Posted in Commentary with tags Token on May 15, 2024 by itnerd
Token, a revolutionary provider of secure, wearable authentication, today announced that its innovative Token Ring with BioTouch Secure has been honored in the Science and Technology category of Fast Company‘s 2024 World Changing Ideas Awards. Selected from over 1,300 global entries across all categories, the Token Ring ushers in a new paradigm in multi-factor authentication (MFA) and stops the ransomware attacks that are devastating organizations around the globe.
Ransomware is every organization’s number one risk
Every day brings news of another major ransomware attack and the financial losses from a single attack can now exceed $1 billion. Protecting against ransomware attacks and data breaches has become the top priority of CISOs, CEOs, boards, regulators, and cyber risk insurance providers. Organizations have become easy targets for cybercriminals because most are using 20-year-old legacy MFA technology to stop cybercriminals who are using the power of generative AI and the most advanced attack methods. Next-generation MFA eliminates the risks of cybercriminals using stolen credentials, MFA prompt bombing, Sim Swapping, BYOD compromises, Adversary-in-the-Middle (AitM/MitM), and other common attack methods.
Token Ring Next-Generation MFA
Token Ring is a simple, fast, and user-friendly way to protect organizations against phishing and ransomware cyberattacks. BioTouch Secure integrates fingerprint biometrics, the most secure form of user authentication, into an attractive wearable device for the ultimate in user convenience and enterprise security. Token Ring features a capacitive fingerprint sensor for the highest level of biometric security, a large capacity secure element to safely store biometric information and user credentials, a capacitive-touch bezel for user friendly operation, and NFC and Bluetooth Low Energy communications for universal compatibility. Token Ring combines these capabilities into an appealing ring for convenience and to prevent the loss of authentication devices.
About The World Changing Ideas Awards
World Changing Ideas is one of Fast Company’s major annual awards programs and is focused on social good, seeking to elevate finished products and bold concepts that make the world better. Judges choose winners, finalists, and honorable mentions based on feasibility and the potential for impact. With the goals of awarding ingenuity and fostering innovation, Fast Company draws attention to ideas with great potential and helps them expand their reach to inspire more people to work on solving the problems that affect us all.
About Fast Company
Fast Company is the only media brand fully dedicated to the vital intersection of business, innovation, and design, engaging the most influential leaders, companies, and thinkers on the future of business. Headquartered in New York City, Fast Company is published by Mansueto Ventures LLC, along with our sister publication Inc., and can be found online at www.fastcompany.com.
Yesterday in partnership with the DHS, the FBI and numerous international agencies, CISA released a joint guidance document to help civil society organizations and individuals reduce the risk of cyber intrusions and encourage software manufactures to actively commit to implementing Secure by Design practices to help protect vulnerable and high-risk communities.
“Civil society, comprised of organizations and individuals such as– nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities involved in defending human rights and advancing democracy–are considered high-risk communities. Often these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests,” CISA’s release read.
Civil society organizations and individuals are encouraged to implement the following best practices as defined by CISA’s Cross-Sector Cybersecurity Performance Goals:
Keep software and applications updated on devices and IT infrastructure
Use multifactor authentications and use strong passwords
Audit accounts and disable unused and unnecessary accounts
Disable user accounts and access to organizational resources for departing staff
Apply the Principle of Least Privilege
Exercise due diligence when selecting vendors, such as cloud services and MSPs
Manage architecture risks
Implement basic cybersecurity training
Develop and exercise incident response and recovery plans
Use encryption measures to protect all communications
Software manufacturers are strongly encouraged to embrace Secure by Design principles and mitigations to improve the security posture for their customers include:
Vulnerability management. Working to eliminate entire classes of vulnerability in their products
Enabling MFA by default in all products
Provide logging at no additional charge and alert customers of suspicious or anomalous behavior
Implement alerts so customers are aware of unsafe configurations, suspicious behavior, and malware
Include details of a Secure by Design program in corporate financial reports.
