Posted in Commentary with tags Roku on July 5, 2024 by itnerd
One of the advantages that Roku had is that they handled updates to their TVs in the same way that they updated their streaming sticks and streaming boxes. Which is for the most part, any Roku device got the same features and fixes. Up until recently I thought that was good. But back in June that changed when Roku rolled out RokuOS 13. Specifically, the picture quality became worse for some people And after reading the release notes that Roku put out in regards to version 13 of the RokuOS, the answer is pretty clear:
Roku Smart Picture:Roku Smart Picture, available on Roku TV models, automatically improves picture quality dynamically as users stream. Backlighting, uniformity, and colors will automatically adjust based on the type of TV, and Picture Mode will optimize across detected content types including sports, movies, reality, animation, and more. Users can turn on Roku Smart Picture by pressing the * button on a Roku Remote while streaming and clicking into Picture Setting then Picture Mode. This feature will not override Dolby Vision® and HDR10+ formats if they are detected on compatible devices.
Now the key part is that Roku added this:
Roku Smart Picture, available on Roku TV models, automatically improves picture quality dynamically as users stream.
This is some sort of motion smoothing feature that Roku has implemented. And people who want the best picture quality possible turn off any sort of motion smoothing. They do that because viewing content filmed at 24 or 30fps looks really weird on TVs that run at 120 Hz and above. The insanely smooth motion makes the video almost seem too real. Or put another way, it completely destroys the movie watching experience. But for some reason Roku feels that it should be on. And not only that, in Roku’s infinite wisdom, they have no way to turn it off. Unless you have a Dolby Vision and HDR10+ TV from one of Roku’s partners. Or the streaming stick or box detects one of those TVs.
Frankly, this is the single dumbest thing that Roku has ever done. In effect, they’ve managed to anger a significant percentage of their user base for no good reason. Not that angering the people who buy your products is a good thing. In any case, Reddit for example along with Roku’s own community forum has a lot of angry users complaining about this feature, and the fact that you can’t turn it off. What makes the situation worse is that while Roku seems to acknowledge that the issue exists, they don’t seem very interested in fixing it. Or more accurately giving users the ability to turn off motion smoothing. Now there’s an extra twist to this. This feature might have existed before. While I haven’t noted that, and I am not affected negatively by this as I have a Dolby Vision and HDR10+ TV, older threads on Roku’s forums have mentioned similar issues before. Which makes me wonder if this is something that the company has been trying to push at the behest of their hardware partners.
Regardless, even though I am not affected by this, this whole experience has left a bad taste in my mouth when it comes to Roku. I happen to like their products specifically because I perceived it to be an open platform that gave me a fair amount of choice. And their support for things like Apple HomeKit and Fitness+ really fit into my home which is deep down the rabbit hole of the Apple ecosystem. But if Roku is going to do things like this where they force things upon their user base that their users don’t want, then I may hop over to a Google powered TV. While it is Google which means that they are as invasive in terms of collecting data about you as Facebook is, they aren’t known for this level of stupidity. Perhaps Roku might want to keep that in mind and not only find a way to roll back this change, but also find a way to calm their user base before Roku TV’s end up on Craigslist en masse.
Posted in Commentary with tags Telus on July 4, 2024 by itnerd
Today, TELUS Health announced a collaboration with Nova Scotia Health (NSH) to enable residents of Nova Scotia to access their primary care information through the
YourHealthNS app. This health data interoperability initiative marks the first large-scale effort in Canada to standardize and connect primary care data and empowers people in Nova Scotia to better manage their health and improve health outcomes.
TELUS Health is a leader in digital health data and currently supports most of Nova Scotia’s clinicians with electronic medical records (EMRs) to enhance their practice and patient care. Through this collaboration, TELUS Health is using its integrated data platform to extract relevant patient summary data from these EMRs.
Providing patients with seamless and secure access to their health information benefits not only the patients themselves but also clinicians and care providers. This access leads to greater efficiencies, supports effective communication and ultimately enhances the overall patient experience, as demonstrated by a pilot project launched in early 2024. Among the 13,000 participants, 68 per cent who accessed their health records reported their patient experience as good or excellent.
As the first company in the world to achieve the ISO 31700-1 Privacy by Design certification, TELUS Health is committed to safeguarding privacy and advancing the principles of trustworthy data practices across Canada and beyond. TELUS Health aligns with the Government of Nova Scotia’s dedication to using healthcare data solely for the advancement of healthcare, ensuring that individuals can lead healthier lives.
TELUS Health looks forward to collaborating with other provinces across the country to replicate this success.
