How Well Does PRESTO Support For Apple Watch And iPhone Work? Let’s Find Out!

Posted in Commentary with tags on July 28, 2024 by itnerd

After I wrote this how to guide that details how to add your PRESTO transit card to your Apple Watch and iPhone, I got a number of emails asking about how well things worked. So in the interest of science, I left my car at home on Saturday to visit two clients and pick up some items from a bike shop. With that out of the way, let’s get to it.

I started from my suburban Toronto home and walked over to the subway station. There, I used my Apple Watch to get into the station.

Now the PRESTO card readers in the stations are on the right side, which means that using an Apple Watch requires you to go across your body to tap your Apple Watch on the reader if you wear your watch on your left wrist. That’s likely a non issue for most. But coming from a guy that has broken both collarbones, it’s not exactly comfortable. One thing I need to note is that I have Express Transit Mode enabled so that all I have to do is tap my Apple Watch and go. I feel comfortable having Express Transit Mode enabled for the Apple Watch as someone would have to rip my Apple Watch off my wrist to use it to get onto transit. Conversely, because iPhone theft is a thing that can be snatched out of your hand, I do not have it enabled for my iPhone. That’s because I want to authenticate before I pay for transit.

I traveled to the north part of the city to visit one of my clients which took about an hour. About 30 minutes later I hopped onto the subway again. Because it was within two hours, I should be eligible for a free transfer. And when I tapped, that’s exactly what happened. But four stations into my journey to my next client, I had to go back to the first client to fix a new issue. That took another 30 minutes which required me to pay another fare. At that point I needed to refill the PRESTO card on my Apple Watch. The quickest way to do that is to use your iPhone to do it either via the PRESTO app or on the card itself via the Watch app on your iPhone. Which means that if you travel with only your Apple Watch, you need to preload the PRESTO card on your Apple Watch so that you can get to and from your destination. I chose the latter option.

One thing that is handy is that it keeps track of every time you tap the card.

That’s something that you would normally have to go into the PRESTO app to see if you have a physical PRESTO card. Which assumes that you have the PRESTO card added to the app. If you just have the card, or it’s not in the app, you’re out of luck. One thing that I noted is that the subway is called the “Metro”. Interesting.

In short, using the PRESTO card on my Apple Watch was a total non-event. Everything worked perfectly and it was as if I was using a physical PRESTO card. If you were on the fence in terms of going to using your PRESTO card on your iPhone or Apple Watch, I would say go right ahead. From what I can tell, everything seems to work fine.

Leave a comment »

ServiceNow Vulnerability Chain Disclosed By Assetnote

Posted in Commentary with tags on July 27, 2024 by itnerd

A company named Assetnote has published research on a series of vulnerabilities in ServiceNow which when chained together can create huge problems for those who rely on ServiceNow:

Through the course of three to four weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured.

The following CVEs were assigned for these issues:

CVE-2024-4879
CVE-2024-5178
CVE-2024-5217

Tom Siu, CISO, Inversion6 had this comment on this research:

The input validation flaw means that regular data entry fields, such as a user login window where a user would type a userid, does not check whether the data inputs are as expected. This means an attack, such as the well known “SQL Injection” attack could be used to gain access to the system’s backend data. The OWASP Top 10 Web vulnerabilities list this as A03:2021 – Injection, where 03 means it is the third most prevalent risk.

Since many customers of ServiceNow include IT Help Desk functionality, a successful attack could reveal critical internal information about users (email, phone numbers), IT issues, and operational challenges the organization manages, permitting well-crafted social engineering attacks.  I could see an attack spoofing a Help Desk support call.

Of major importance for cybersecurity teams – some organizations use ServiceNow to track and manage security events and incidents. The disclosure of this highly sensitive operational security information would be disastrous to IT and cybersecurity teams. Cybersecurity teams should use this risk impact to amplify priority for patch implementation of ServiceNow utilities.