“Security by design is a good practice to implement and goes hand-in-hand with the equivalent for enterprise network design — designing for cyber resiliency. Too often security is an after-thought; with both security by design for software engineering, and cyber resiliency design for networks and organizations, the overall design becomes foundationally secure, and that’s exactly what is needed going forward to combat the continued onslaught of new and innovative attacks and risks.“
What I like about this initiative is that it is targeting a group of people who likely don’t spend a lot of time and effort to make sure that they are secure. Yet they are low hanging fruit for threat actors. Hopefully this generates results and civil society organizations and individuals are better protected as a result.
HP has announced that they have a new partnership with Google. With more than half of meaning and intent communicated through body language versus words alone, an immersive collaboration experience plays an important role in creating authentic human connections in the evolving hybrid work framework, Project Starline is a breakthrough communications technology by Google leveraging AI, 3D imaging, and other technologies to offer a genuinely realistic meeting experience. HP’s expertise in computing, combined with investment in Poly audio and video technology, make it the right choice to deliver this new collaborative solution to the global market.
A few days ago, I wrote about my use of virtual machines and I mentioned this:
Now, earlier on I did mention that I currently run two virtual machine software. That’s going to change as I am going to migrate to UTM for all my virtual machines. I’m doing that because since VMware has been acquired by Broadcom, their level of support has nosedived. You can take a scroll through the VMware Sub-Reddit to see the complaints about this acquisition that people have. And a lot of my clients are looking to move their enterprise level virtual machines off of the VMware platform for greener pastures like Microsoft Hyper-V, Nutanix or Citrix as a result of the chaos caused by the Broadcom acquisition. That lessens my need to run VMware’s software. Also UTM has much broader support for classic operating systems such as Windows XP and Windows 7. Which is something that VMware doesn’t offer. Thus it makes sense for me to transition to UTM.
Well I may be rethinking this move because The Register is reporting that VMware or more accurately Broadcom who owns VMware now is going to offer Workstation Pro for PC and Fusion Pro for Mac are now going to be offered for free… For personal use. Now part of me thinks that this is a trap as this is an honour system. Meaning that if you’re some kid in their college dorm, Broadcom won’t care. But some company will likely play fast and loose with this and I can see Broadcom doing an audit and catching out a company on this front. I’m thinking this because the acquisition of VMware by Broadcom has been a clown show.
Anyway, the transition from the VMware customer portal to the Broadcom version is something that’s currently ongoing and is scheduled to end today. Assuming that happens on schedule, which given that this whole acquisition has been a clown show as mentioned previously I question if that is going be the case, I’ll be able to get a license key and test out Fusion Pro. Then I will be able to make a call as to if I should move to UTM. Right now I can’t see any of my VMware license keys in the customer portal, and I can’t make new ones to get Fusion Pro working. But let’s see if that changes.
UPDATE#2: I just got a chance to try updating to version 13.5.2 of VMware Fusion. It didn’t work and I am still stuck on VMware Fusion Player. I did some checking around and I found this post from the Product Manager of VMware Fusion Michael Roy who states that he is coming up with details on how to convert to Fusion Pro if you have Fusion Player installed. But the linked post walks you through how to install Fusion Pro as a new user.
UPDATE #3: I now have the Pro version of VMware Fusion installed. What I did is use a utility called AppCleaner to get rid of the current install of VMware Fusion Player. Then I downloaded version 13.5.2 from the Broadcom site and installed it. When you do that, you get the option to use the Pro version for personal use after the install is finished. This is pretty dumb as I should not have to delete the app to get this to work. It should simply work via an upgrade to 13.5.2. Clearly VMware or likely Broadcom didn’t have this scenario in their test plans. In any case, you won’t lose any of your virtual machines by doing this. Though you will have to go to File –> Scan For Virtual Machines to add them back.