Here’s something that seems a bit suspect to me. Via a blog post, Twilio who makes two factor authentication apps, specifically an app called Authy, said that it was hacked. But the way that it provides details about this hack leads to more questions than answers:
Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.
We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting that all Authy users update to the latest Android and iOS apps for the latest security updates. While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.
You’ll note that the company hasn’t said how many users were affected. Now it is possible that Twilio has no clue how many users were affected. It is also possible that they just don’t want to say because the number is huge. There are reports that the number of users is 33 million which would be huge if true. And the fact that Twilio said that hackers got in via an “unauthenticated endpoint” is interesting. That kind of implies that they might have had computers on their network that weren’t properly authenticated to the network. IF that is the case, that’s not good. Either way, this isn’t trivial. All of this leads to more questions than answers. And Twilio will have to answer those questions sooner rather than later if they are to be trusted again.
You might recall that I have been implementing DMARC across all the domains that I own in order to increase email deliverability and to cut down, if not eliminate email spoofing via my domains. One thing that I did say at the time was that I was spending every morning looking at DMARC reports to get visibility into what was going on in relation to my domains. I specifically said this:
Now, let’s talk about the reports that I mentioned earlier. They show up in your inbox in xml format that isn’t human readable. To solve that problem, I use the MX Tools DMARC Report analyzer which makes these reports human readable. That way I have visibility into what’s going on from an email perspective. And I set aside a few minutes every day to read these reports. I admit that it’s bit time consuming. But it ensures that I don’t find out about my bad news from CNN so to speak.
Here’s the problem with that method. I am simply looking at one day at a time and one domain at a time. So I am missing out on anything that is trending for example. As in some threat actor who is spending multiple days trying to spoof my email addresses. That’s when Valimail hooked me up with Valimail Monitor. What this web based product does is that it allows users to monitor who is sending email from your domains and identify unauthorized senders. All from a single dashboard. That in turn gives you visibility as to where your good news (nobody is trying to spoof you for example) or bad news (someone is trying to spoof you, or someone inside your company is using a service that you haven’t authorized) is going to come from.
Let’s go into the weeds on this:
One of the first things that I do is to go into the dashboard and scroll through the different sections of the dashboard. DMARC status is one of the first things that usually gets my attention as that’s where I would get the first indication if anyone is spoofing me, or if I have a deliverability issue. In this case, it’s the former as seven email failed the DMARC check. That usually sends me off to the domains screen to see what is going on:
I have redacted my personal domain for privacy reasons. But it seems to be the source of the issue. Since I am a guy who likes to go down the rabbit hole on these things, let’s see why this is the case. So I am going to click the word “view” under the “Senders” column to see what’s going on.
Once I hit this screen, it becomes clear to me what’s going on. My hosting provider uses MailChannels as a proxy for all outbound mail to ensure that a bad actor who hosts with them doesn’t do anything that would cause their hosting infrastructure to be banned by other mail servers. So 100% of my email should go through there. But it’s not. It seems that some “Unidentified IPs” are trying to send mail using my personal domain.
And by clicking on “View” under the “Countries” column, it shows that what appears to be a Vietnamese based threat actor is trying to spoof my domain.
What I did from there is to increase the date range to one month to see what I found. Now Canada isn’t an issue as my email server is hosted in Montreal, and everything is clearly flowing through just fine. But I see that besides having a threat actor in Vietnam, a threat actor that appears to be in the US is also a problem as everything from that country is failing DMARC. Thus they’re trying to spoof me as well.
Now at the time that I went down this rabbit hole, I couldn’t see the exact IP addresses of the servers that were trying to spoof me. But I reached out to Valimail and they were able to get that straightened so that going forward, I can see the exact IP addresses of anything that is claiming to be sending email on my behalf. Some of them were hosted by Microsoft so I reached out to them via their abuse email address to address those threat actors. The other threat actor I have addressed by setting my domains to reject anything that fails a DMARC check.
Sidebar: Since I have done this, I have noted that phishing emails related to my domains have skyrocketed. Which illustrates that if a threat actor can’t get you using one technique, they’ll try something else.
While I continue to monitor the situation, I feel that I am in a better position to make sure that nobody is using my domains when they shouldn’t be as I have complete visibility of what is going on, and I can take action on anything that is suspect. Here’s the key part that you should pay attention to: This level of protection is free. Thus there’s really no reason why you shouldn’t use it.