ServiceNow has released mitigations to this chain of vulnerabilities. Thus if you haven’t applied them, now would be a good time to do so. I’d also read the research on this as this clearly is a non trivial chain of vulnerabilities

Leave a comment »

Samsung Unveils Exclusive Galaxy Z Flip6 Olympic Edition, Powered by Galaxy AI, for Paris 2024 Athletes

Posted in Commentary with tags on July 26, 2024 by itnerd

Samsung , a Worldwide Olympic and Paralympic Partner, today revealed the Olympic Edition of its newly announced Galaxy Z Flip6, exclusively designed and customized for all athletes competing at the upcoming Olympic and Paralympic Games Paris 2024. The Galaxy Z Flip6 Olympic Edition continues Samsung’s over three-decade-long legacy of providing its cutting-edge technology and mobile innovations in support of the Games and represents a series of firsts.

The new Olympic Edition for Paris 2024 is the first-ever Olympic Edition to feature Galaxy AI. Designed to elevate the athletes’ Games-time experience from the moment they arrive in Paris, it is the first to come pre-loaded with a full suite of exclusive services and useful apps. In addition, it marks the first time Samsung’s newest product is being made available to athletes before its official market launch. The Galaxy Z Flip6 will also take center stage at the Olympic Games as the first Olympic Edition to play an integral role on the podium.

It boasts the new Galaxy Z Flip6’s compact and versatile design, in a striking yellow colorway adorned with the Olympic rings and Paralympic agitos in gold. To dress up the phone, Samsung partnered with the Parisian Men’s Luxury Maison, Berluti, who designed the Team France’s official outfits for the Paris 2024 Opening Ceremony, to create an exclusive Flipsuit Case that will accompany each device. Made from Venezia leather, each Flipsuit Case has a unique patina featuring a vibrant color mix inspired by the Olympic rings, celebrating the Olympic spirit and values of excellence and unity.

Enhancing the Athletes’ Experience at Paris 2024 with Devices Powered by Galaxy AI

Samsung’s decision to provide its latest addition to the Galaxy portfolio to Paris 2024 athletes before its official market launch stems from the crucial role Galaxy AI technology plays in accelerating a new era of communication, productivity, and creativity on a smartphone. The Galaxy Z Flip6 Olympic Edition includes a range of useful innovations to help athletes open up new experiences throughout the Games, including the following Galaxy AI communication features that will help athletes from around the world connect with ease while in Paris:

Composer – helps to draft emails and social media posts in apps by using simple keywords. For social media app specifically, it even analyzes the tone of past content, making it easier for athletes to express their excitement at some of the competition’s most thrilling or poignant moments.

Live translation – translates phone calls directly on the device in real-time into 16 different languages, making it easy for athletes to call the Olympic hotlines and local contacts in their native language, using Samsung native and select third-party apps.

Interpreter – instantly translates live conversations, allowing athletes to chat with other athletes and volunteers and receive a live translation of what they’re saying on screen – while still speaking face-to-face, thanks to the phone’s unique dual screen.

Athletes can also use Galaxy AI on the Olympic Edition phone to help prepare for competition, enhance their creativity, and capture lifelong memories at Paris 2024, with features including:

  • Instant Slow-mo – allows athletes to record, share and analyze their performances in slow motion, making it easier for them to refine their technique.
  • Photo Assist – enables athletes to get the perfect shot every time, by resizing, repositioning or even removing unwanted objects within photos.

Built-in Services and Apps Making the Olympic and Paralympic Experience Fun and Easy

To make it easier for athletes to use the phone while in Paris and beyond, each Galaxy Z Flip6 Olympic Edition will come with an eSIM of 100GB 5G data in partnership with Orange, and two years of Samsung’s global warranty. Additionally, to keep track of the latest Games-time schedules and travel around the Olympic venues with ease, several official International Olympic Committee (IOC) apps such as Athlete 365, Olympic Shop, Paris 2024, Transport Accred App, and IOC hotline will be pre-loaded. 

Via Samsung Wallet,  it also will come pre-loaded with an in-app pass for free beverages in vending machines located throughout the Olympic and Paralympic Village in partnership with fellow Worldwide Partner, The Coca-Cola Company, and an unlimited complimentary public transport access card, in partnership with Île-de-France Mobilités (IDFM), so they can enjoy touring the city of Paris and its region.