Posted in Commentary with tags HYAS on May 14, 2024 by itnerd
HYAS Infosec, an adversary infrastructure platform provider that offers unparalleled visibility, protection and security against all kinds of malware and attacks, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a partnership. Under the agreement, Carahsoft will serve as HYAS’ Master Government Aggregator®, bringing the company’s industry leading HYAS Protect protective Domain Name System (DNS) and HYAS Insight threat intelligence and investigation platforms to the Public Sector through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Association of State Procurement Officials (NASPO) ValuePoint and OMNIA Partners contracts.
HYAS solutions help Government agencies align to DNS security requirements set forth by Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA) and Department of Defense (DoD). Considered a “must-have” by CISA and the NSA, Protective DNS is an essential component of the Public Sector’s security posture, as well as a critical element of the Cybersecurity Model Maturity Certification (CMMC) framework.
Globally recognized independent research institute AV-TEST GmbH tested HYAS Protect and found it provides exceptionally high levels of cybersecurity protection. The solution leverages intelligence and data derived from the HYAS Adversary Infrastructure Platform to uniquely analyze and correlate data points together for increased efficacy and deeper insights.
HYAS solutions include its award-winning HYAS Insight threat intelligence and investigation platform and HYAS Protect Protective DNS solution, available through Carahsoft’s SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NASPO ValuePoint Master Agreement #AR2472 and OMNIA Partners Contract #R191902. For more information, please contact the Carahsoft Team at (703) 871-8548 or HYAS@carahsoft.com; or visit the Carahsoft HYAS webpage to learn more about HYAS’ solutions.
Posted in Commentary with tags Apple on May 14, 2024 by itnerd
Apple released iOS 17.5 yesterday, and one of the highlight features that iOS users should care about is the fact that it expands its ability to protect you from Bluetooth trackers. Up until yesterday, an iPhone could detect an AirTag or a FindMy compatible Bluetooth tracker. However if a threat actor used some other Bluetooth tracker, it would fly under the radar. That of course is a huge loophole. But that loophole gets closed if you update to iOS 17.5. Here’s how Apple described it in a press release issued yesterday:
With this new capability, users will now get an “[Item] Found Moving With You” alert on their device if an unknown Bluetooth tracking device is seen moving with them over time, regardless of the platform the device is paired with.
If a user gets such an alert on their iOS device, it means that someone else’s AirTag, Find My accessory, or other industry specification-compatible Bluetooth tracker is moving with them. It’s possible the tracker is attached to an item the user is borrowing, but if not, iPhone can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it. Bluetooth tag manufacturers including Chipolo, eufy, Jio, Motorola, and Pebblebee have committed that future tags will be compatible.
In short, the functionality to find an unwanted tracker works the same way as iOS users are used to. I should also note that if you are on team Android, as long as you’re running Android 6 or higher, you’ll get this functionality as well. That way you’re protected from unwanted trackers. So if you’re an iOS user, and you haven’t updated to iOS 17.5, you might want to do it now to protect yourself from stalkers, car thieves, and other evil doers from tracking you.
Late last week, after threat actors posted evidence of a hack on BreachForums, Dell started warning 49 million customers that a threat actor has obtained their personal information through a data breach using a partner portal API they accessed posing as a fake company. The breach was first reported by DailyDark Web. The data includes detailed customer information on Dell system purchases s between 2017 and 2024. With a huge portion of Dell’s $88.4 billion in annual revenue coming from sales to the US government, this reaches deeply into that sector.
The data includes customer information of purchases made from Dell in the US, China, India, Australia, and Canada. Data stolen includes:
The full name of the buyer or company name
Full address
Unique seven-digit service tag of the system
Shipping date of the system
Warranty plan
Serial number
Dell customer number
Dell order number
The threat actor known as Menelik put the data up for sale on the Breached hacking forum on April 28th and told BleepingComputer that they were able to steal the data from a portal for Dell partners, resellers, and retailers. All Menelik had to do was register multiple accounts under fake company names and he had access within two days without any additional verification.