Now if you need more than Valimail Monitor offers, they can help you with that. Valimail Align is the next level up from Monitor. It adds automated configuration of DKIM and SPF to allow you to get to a compliance level that satisfies Google, Yahoo, and others. It’s a great way to easily ensure that you’re in a good place when it comes to DMARC compliance.
Valimail Enforce is the top tier of what Valimail offers. It allows you to automate DMARC tasks and ensure that absolutely nothing slips through the net so to speak. For example, I set up Enforce which required me to make a number of DNS changes which are outlined here, and then I set up a MailChimp account to send emails using my business domain without telling Enforce about it. Then I waited to see what would happen next. What I found was that Enforce was able to discover the existence of MailChimp and that it was sending emails on my behalf. I was then able to add it as an authorized sender within Enforce and Enforce handed all the DNS changes in the background for me with no need to act as my own IT department to make changes to my DNS setup. It was literally a few clicks to get that done. And this is the key point. Enforce allows you to monitor every aspect of your mail setup so that you can make changes as needed, or discover email products like MailChimp for example that might be used in your organization without your knowledge. Thus if I were to put on my consultant hat on for a second, I would recommend that enterprises should head straight to Enforce as I can see that there would be a close to immediate payback in terms of security, reputation management, and cost.
Here’s the bottom line. Valimail has suite of products that I feel that any company who sends email, which is pretty much every company, should be using to ensure that their email gets to the their intended destinations, and to ensure that said companies reputation remains intact. On top of that, they will save a few bucks along the way. That’s a win on multiple fronts, which means that if you’re the guy who’s responsible for mail, DNS, and perhaps even your security stack, you need to have a look at what Valimail has to offer as in my view, this suite of products can help you in so many ways.
Back in February I reported that Prudential Financial got pwned. At the time I said this:
In a 8-K form filed with the SEC this week, Prudential said a “threat actor… had accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”
And I said this:
The good news is that the threat actors were detected quickly and it looks like Prudential regained control in short order. Swift detection is one of the tools in the toolbox that has to be present to make sure that threat actors cannot set up shop and start to move within a victim’s environment.
Not so fast. Now the company has revealed that over 2.5 million people had their personal information compromised. Ouch. Rogier Fischer, CEO and Co-Founder, Hadrian Security had this comment:
“Although the finer details of the attack and the damage are not yet out, the breach notification throws up several compliance issues.There was a 52-day delay in notifying consumers of the breach, which exceeds the 30-day limit mandated by many state laws such as the Maine Data Security Breach Notification Law. Additionally, while the company did not need to notify consumer reporting agencies due to the number of affected Maine residents being below 1,000, vigilance is crucial for future breaches. The automated breach testing and compliance reporting could have identified vulnerabilities, ensured policy enforcement, and facilitated quicker responses to risks, thereby preventing the breach. These systems could have also flagged the need for improved employee training to mitigate social engineering risks, as in this case.”
“Organizations must be empowered to modernize their security operations and effectively share threat intelligence to stay ahead of these threats. Businesses must adopt proactive security strategies, leveraging AI-driven solutions to enhance their threat detection and response capabilities. By operationalizing threat intelligence, organizations can better protect themselves and their clients from future incidents. The financial sector, in particular, must prioritize these advancements to safeguard the personal information of millions.”
This incident proves that maybe everyone should wait until the full scope of any breach is revealed before making any comment. Myself included.
Targus today announced that it now offers an industry-first five year warranty with new reduced pricing on its best-in-class universal docking stations – specifically DOCK310, DOCK315, and DOCK430 – purchased after July 1, 2024. The extended five-year warranty on these select models further demonstrates the company’s long track record of delivering superior quality tech solutions that boost workers’ productivity, performance, and connectivity, anywhere.
This new extended warranty is now being offered with unbeatable pricing on three of its latest universal docking stations compatible with Windows, macOS, Android, Chrome OS, and other major operating systems, to ensure business customers are covered with the best warranty in the industry that will meet or exceed the expected three- to five-year lifecycle of their PCs.
The Universal USB-C DV4K Docking Station with 65W Power Delivery (DOCK310) is a sleek and powerful dock packed with all the necessary ports and power needed in a single dock to create a convenient, productive workstation. This universal docking station connects two 4K displays to multiple hosts and peripherals for a dual ultra-high-definition video experience with power delivery 3.0 up to 65WDC. Three USB 3.2 Gen 1 Type-A ports and 1 USB 3.2 Gen 1 Type-C port make it simple to add the latest keyboards, exterior hard drives, and other peripherals to customize the workspace experience.
