Posted in Commentary with tags Twitter on February 14, 2023 by itnerd
Remember last week when Elon Musk lost his mind because his engagement on Twitter was down, and as a result fired someone over it? Well I guess that his engagement on Twitter really matters to him as Twitter users are reporting seeing way more of Elon than they are used to:
Several of us here at The Verge are seeing more Musk replies than usual, and I personally counted five at the very top of my feed, with many more sprinkled in between tweets from other users. The same is true for some accounts that don’t even follow Elon Musk.
And:
Over the weekend, Musk said Twitter rolled out some sort of change to fix this “visibility” issue, with the billionaire CEO stating that 95 percent of his tweets weren’t “getting delivered.” I’m not sure if this is at all related to this Elon-filled feed, but I’m hoping Twitter fixes this issue soon — unless the new mandate is to get the boss more views by any means necessary.
I don’t see a fix coming for this soon as this is how Twitter is going to be under Elon. It’s basically become his own echo chamber where only the gratification of his ego matters. If you needed another reason to flee Twitter, this is a great one because his head is becoming so big, the rest of us won’t fit onto Twitter because of that.
Atlas VPN announced yesterday that has upgraded its service with 10Gbps servers. The newly introduced servers come with custom kernel optimization to deliver even greater speed and stability while browsing, streaming, downloading, or gaming.
Servers are at the core of any VPN service. When a user connects to a VPN, all of their data travels via its selected server, which encrypts and decrypts it before the data reaches the internet. However, if servers get congested with traffic, browsing speed can suffer as a result.
While the company has been using reliable 1Gbps servers since its start, with the onset of high-speed 5G technology and a rapidly growing user base, it has started the shift toward new, more powerful servers.
Currently, the 10Gbps servers are available for the Amsterdam, Netherlands, location. However, the company plans to expand the 10Gbps network to cover more locations in the near future.
The newly introduced 10Gbps servers are the latest addition to Atlas VPN’s premium offering. The premium bundle also includes privacy-optimized servers Privacy Pro, as well as advanced security tools, such as data breach tracker Data Breach Monitor, and malware and third-party tracker blocker SafeBrowse, among other benefits.
Posted in Commentary with tags Hacked on February 14, 2023 by itnerd
This is rather unsettling.
Four California medical groups filed a joint disclosure with the US department of Health and Human Services of data breach affecting the PII of over 3.3 million patients. The groups included Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group and the Greater Covina Medical Group. In a notice of breach on their website, regal Medical Group describes this as a ransomware attack, yet no details of the attack vector or the perpetrators is mentioned.
The attack occurred on December 1st of 2022 and investigators have determined that the personal information compromised in the attack included names, SS#s, DOB, addresses, medical diagnosis and treatment, lab results, prescriptions, radiology reports, health plan numbers and phone numbers. That’s the sort of information that in the wrong hands can cause real damage to somebody’s life.
I have two comments on this data breach. The first is from Ted Miracco, CEO of Approov:
“The healthcare industry remains one of the most vulnerable and most targeted sectors of the economy when it comes to cyber attacks. While the specifics of the attack have not been disclosed, it would not be surprising if the attack involved either the use of mobile devices and/or the exploitation of APIs. This is a common vector, as the security of mobile applications and the APIs they rely on remain the weakest link in protecting this most sensitive and most personal data. A more comprehensive approach to cybersecurity in the healthcare space is required, and that approach must take into account more than protection, and also address the detection and effective countermeasure to be effective.”
“The addition of healthcare records may make this recent attack on these California medical groups one of the most significant data events in years. Social Security numbers go for around a dollar. Trust me, the bad guys already have your social. Log-in credentials go for around $25 and maybe up to $75 if this also gives the cyber criminal access to your banking log-ins. If they have the credentials of an email admin you could see those go for as high as $1,500 (email admins should never put their job title on their LinkedIn for just this reason. However healthcare records, pins and log-ins can go for more than any of these.
“First, threat actors can see a person’s prescription history and will attempt to fill those prescriptions and sell the drugs on the Silk Road like websites, easily available on the Tor network. Second, if the records are detailed enough, they will attempt to extort those with embarrassing medical information. Imagine you are a married executive and a criminal approaches you letting you know they have all the information about your psychiatric history and medications, abortions or even venereal diseases. The amount they can extort in these instances can be tremendous and these often go unreported.
“When healthcare records are stolen the thieves will often gain $10’s of thousands of dollars of drugs and services from those records and the average victim will spend nearly 200 hours repairing the situation. It’s hard to know precisely what was stolen in this event but if the Healthcare records are detailed this may be one of the more costly breaches in the last 5 years.”
The scary thing about this data breach is that the effects could be felt for years as there’s no telling what the threat actors might do with the data that they obtained. That’s going to keep a lot of people awake at night.