“It is very easy to register as a Partner. You just fill an application form,” Menelik said.
“You enter company details, reason you want to become a partner, and then they just approve you, and give access to this “authorized” portal. I just created my own accounts in this way. Whole process takes 24-48 hours.”
The threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.
The threat actors said they emailed Dell on April 12th and 14th to report the bug to their security team but apparently Dell never replied to the emails and didn’t fix the bug until approximately two weeks later, around the time the stolen data was first put up for sale on the Breach Forums hacking forum.
Ted Miracco, CEO, Approov Mobile Security had this to say:
The breach was conducted via an API accessible through the partner portal, which Menelik accessed using the fake accounts. The ability to generate 5,000 requests per minute for an extended period without being flagged or blocked by Dell’s security systems points to inadequate rate limiting and abnormal activity detection on Dell’s APIs, beyond the blatantly lax vetting process for registering partners. This lack of robust API security controls such as proper throttling and anomaly detection mechanisms exposed Dell to prolonged unauthorized data extraction. The breach impacts customers across multiple major markets, including the US, China, India, Australia, and Canada, potentially exposing Dell to regulatory scrutiny and fines under various data protection laws like GDPR, CCPA, and others. Moreover, the breach should erode trust among Dell’s customers and partners, affecting its reputation negatively.
Dell has a lot of explaining to do. There is no way that this should have happened. I hope that Dell gets smacked silly by authorities everywhere so it send a message that companies have to make every effort to protect customer data without fail. And that there’s going to be punishment if that’s not happening.
Posted in Commentary with tags Asus on May 13, 2024 by itnerd
As many of you know, I own a few ASUS products. Specifically, this gaming PC that I use for cycling indoors on Zwift. And this ZenWiFi XT8 mesh router that I’ve been using for a few years now. But today, I am going public with this statement.
Anyone who reads this blog should not buy ASUS products. Ever.
There’s a pair of reasons that drove me to make this statement. The first is their technical support. Which is abysmal. The second is that there’s an increasing pattern of ASUS not supporting their customers warranty claims by bullying them into paying for repairs that they don’t need.
Let’s start with their tech support. Or rather lack of it. I have had my own issues with their tech support as evidenced by this interaction with them where they couldn’t understand and help me with setting up a PPPoE connection that worked well. I ran around in circles with them for about two weeks before I got fed up with their incompetence. At the time, I said this:
What is worse is that all this troubleshooting was done via email which is the absolute worst way to provide tech support. Especially with complex issues like this. Getting onto a Zoom session or a phone call would have likely resulted in some sort of positive progress, and maybe even a solution. But they didn’t go that route and the net result of this rather negative experience is that it drove me to look at other options that avoided the use of PPPoE to get better performance from the XT8. It also made me decide that I won’t be recommending ASUS gear to my home and prosumer clients anymore. And chances are, my next router at home won’t be an ASUS product. While ASUS has great hardware, their support doesn’t meet the mark. Having competent tech support adds to the value of the gear that a vendor like ASUS makes. Or in this case, not having competent support detracts from the value of the gear that ASUS makes. So if the people at ASUS are reading this, they might want to look at this negative situation and make changes internally to make sure that they’re not on the wrong side of a public post like this as this sort of #Fail reflects poorly on ASUS as a brand. And will likely affect their future sales.
Since I wrote that, I’ve received dozens of emails from people that have had similar experiences with their tech support. That’s not a good look for ASUS because a company is only as good as the support they provide your customers. And if they provide bad support to their customers, those customers will get fed up and not be their customers any longer. And they will tell their friends, or someone like me who has the reach to tell a whole lot of people about how bad that ASUS tech support is. ASUS should consider that and change course before they have no customers to speak of.