The Universal USB-C DV4K DP Docking Station with 65W Power Delivery (DOCK315) is the ultimate universal docking station to expand a workstation and connect to nearly any laptop with a single cable. This dual monitor docking station delivers crisp and clear 4K video outputs while supporting a connection up to two displays via DisplayPort ™ to multiple hosts and peripherals for a dual ultra-high-definition video experience. This powerful dock supports single 5K and dual 4K UHD HDR at 65WDC, offering video performance up to 4096×2160 p60 for dual displays. Users can also connect their favorite accessories with a combination of USB-A (3x USB 3.2 Gen 1 Type-A ports) and USB-C (1x USB 3.2 Gen 2 Type-C), plus Ethernet and audio ports.
The USB-C Multi-Function 202DisplayPort Alt. Mode Triple Video Docking Station with 85W Power (DOCK430) is a sleek and powerful Alternate Mode dock which packs all of the ports and power needed in a single dock to create a more powerful, productive workstation. Enjoy crisp, clear native video while supporting a connection up to three monitors. With two DisplayPort™ 1.4 ports and one HDMI 2.0 port, this dock supports three monitors (1920×1080 p60), two monitors (2560×1440 p60) or one monitor (3840×2160 p60) and various lower resolutions. Plus, users can connect to all of their favorite accessories with a combination of USB-A (4 USB 3.2 Gen1 ports, 1 fast-charging) and USB-C (1x 3.2 Gen2), plus Ethernet and audio ports.
All three of these Targus universal docking stations, which come with the new extended five-year warranty, are available for sale at Targus.com and through participating resellers and distributors worldwide. Visit Targus.com for additional product details, pricing, and availability.
Infosys McCamish Systems (IMS) has started sending out data breach notification letters regarding a ransomware attack that it disclosed in February 2024 to over 6 million victims, far more than the initially reported 57,000 Bank of America customers. I covered that initial report here.
IMS is a multinational corporation that provides business consulting, IT, and outsourcing services in the insurance and financial services industries for companies such as the Bank of America and seven out of the top ten insurers in the country.
In February 2024, IMS informed the public that it had been hit by ransomware in November 2023 resulting in the compromise of the personal data of about 57,000 Bank of America customers.
In a new notification shared with the authorities, IMS now says the total number of people affected is over 6 million.
The compromised data varies by individual but includes the following:
Social Security Number
Date of birth
Medical treatment/record information
Biometric data
Email address and password
Username and password
Driver’s License number or state ID number
Financial account information
Payment card information
Passport number
Tribal ID number
U.S. military ID number
IMS has not disclosed which of its clients were impacted except for Oceanview Life and Annuity Company. The list of impacted data owners may be supplemented as more customers request to be named in the filing.
Evan Dornbush, former NSA cybersecurity expert, has this comment:
“This is another example of attacks becoming more complex and taking longer to determine full impact.
“Also once again, this is an example of customers becoming passive victims in a process where they cannot take any action beyond hoping the breach isn’t so bad. It’s simply maddening. While some of the compromised data can be easily replaced – such as credit card numbers, license and passport identifiers are less easily renewed, and the loss of medical treatment and biometric data is irrevocably damaging to one’s privacy.”
Given the scope of this breach, I am hoping that IMS, Bank of America, and whomever else was involved in this is hauled before the relevant authorities and made to answer questions on this. Because a breach this size that took months to figure out is simply unacceptable.
It is being reported that a new OpenSSH vulnerability which is currently being tracked as CVE-2024-6387 could impact 14 million internet-facing OpenSSH instances:
The Qualys Threat Research Unit (TRU) discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. This bug marks the first OpenSSH vulnerability in nearly two decades—an unauthenticated RCE that grants full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk.
In Qualys TRU’s analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).
Rogier Fischer, CEO and Co-Founder at Hadrian Security noted the following:
“While there is currently no proof of concept demonstrating this vulnerability, and it has only been shown to be exploitable under controlled lab conditions, it is plausible that a public exploit for this vulnerability could emerge in the near future. Hence it’s strongly advised to patch this vulnerability before this becomes the case”.
This is correct. Now that this is out there, it’s time to patch all the things. Hadrian has a blog post that goes down the rabbit hole on this vulnerability including mitigation steps.
Although some experts argue it is archaic, and tools like Kaspersky have recently increased security risks for users, 121 million Americans (46 percent) rely on antivirus technology.
Another 17 million plan to adopt in the next six months, leveraging both paid and free third-party antivirus software from providers like Norton and McAfee, among others.
Meanwhile, 54 percent rely on built-in antivirus protections (or none at all) on their devices, from the likes of Apple and Microsoft.