Posted in Commentary with tags Apple on February 13, 2023 by itnerd
I like Apple products. But a very negative experience that has been ongoing since November of last year has seriously made me reconsider being part of the ecosystem. Let’s start from the beginning.
Back in November of last year, I had an issue with the keyboard on my MacBook Pro. Specifically the “C” key would not work. No problem I figured. I took a visit to my local Apple Store after making a Genius Bar appointment. The Genius was able to diagnose it instantly and tried to repair it by replacing the specific key. That didn’t work so he ordered a new top case which includes a keyboard, battery, and trackpad and sent me home with my MacBook Pro. It came in a few days later and I took my MacBook Pro and it was promised to me five days later.
That’s where my problems began.
Five days came and went and I heard nothing from Apple. I called in and got the run around. And only when I forced the issue did I get an answer. They replaced the top case and discovered that the ambient light sensor was faulty. I was then told that they would put a “rush” on my repair by trying a new screen to see if it would fix my issue. Another day went by and nothing. That’s when I phoned the Apple Store again and pressed the issue again. I got a senior repair tech who said that he would order a new logic board (aka, the main system board) as the screen didn’t fix the issue. He assured me that he would put a new “rush” on getting the logic board into the store and into my computer. Three days after that I got a call saying that my MacBook Pro was ready.
Let me stop here for a second before I go on. I get it that stuff happens when you’re in the business of repairing stuff. But to force the customer to call in to get information on their status of their repair rather than being proactive really leaves a bad taste in the customer’s mouth. And frankly, a company like Apple should know better.
Back to the story.
I got the MacBook home, did a Time Machine restore and I thought all was fine. Except that it wasn’t. When I tried to set up Apple Pay, I got this error message:
Now one thing that I should point out is that the Apple Store asked me to remove my MacBook Pro from my Apple ID account so that the could facilitate the repair. I am guessing that this had something to do with this issue for reasons that I will get to in a moment. As part of my troubleshooting, I noted that the MacBook Pro still had the credit cards that I was trying to add associated with it. I tried to delete them from the computer, as well as from iCloud with no success as they came back within seconds. This ties into my theory about something about my Apple ID being messed up. While I figured that this was Apple’s issue, to be safe I contacted both banks associated with the credit cards in question. After 45+ minutes with each bank, they determined that there should be no reason why I shouldn’t be able to add these cards, and this was clearly Apple’s issue. And to be extra safe, I did a clean install of the operating system as that is what Apple usually falls back on when someone has an issue with a Mac. No change to the behaviour. That’s when I called Apple. And that’s really where the nightmare began. Apple opened a case, then after going through circle of troubleshooting, failing to resolve the issue, pass me along to someone else four times, claimed that the cards would disappear on their own in five days and they would follow up with me to confirm that happened.
Except they never contacted me.
So when they didn’t follow up with me when they promised to, I phoned in again. then after again going through circle of troubleshooting, failing to resolve the issue, pass me along to someone else four more times, they said that they would escalate the issue and I would hear from them in a couple of days.
I never heard from them and attempts to follow up failed. Then I discovered that the case had been closed. At this point I figured that I wasted enough time on this. So I forgot about it as clearly Apple didn’t care enough to solve this issue.That changed today with macOS Ventura 13.2.1 hit the streets. I updated and happened to check my Apple ID and found that the cards had been deleted. Now I don’t know if this Ventura update or just time was the reason why the cards were no longer present. But I decided to try and add a card. Sure enough, it failed with the same error message. So I called Apple and quoted the original case number. And then went through five people. Yes five people. All of which were playing the game of “blame the victim” by saying things like it was my network, I should not have done a Time Machine restore, go talk to my bank as it’s their fault, etc. When I kept calling them on it, the fifth guy I spoke to blamed the fact that I had installed beta software. Which was a bold faced lie as I was running a production version of macOS Ventura 13.2.1. I even offered to show him via Apple’s screen sharing feature. But he stuck to his story. Either he was misinformed, or he was just trying to get me off the phone. Either way this really left a bad taste in my mouth. And since we were engaging in a circular argument, I just ended the call.
So, I’m resigned to the fact that Apple Pay isn’t going to work on my MacBook Pro. And I’ve discovered on Reddit at least one other person who has the same issue:
So seeing as I am not the only person that has this issue, Apple clearly has an issue that they don’t want to own. And as a result, their customers are on the short end of the stick. That’s really doesn’t reflect well on Apple. And as a result several things have happened or are going to happen:
When customer ask me if they should get a Mac, I will simply say that their hardware is fine. But their after service support leaves a lot to be desired. And the latter is more important than the former.
I was just about to pull the trigger to get an M2 Pro Mac mini for the purposes of running my Zwift setup. But that’s not going to happen as I am not going to give Apple any more of my money as I feel that the after sales support is simply not there. Instead, I will be investigating a small form factor PC build.