That brings me to the second point. Which is ASUS not supporting their customers warranty claims by bullying them into paying for repairs that they don’t need. YouTube channel Gamers Nexus has investigated the bad behaviour of ASUS in the past. And their latest video details what looks like a systemic pattern of ASUS trying to extract cash from users who send in their hardware for warranty repairs by bullying them into paying for extra repairs that they don’t need. I would set aside 30 minutes to watch this video to get the full story:
The thing is, this isn’t the first time that ASUS has been caught doing something shady. If you do a search for “Gamers Nexus ASUS” on YouTube, you can see all the shady stuff that they have been caught doing. In addition, right to repair advocate and YouTuber Louis Rossmann has his own take on this:
If that’s not enough, there’s actually more. A Reddit thread surfaced in the last few days where ASUS quoted a Canadian customer a mind blowing $2799 USD to repair an RTX 4090 GPU that needed its 16-pin power connector replaced. The price is insane because the card had been purchased two week before this happened for $2050 USD. To say that the behaviour of ASUS is a bit suspect in this is an understatement.
On top of the fact that YouTuber JayzTwoCents dumped them as a sponsor to his channel because of their shady behaviour a while back. Here’s the video that details why he did that:
This is pretty bad for ASUS. When A YouTuber dumps you, you know you’re in a bad place.
Now in my case, I’ve been doing some dumping of ASUS products of my own. The PC that I mentioned earlier has been removed from service and replaced by this M2 Pro Mac mini. The PC in question is now sitting in my storage locker waiting to be sold. If you’re interested, I’ve got a fresh install of Windows 11 and it’s ready to go. Email me and we can take it from there. Now while I do have my issues with Apple, they support their customers and they don’t have a reputation for shady behaviour like ASUS does. Thus I will continue to buy products from Apple as they have largely demonstrated that they deserve my money.
Next up is my mesh router. While the XT8 mesh router has been generally reliable, the shady behaviour of ASUS combined with my negative tech support experience will mean that a mesh router from from another company will take its place when it’s time for me to go to WiFi 7. Right now the leading contender to replace the XT8 is Netgear who used to be suspect in terms of how they handled security issues, but have very much improved on that front after being called out on that front repeatedly. Though I have to admit that I’m looking at other companies as well, and I will base my decision on what I go with on the following criteria:
Security posture: In other words, how well they deal with security issues. Such as deploying patches and how fast they go public in terms of letting their customers know about severe issues that need immediate attention.
Performance: I want my router to give me top notch performance at all times because I want to maximize the speed of my Internet connection at all times.
Product Support: As I said earlier, a product is only as good as its support. So this is going to factor into what I get.
I’m hoping to do this switch this year. But one of the things that I am waiting on is WiFi 7 routers to appear in quantity so that I get a fair amount of choice before serving up my credit card to pay for it.
The only other thing that I’ve done is that I stopped recommending ASUS products to my home and prosumer customers. In fact, that happened about a year and a half ago when I had that negative experience with ASUS tech support. The reason I stopped recommending them is that when I recommend something, it has to be something that I would be willing to stake my reputation on. I can’t stake my reputation on recommending ASUS products. No way, no how.
Finally if you have had an issue with ASUS when it comes to the warranty repair of a product, report it as per the advice of Louis Rossmann and Gamers Nexus. In the US you can file a report using this link:
If I find a similar reporting vehicle for Canada, I will post it here. The point is that if enough people report the behaviour of this company to the feds, then ASUS will have a whole lot of explaining to do.
So in short, I am done with ASUS. Given the issues with ASUS that have been exposed by others, and the issues that I’ve personally experienced, the only conclusion that you should come to is that ASUS doesn’t deserve your money. And one of the best ways to drive that point home to ASUS other than to report their behaviour to the feds is to not buy their gear. After all, ASUS may not care about how consumers feel about them. But they sure will care about their bank account getting smaller and smaller as consumers don’t buy their products. Maybe then ASUS will change course and become a company that cares about consumers rather than appear to screw them over at every opportunity. Though I am not holding my breath on that front given how they have behaved up until now. But I suppose anything is possible.
