’ll say something that hopefully will allow that to happen sooner rather than later.” And based on what people on Twitter are coming back with, the rather lame attempt of Metrolinx to make this issue go away is doing next to nothing win over the hearts and minds of its customers. Thus this is a great example of a social media fail of epic proportions.

If I were Metrolinx, I’d do the following:

  1. Stop sending out these copy and paste Tweets immediately.
  2. Acknowledge there are problems with Presto Cards. Because it’s pretty clear that there are problems with these cards, and denying that they exist or is minimal in scope is not working for them. And do it outside of social media.
  3. Apologize for said problem. And do it outside of social media.
  4. Tell Presto Card users in detail what they are going to do to fix it, and when that will happen. Then stick to it. Metrolinx could use social media to provide status updates.

The fact is that the Presto Card does have the potential of being a piece of a larger puzzle to get more people onto public transit. Which will take cars off the road and lower our carbon footprint among other things. But the card’s clear and obvious reliability issues will keep that from happening. And it’s time that Metrolinx step up to the plate and do what I suggested above or something like it. If they don’t, they may find that it may be difficult if not impossible for them to be taken seriously as being able to provide the regions that they cover with transit that is easy to use.

Under Armour Smart Tech Goes Dumb As Company Pulls The Plug On Their Smart Fitness Gear

Posted in Commentary with tags on January 22, 2020 by itnerd

If you use any of Under Armour’s smart fitness gear, it’s about to become dumb as Ars Technica is reporting that the company has pulled the plug on their smart fitness gear.

The company quietly pulled its UA Record app from both Google Play and Apple’s App Store on New Year’s Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31.

Under Armour launched its lineup of connected fitness devices in 2016. The trio of trackers included a wrist-worn activity monitor, a smart scale, and a chest-strap-style heart rate monitor. The scale and wristband retailed at $180 each, with the heart monitor going for $80. Shoppers could buy all three together in a $400 bundle called the UA HealthBox. The end of the road is nigh, it seems, and all three products are about to meet their doom as Under Armour kills off Record for good. Users are instead expected to switch to MapMyFitness, which Under Armour bills as “an even better tracking experience.” The company also set the UA Record Twitter account to private, effectively taking it offline to anyone except the 133 accounts it follows. Current device owners also can’t export all their data. While workout data can be exported and transferred to some other tracking app, Record users cannot capture weight or other historical data to carry forward with them.

Given what has happened here, if I were a Under Armour user, I am not sure I would trust them enough to switch to Map My Fitness. And the fact that you can’t export your data to the app of your choice means that you’re effectively screwed by Under Armour. Add to that the fact that they sprung this on their users effectively in the dead of night will leave many with a bad taste in their mouth. And unlikely to buy anything from the company again.

The fact is that while I am picking on Under Armour here, any smart tech or connected tech can meet the same fate. Thus you have to choose your connected tech carefully, or take a leap of faith when you put down your credit card.