So, am I going to dump my Apple hardware? No. At least not yet. But as my hardware and accessories from Apple fall out of AppleCare, and I need to look for replacements, PC’s are on the table for the first time in over a decade. The fact is that I have been around long enough to remember when Apple’s after sales support was top notch. But those days are clearly over based on this experience. Which means that I will have to make my future purchasing decisions based on the fact that Apple is no longer the company that it once was. Now I am free to be proven wrong. But I don’t think I am as even if Apple reads this, I seriously doubt that I will get a response from them as they are not the sort of company to ever apologize for screwing up. Which means that they will have one less loyal customer as a result.
Posted in Commentary with tags Twitter on February 13, 2023 by itnerd
I am sure that Elon Musk is wishing that he never bought Twitter as the site went down for the second time in a week as noted by Down Detector. And it couldn’t have come at a worse time for him as this latest outage happened during the Super Bowl:
Nearly 1,000 users reported on Downdetector that they were having problems with Twitter, peaking as the Super Bowl halftime show started around 8:30 p.m. ET. Reports returned to normal about half an hour later, as the third quarter began.
Some Twitter users were faced with the error message “Tweets aren’t loading right now,” according to The Wall Street Journal, which first reported on the outage.
“Did Rihanna’s perfect performance overwhelm Twitter?” tweeted Brian Stelter, formerly a media reporter at CNN and the New York Times. “All I’m seeing are ‘tweets are not loading now’ error messages,” he added.
And this latest outage comes as Elon directed his staff to maximize stability, even though the way he’s doing it creates other problems. It also illustrates what a dumpster fire Twitter has become under Elon Musk. I’m honestly expecting more outages like this in the days and weeks ahead as Twitter is clearly not in a good place.
A video on YouTube about Microsoft Windows 11 sending telemetry data to not only Microsoft, which to be frank isn’t a surprise, but to third parties, which to frank is a big surprise, got my attention. Here’s the video in question:
If you don’t want to watch the video, here’s the TL:DR from Tom’s Hardware:
To analyze DNS traffic generated by a freshly installed copy of Windows 11 on a brand-new notebook, the PC Security Channel used the Wireshark network protocol analyzer that reveals precisely what is happening on a network. The results were astounding enough for the YouTube channel to call Microsoft’s Windows 11 “spyware.”
As it turned out, an all-new Windows 11 PC that was never used to browse the Internet contacted not only Windows Update, MSN and Bing servers, but also Steam, McAfee, geo.prod.do, and Comscore ScorecardResearch.com. Apparently, the latest operating system from Microsoft collected and sent telemetry data to various market research companies, advertising services, and the like.
Now that really sounds at best sketchy. And not what you would expect from Microsoft. Except here’s what Microsoft said when they were contacted by Tom’s Hardware:
“As with any modern operating system, users can expect to see data flowing to help them remain secure, up to date, and keep the system working as anticipated,” a Microsoft spokesperson told Tom’s Hardware. “We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy.”
Except that is not what the YouTube video shows. Microsoft has an answer for that too:
“By accepting this agreement and using the software you agree that Microsoft may collect, use, and disclose the information as described in the Microsoft Privacy Statement (aka.ms/privacy), and as may be described in the user interface associated with the software features,” the terms of service read. It also points out that some data-sharing settings can be turned off.
That kind of sounds like Microsoft is saying that you accepted the terms of service so you gave us permission to do this. But that would be the cynic in me talking.
Both of the quotes tell me that Microsoft’s spokesperson either does either not understand the subject matter or is just giving a standard, generic answer to this kind of question. Probably both. I say that because keeping the operating system up to date does not require contacting third parties. Ever. And on the subject of transparency, that would be better served if Microsoft would publish what exactly they transfer and to whom in detail.
So how about it Microsoft, will you do that? Of course not. You’re too busy collecting cash from the third parties that you hand over user data to. That’s not cool Microsoft.
So why is Elon doing this. My guess is that it has to do with this CNN report which states that about half of Twitter’s top 1,000 advertisers in September were no longer spending on the platform in the first weeks of this year:
Some 625 of the top 1,000 Twitter advertisers, including major brands such as Coca-Cola, Unilever, Jeep, Wells Fargo and Merck, had pulled their ad dollars as of January, according to estimates from Pathmatics, based on data running through January 25.
Wells Fargo said it “paused our paid advertising on Twitter” but continues to use it as a social channel to engage with customers. The other brands did not immediately respond to a request for comment.
As a result of the pullback, monthly revenue from Twitter’s top 1,000 advertisers plummeted by more than 60% from October through January 25, from around $127 million to just over $48 million, according to the data.