Posted in Commentary with tags Tango on May 13, 2024 by itnerd
Tango, a leader in the global digital rewards and payouts space, today launched an important new product called Global Choice Link. This game-changing solution offers recipients their choice of digital gift cards and prepaid cards instantly—without the operational headaches of managing complex geographic and currency management issues.
This launch represents a considerable leap forward for Tango—and the industry at large—in ease of use and global capabilities. Until now, sending rewards globally could be challenging even for well-established providers as they struggled to find attractive rewards in emerging countries, worked to localize language, managed unstable supply chains, and dealt with currency conversions. Global Choice Link removes these hassles for our business customers. With Global Choice Link, you send one product to recipients wherever they happen to be on the globe, and they have immediate access to rewards that are relevant and impactful for them.
Upon receiving the Global Choice Link, the recipient selects their country and currency and chooses from a relevant list of rewards available in their local area. This is simply awesome for the recipient.
To learn more about Global Choice Link or request a demo, visit Tango’s website.
Reddit’s announced that they’ve appointed Jyoti Vaidee as their new VP of Ads Product. Jyoti was previously the Director of Product Management at Google where she spent 11 years leading ads products like Google’s Display Ads and monetization efforts. In this new role, Jyoti will drive ads product strategy, execution, and management of the Ads Product organization.
Token’s Next-Generation Smart Ring Wins Fast Company’s 2024 World Changing Ideas Award Honors by Stopping Ransomware
Posted in Commentary with tags Token on May 15, 2024 by itnerdToken, a revolutionary provider of secure, wearable authentication, today announced that its innovative Token Ring with BioTouch Secure has been honored in the Science and Technology category of Fast Company‘s 2024 World Changing Ideas Awards. Selected from over 1,300 global entries across all categories, the Token Ring ushers in a new paradigm in multi-factor authentication (MFA) and stops the ransomware attacks that are devastating organizations around the globe.
Ransomware is every organization’s number one risk
Every day brings news of another major ransomware attack and the financial losses from a single attack can now exceed $1 billion. Protecting against ransomware attacks and data breaches has become the top priority of CISOs, CEOs, boards, regulators, and cyber risk insurance providers. Organizations have become easy targets for cybercriminals because most are using 20-year-old legacy MFA technology to stop cybercriminals who are using the power of generative AI and the most advanced attack methods. Next-generation MFA eliminates the risks of cybercriminals using stolen credentials, MFA prompt bombing, Sim Swapping, BYOD compromises, Adversary-in-the-Middle (AitM/MitM), and other common attack methods.
Token Ring Next-Generation MFA
Token Ring is a simple, fast, and user-friendly way to protect organizations against phishing and ransomware cyberattacks. BioTouch Secure integrates fingerprint biometrics, the most secure form of user authentication, into an attractive wearable device for the ultimate in user convenience and enterprise security. Token Ring features a capacitive fingerprint sensor for the highest level of biometric security, a large capacity secure element to safely store biometric information and user credentials, a capacitive-touch bezel for user friendly operation, and NFC and Bluetooth Low Energy communications for universal compatibility. Token Ring combines these capabilities into an appealing ring for convenience and to prevent the loss of authentication devices.
About The World Changing Ideas Awards
World Changing Ideas is one of Fast Company’s major annual awards programs and is focused on social good, seeking to elevate finished products and bold concepts that make the world better. Judges choose winners, finalists, and honorable mentions based on feasibility and the potential for impact. With the goals of awarding ingenuity and fostering innovation, Fast Company draws attention to ideas with great potential and helps them expand their reach to inspire more people to work on solving the problems that affect us all.
About Fast Company
Fast Company is the only media brand fully dedicated to the vital intersection of business, innovation, and design, engaging the most influential leaders, companies, and thinkers on the future of business. Headquartered in New York City, Fast Company is published by Mansueto Ventures LLC, along with our sister publication Inc., and can be found online at www.fastcompany.com.
Leave a comment »