To bring some fun and personalization to the athlete experience, each Galaxy Z Flip6 Olympic Edition will feature a suite of interactive, Paris 2024-themed apps, as well. These include PinQuest and Galaxy Experience for collecting and exchanging real and digital pins during Games-time, Olympic Go!, the official Olympic Game, and Galaxy Skateboard, a new game featuring the Phryges, the Paris 2024 mascots.

Sharing Moments of Victory from the Podium Firsthand

Standing atop the Olympic and Paralympic podium during the medal ceremony and realizing a lifelong dream is one of the most emotional and memorable moments an athlete can experience. Traditionally photographed by accredited media only because athletes have been prohibited from bringing personal belongings — including their mobile phones — to the ceremony, the view has always been captured from a distance and not through an athlete’s own lens.

For the first time in Olympic and Paralympic Games history, Samsung will provide the Galaxy Z Flip6 Olympic Edition for use on the podium at Paris 2024, so athletes can create their own memories and emotions via a new, victory selfie. Samsung’s customized technology will map and sort the athletes’ selfies by sport and upload them to Athlete365 in real-time, which will allow athletes to save and share their iconic moments with family and fans.

The Galaxy Z Flip6 Olympic Edition will be displayed at Olympic rendezvous @ Samsung showcases, including the one at Champs-Elysees 125, starting July 12. In collaboration with the IOC and International Paralympic Committee (IPC), athletes will receive their Galaxy Z Flip6 Olympic Edition from Samsung starting July 18.

Leave a comment »

Aptum and 186Kloud Announce Strategic Partnership 

Posted in Commentary with tags on July 26, 2024 by itnerd

Aptum, a global infrastructure and cloud solutions provider specializing in technology consulting and managed services, today announced a strategic partnership with 186Kloud, a technology services distributor, to deliver innovative cloud services across the UK. 

This partnership combines Aptum’s unique ability to deliver dedicated infrastructure and Azure, AWS and Google Cloud Platform (GCP) managed solutions with 186Kloud’s deep industry knowledge to provide highly customized solutions to UK customers across various industries — including financial services, healthcare, retail and manufacturing.

Empowering Businesses with Advanced Cloud Solutions

With more than 10 years of expertise in cloud transformation and managed services, 186Kloud is a leading UK-based technology provider specializing in advanced cloud offerings and disaster recovery. Through its cloud migration solutions, the company achieves a seamless transition of business operations and data to cloud environments, providing enhanced flexibility, reduced IT costs, and robust protection against data loss. 

With this partnership, 186Kloud will offer Aptum’s modern infrastructurecloud platform and cloud-native solutions to provide customers with the right platform for the right workloads, accelerating enterprise transformation, performance, and growth. Aptum’s expertise with cloud-native platform engineering and operations will also be leveraged.

The agreement between the two organizations is effective immediately.

Leave a comment »

Acadian Ambulance Confirms Cybercriminals Threaten To Leak Data Of 10 Million Patients

Posted in Commentary with tags on July 26, 2024 by itnerd

On Wednesday, Acadian confirmed that it was the victim of a cyberattack in late June that disrupted operations of certain computer systems, and, while the extent of the data theft has yet to be confirmed, ransomware group Daixin is threatening to leak sensitive medical information of 10 million patients on the dark web.

“Upon discovering the activity, our team responded quickly and strategically to lock down systems to prevent any further unauthorized activity and activated backup and redundancy systems to prevent disruption to patient care,” Acadian said.

Acadian was able to continue operating without disrupting patient care, but the investigation into the incident determined that threat actors did access a server containing patients’ protected health information, the company said.

Based on tables that appeared on Daixin’s leak site on Wednesday, the stolen database contains more than 11 million rows of patient records, including patient histories and cases involving suspected drug use, as well as more than 28,000 rows of employee information.

The group claims to have demanded a $7 million ransom but after weeks of negotiating, Acadian claimed it could only pay $173,000 while it attempts to raise more funds.