Seventeen percent of adults run antivirus programs on their mobile phones
Americans aged 65 or older are twice as likely to pay for antivirus as those under 45
Norton Antivirus remains the top choice for paying customers, while McAfee is the most popular free program
About three percent of antivirus users were running Kaspersky software before the U.S. government banned sales last month
Antivirus use for cryptocurrency transactions has increased in the past two years, while the need to secure remote working connections has dropped by half
Posted in Commentary with tags D-Link on June 30, 2024 by itnerd
So let me start with the exploit behind the title in this story. D-Link has released a security advisory which is tied to CVE-2024-0769 that goes like this:
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
So let’s unpack this. In English, what this is saying is that an attack that can be launched remotely exists that allows attackers to leak session data, achieve privilege escalation, and gain full control via the admin panel. In short, they can take over the router. And presumably use that access to launch secondary attacks. Like theft of data for example via reconfiguring the router to let them have full access to your network. On top of that you’ll note this part:
NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
So this isn’t going to get fixed. Which means that if you have one of these routers, your best course of action is to throw it in the trash (or responsibly recycle it) and get something else. I say that because the word on the street is that threat actors are actively using this exploit to pwn people. Thus you don’t want to be the person on the other end of that.
Roku OS 13 Is Upsetting Users Because They Forced Motion Smoothing Upon Them With No Way To Turn It Off
Posted in Commentary with tags Roku on July 5, 2024 by itnerdOne of the advantages that Roku had is that they handled updates to their TVs in the same way that they updated their streaming sticks and streaming boxes. Which is for the most part, any Roku device got the same features and fixes. Up until recently I thought that was good. But back in June that changed when Roku rolled out RokuOS 13. Specifically, the picture quality became worse for some people And after reading the release notes that Roku put out in regards to version 13 of the RokuOS, the answer is pretty clear:
Roku Smart Picture: Roku Smart Picture, available on Roku TV models, automatically improves picture quality dynamically as users stream. Backlighting, uniformity, and colors will automatically adjust based on the type of TV, and Picture Mode will optimize across detected content types including sports, movies, reality, animation, and more. Users can turn on Roku Smart Picture by pressing the * button on a Roku Remote while streaming and clicking into Picture Setting then Picture Mode. This feature will not override Dolby Vision® and HDR10+ formats if they are detected on compatible devices.
Now the key part is that Roku added this:
Roku Smart Picture, available on Roku TV models, automatically improves picture quality dynamically as users stream.
This is some sort of motion smoothing feature that Roku has implemented. And people who want the best picture quality possible turn off any sort of motion smoothing. They do that because viewing content filmed at 24 or 30fps looks really weird on TVs that run at 120 Hz and above. The insanely smooth motion makes the video almost seem too real. Or put another way, it completely destroys the movie watching experience. But for some reason Roku feels that it should be on. And not only that, in Roku’s infinite wisdom, they have no way to turn it off. Unless you have a Dolby Vision and HDR10+ TV from one of Roku’s partners. Or the streaming stick or box detects one of those TVs.
Frankly, this is the single dumbest thing that Roku has ever done. In effect, they’ve managed to anger a significant percentage of their user base for no good reason. Not that angering the people who buy your products is a good thing. In any case, Reddit for example along with Roku’s own community forum has a lot of angry users complaining about this feature, and the fact that you can’t turn it off. What makes the situation worse is that while Roku seems to acknowledge that the issue exists, they don’t seem very interested in fixing it. Or more accurately giving users the ability to turn off motion smoothing. Now there’s an extra twist to this. This feature might have existed before. While I haven’t noted that, and I am not affected negatively by this as I have a Dolby Vision and HDR10+ TV, older threads on Roku’s forums have mentioned similar issues before. Which makes me wonder if this is something that the company has been trying to push at the behest of their hardware partners.
Regardless, even though I am not affected by this, this whole experience has left a bad taste in my mouth when it comes to Roku. I happen to like their products specifically because I perceived it to be an open platform that gave me a fair amount of choice. And their support for things like Apple HomeKit and Fitness+ really fit into my home which is deep down the rabbit hole of the Apple ecosystem. But if Roku is going to do things like this where they force things upon their user base that their users don’t want, then I may hop over to a Google powered TV. While it is Google which means that they are as invasive in terms of collecting data about you as Facebook is, they aren’t known for this level of stupidity. Perhaps Roku might want to keep that in mind and not only find a way to roll back this change, but also find a way to calm their user base before Roku TV’s end up on Craigslist en masse.
Leave a comment »