Emily Phelps, Director, Cyware had this to say:

   “This incident underscores the critical need to protect sensitive health information. Healthcare organizations need to be enabled to adopt continuous monitoring, threat intelligence, and proactive security measures to safeguard against potential threats. Investing in advanced security technologies and fostering industry-wide collaboration are essential steps in enhancing the resilience of healthcare entities.”

Once again a healthcare organization has been pwned by threat actors, and the general public will suffer as a result. This should send a clear message that this is a sector that needs to double down on cyber defences to stop being a soft target for threat actors.

Leave a comment »

Freedom Mobile Rolls Out New Plans That Will Get The Attention Of The Big Three Telcos

Posted in Commentary with tags on July 26, 2024 by itnerd

Freedom Mobile seems to be playing hardball to grab marketshare any way it can. The latest example of that is that the company dropped a bunch of new plans that are sure to get the attention of Rogers, TELUS and Bell.

Let’s start with the plans that went up on their website yesterday:

Some random thoughts:

  • The first thing that I notice is that all three of these plans have Canada, US, and Mexico usage. The Mexico part is new. I am assuming that Freedom is catering to those who travel to Mexico.
  • The second thing that I notice is that the $5 a month credit on all plans that used to be forever is now for 18 months. That’s a bit of a downgrade. But I am guessing that Freedom is going to stop using long term discounts to attract business.
  • Next is the fact that the 75GB and 100GB plans have Roam Beyond access. Meaning that you can affordably travel with your phone without having to buy a local SIM card (which until Freedom came along was the cheapest way to avoid the insanely high roaming prices of the big three telcos). In the case of the 75GB plan, you get 10GB of data and unlimited talk and text. In the case of the 100GB plan, you get 20GB of data and unlimited talk and text.
  • Finally, the 100GB plan adds the option to add a smart watch or tablet to the plan.
  • All these plans are BYOD (Bring Your Own Device)
  • There’s 5G access in Canada, U.S., and Mexico 

In general, I think that all of these plans are a better value than their previous plans. That has my wife and I seriously considering switching to these new plans as a result. Specifically the 100GB plan as that has Apple Watch support. The only question would be if switching would incur the $45 fee that Freedom has when adding devices or switching plans. We’ll have to investigate that and do some math before we pull the trigger.

What these plans do is put pressure on Rogers, TELUS, and Bell as they don’t offer anything this good. And as Freedom’s 5G coverage improves (for example I have seen a speed bump recently on 5G via my iPhone 14 Pro), that’s going to make Freedom a viable option for those who are paying too much elsewhere. I am sure that the big three know this, so it will be interesting to see how they respond to this move by Freedom.

Leave a comment »

PKFail Compromises Secure Boot In The UEFI Ecosystem

Posted in Commentary with tags on July 26, 2024 by itnerd

Binarly, a global firmware and software supply chain security company, released research news on a critical firmware supply-chain security issue affecting devices in the UEFI ecosystem.

The research details on what is know as PKFail calls attention to significant flaws in the Secure Boot process due to untrusted Platform Keys generated by Independent BIOS Vendors (IBVs). This issue undermines the fundamental security mechanisms that protect devices from malicious code and the widespread impact is substantial. This research not only highlights a pervasive problem that has persisted for over a decade but also reveals the alarming scope and potential impact of PKfail on both x86 and ARM devices.

Here’s a link to the Blog and FAQ on PKFail:  http://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem

UPDATE: Rogier Fischer, CEO, Hadrian had this comment:

The PKfail issue is a big deal because it makes it easy for hackers to bypass Secure Boot, like having a master key that unlocks many houses. Since the same keys are used across different devices, one breach can affect many systems, making the problem widespread. This vulnerability has been around for over a decade, affecting hundreds of devices, so it’s not a new issue but a persistent one. Compromised keys mean that malicious software can run as your computer starts up, leading to severe security breaches that are hard to detect and remove. Major manufacturers like Dell, Lenovo, and HP are affected, putting both personal and enterprise systems at risk of data leaks and malware infections.

Cigent CGO Brett Hansen follows with this comment:

  “This is the latest example of the vulnerability of endpoint devices and the continuing focus and innovation of threat actors. The undermining of the secure boot on UEFI ecosystem is a significant vulnerability that can be used to undermine other security capabilities. This vulnerability is addressable – organizations need to place greater emphasis on ensuring the integrity of endpoints and the sensitive data that inevitably resides on them.”

Leave a comment »

Today Is System Administrator Appreciation Day

Posted in Commentary on July 26, 2024 by itnerd

System Administrator Appreciation Day is today. 

Ted Kekatos is a system administrator who is credited with creating Sysadmin Appreciation Day. It is said that the idea for the day came to him in 2000 after seeing an ad by Hewlett-Packard that showed a system administrator receiving flowers and other gifts from grateful co-workers. This inspired him to create a special day to recognize and appreciate the often underappreciated efforts of system administrators and IT professionals. Ted Kekatos’s initiative has since grown into an annual event celebrated by business and IT communities worldwide.

Manu Heirbaut, Vice President of Engineering at Datadobi, and DeeDee Kato, Vice President, Corporate Marketing at Foxit had this to say about this important day: 

Manu Heirbaut, Vice President of Engineering, Datadobi

“As someone who has direct exposure to the folks in ‘the backroom,’ I have seen first-hand the invaluable role that SysAdmins play in the success of any organization. While oftentimes, the SysAdmin remains unseen, quietly ensuring that our systems keep humming, I cannot even count the number of times a SysAdmin has come to the rescue. The truth is, without SysAdmins, most organizations would be up a creek, without a paddle. These unsung heroes work tirelessly behind the scenes — truly at all hours of the day or night — to ensure our systems run seamlessly, securely, and without interruption. 

As John Wooden, the first person ever inducted as a member of the Basketball Hall of Fame as both a player and as a coach, once said, ‘It’s the little details that are vital. Little things make big things happen.’ 

So on SysAdmin Appreciation Day, or better yet all year round, take a moment to shake the hand of the individual who contributes so greatly to your success, and say thank you.”

DeeDee Kato, Vice President, Corporate Marketing, Foxit:

“SysAdmins are truly the backbone of any organization – tirelessly working behind the scenes to maintain secure and smooth-running systems. SysAdmins expertise and dedication keep the digital infrastructure humming – allowing the entire organization to function safely and efficiently. Without their constant vigilance and problem-solving skills – even minor issues could escalate into major disruptions, impacting productivity, security, and business continuity.

Of course, it should go without saying, we must provide our SysAdmins with solutions that are the most advanced and proven possible. This is the best – I would even venture to say, only –  way to ensure that they can maintain a robust and efficient IT infrastructure.

But we cannot stop there… SysAdmins must also be empowered with cutting-edge solutions – like productivity solutions that embed Generative AI. By adding GenAI into workflows, SysAdmins can boost what employees can do – letting them focus on strategic and creative projects that create competitive advantage, and push the organization forward.”

                                   

Leave a comment »

Elon Musk Is Taking Your Twitter Data To Train Grok…. By Default And Without Telling Anyone

Posted in Commentary with tags on July 26, 2024 by itnerd

Elon Musk continues to do things that reinforce his status as a grade A scumbag. His latest brainwave is to take the data of those who for whatever reason are still use Twitter and use it to train his AI known as Grok by default. What’s worse is that he didn’t tell anyone about this. It was discovered by a Twitter user:

If you for whatever reason are still using Twitter. You should log onto the Twitter web interface and immediately disable this setting. Responsible companies allow users to opt into this sort of stuff. But Elon doesn’t run his companies in a responsible manner. Thus I am not surprised that you are not only forced to opt out of this, and that he did this under the cover of darkness. Once you turn this off, I would then strongly suggest that you spread this far and wide not only to show what sort of person that Elon is, but to deprive Grok of the training data that clearly he is so desperate for, that he would pull a stunt like this.

Leave a comment »

Guest Post: Self-hosted observability is essential for federal agencies to protect on-premises applications and infrastructure

Posted in Commentary with tags on July 25, 2024 by itnerd

By Gregg Ostrowski, CTO Advisor, Cisco Observability

Across the world, government agencies continue to be a highly attractive target for cybercriminals. These malicious entities are aware of the vast amounts of sensitive data stored by federal, state, and local institutions, and recognize the limited resources many of these have to protect legacy applications and infrastructure. 

Whether it’s geopolitical strategy and cyber war through state sponsored attacks (a growing possibility with the number of countries with major elections this year) or one-off ransomware and phishing attacks, government agencies are threatened like never before. In Canada, 11 per cent of all cyberattacks were aimed at the public sector last year, with attackers looking to exploit vulnerabilities to access huge volumes of personal data for fraud, identity theft, and account takeovers. 

Unfortunately, many government IT teams are struggling to handle an increasingly dynamic and sophisticated threat landscape. They simply don’t have the tools and insights needed to detect and address threats in a timely way. Unless addressed, this issue represents a huge challenge for government agencies, and for citizens around the world. The likelihood of serious security breaches will continue to rise, with all the subsequent effects to reputation, trust, and citizen engagement.  

While IT teams across vast industries rely on cloud-native and SaaS-based observability tools to address security threats, public sector agencies face unique challenges. Federal, state, and local government institutions often operate in air-gapped environments with strict data privacy and security rules, limiting their access to these solutions. 

Fortunately, more government institutions are now turning to self-hosted observability solutions. This shift allows them to leverage advanced AI-powered tools to enhance their security posture and proactively manage application availability, performance, and security. 

Self-hosted observability is vital to protect on-premises environments 

Observability offers technologists unified visibility across the IT stack, allowing them to identify vulnerabilities, understand root causes and dependencies, and address issues promptly. Additionally, it provides business context to security findings, helping IT teams assess the potential impact of vulnerabilities in cloud-native technologies and prioritize mitigation efforts based on customer and business outcomes.  

Unfortunately, however, the reality is that most observability solutions only run in cloud or SaaS environments – making them unsuitable for organizations maintaining applications and infrastructure on-premises. On-premises observability has largely been overlooked, with only one or two comprehensive solutions on the market. The result is that many on-premises IT teams are struggling to respond to increasing levels of complexity and overwhelming volumes of data, and to respond to an increasingly more sophisticated threat landscape.  

Fortunately, though, there is now a new breed of observability solutions which are delivering innovative functionality within on-premises environments and helping government IT teams mitigate risk and deliver secure and seamless citizen experiences. 

Across federal, state, and local government, a growing number of agencies are embracing self-hosted application observability solutions to monitor their most critical business systems, end-to-end. 

Self-hosted observability – or customer-managed observability – includes on-premises deployments or cloud-based deployments where the organization maintains control of all the data and associated operations. It enables technologists to proactively manage the performance, availability, and security of mission-critical applications and, in turn, delivers market-differentiating digital experiences to end users. 

With observability, IT teams gain a unified view of their applications, infrastructure, and data, allowing them to monitor, manage, and optimize applications in real-time. It integrates seamlessly into the data centre while adhering to compliance, security, and operational policies.  

Modernizing the on-premises control to leverage AI capabilities 

IT teams managing on-premises environments need an observability solution that modernizes their installation and operates effectively within a Kubernetes environment.  

Upgraded observability controls provide government agencies with the same comprehensive capabilities as cloud-native solutions, including AI-powered anomaly detection, root cause analysis, and automated transaction diagnostics. Self-hosted observability enhances security by identifying application vulnerabilities within context and offering automated business risk scores. This helps IT teams prioritize responses based on potential impact.  

With the threat landscape likely to become even more severe over the coming months and years, government agencies urgently need to ensure their IT teams have access to the latest AI-powered functionality that self-hosted observability can deliver. Only with the right capabilities and insights will IT teams be able to counter rising threats and deliver the seamless and secure experiences that are now so crucial in driving improved citizen outcomes.  

Leave a comment »

« Older Entries
Newer Entries »