That has to alarm Elon and it’s clearly making him do some very unconventional things to get engagement up. Because if engagement goes up, he then has something to sell to advertisers. And it ensures that he has cash rolling into Twitter’s bank account. Which based on the CNN report isn’t happening at present. Thus I have a sneaking suspicion that you’re going to see more of this sort of behaviour from Elon as he gets more desperate.
Yesterday, the CISA released a waring that North Korean government-backed hackers have conducted ransomware attacks on health care providers and other key sectors in the US and South Korea. Then they used the proceeds to fund further cyberattacks:
This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.
The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments— specific targets include Department of Defense Information Networks and Defense Industrial Base member networks. The IOCs in this product should be useful to sectors previously targeted by DPRK cyber operations (e.g., U.S. government, Department of Defense, and Defense Industrial Base). The authoring agencies highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks.
Sanjay Raja, VP, Product Marketing and Solutions at Gurucul had this comment:
“Healthcare institutions have already been a target for threat actor groups as they know they have constrained resources and budgets and maintain a wealth of personal and financial information on patients, and disruption can be catastrophic. North Korea’s use of common attacks indicates that these hospitals have neither managed to patch vulnerabilities nor have implemented monitoring solutions with a strong set of threat models to detect these common attacks. North Korean threat actor groups may have also developed variants that can evade solutions, like traditional SIEMs or XDR, that fail to implement trained machine learning in their analytical models that can adapt to new and unknown attack variants.
“Constrained security teams need solutions that focus on leveraging a unified set of advanced analytics, including those that can provide an early warning to known variants of attacks through behavioral analytics, such as UEBA. Identity analytics is also critical for security teams to leverage as stolen credentials is a common method of compromising healthcare systems. These two capabilities along with more traditional endpoint, network and cloud threat detection can help these hospitals with accelerating detection and eliminating manual tasks that burden security teams and waste time.”
Lovely. This is just the latest warning about North Korea and their hacking activities. Which means that given how prolific they are at hacking all the things, you should be paying attention to this and make adjustments to protect yourself.
UPDATE: Matt Marsden, VP, Technical Account Management at Tanium added this comment:
It is not surprising to see North Korean state actors using techniques generally attributed to cybercrime and ransomware gangs. We’ve seen that North Korea will seek to use whatever methods possible to fund weapons and cyber programs. This activity demonstrates the significance of shifting the focus of cybersecurity from traditional compliance to active defense.
A threat-informed approach to defense requires agility, comprehensive visibility, and control to properly assess the effectiveness of controls against attacks. In contrast, compliance programs seek to measure the implementation of static controls against an established baseline, which values consistency and static configuration. Attackers are creative and seek to exploit misconfigurations to identify gaps in a secure host baseline. They have the advantage of time and scale; and only need to be right once. On the flipside, defenders must be right every time and suffer the disadvantage of trying to predict their adversaries’ next move.
Cyber defenders need comprehensive awareness, and absolute control of what is happening in their environments; blind spots are unacceptable. Employing an active defense approach is critical, including protecting against known threats, scanning for indicators of compromise, performing real-time hunt activities, and preparing a response.
It is no longer a question of “will there be an attack” but “when will I be attacked?” With this sobering thought in mind, it is imperative to quickly identify the compromise, scope the incident, implement changes to stop the attacker and prevent lateral movement, and finally, quickly remediate at scale.
Posted in Commentary with tags Twitter on February 10, 2023 by itnerd
It seems that Elon Musk has a new problem on his hands. One of the things that Elon added to Twitter were view counts on Tweets to see how much engagement your Tweets are getting. Except that whatever you’re seeing might not be accurate. At least not based on an experiment by Washington Post reporter Taylor Lorenz who I became aware of because she was one of many reporters who were banned by Elon from Twitter and then reinstated after the outcry became too much for him to deal with.
So let’s think about this. If you have a locked and private account, how can 59 people view your Tweets when logic suggests that the view count should be ZERO? Clearly there is something broken here. Perhaps this is somehow related to the reason that Elon locked his Twitter account a week or two ago. Or the cynic in me says that Twitter is straight up lying about view counts. Either way, I would love to see how Elon and company explains this away. Because when advertisers see this, they’ll be wondering if they can trust any analytics that Twitter provides, which in turn will make them question if they should be spending their advertising money elsewhere.
Posted in Commentary with tags Telus on February 10, 2023 by itnerd
As Canadians face mounting economic uncertainty, devastating humanitarian crises and social injustices plaguing communities at home and abroad, TELUS continues to deliver on its commitment of being the Most Giving Company in the world, generously devoting $125 million and 1.44 million volunteer hours last year alone. While leading North American companies invest 1 per cent of pre-tax profits in society, for the third consecutive year, TELUS has invested 5 per cent of its pre-tax profits back in the community. Since 2000, the TELUS family has led with purpose, gifting $1.5 billion in cash, in-kind contributions, time and programs, including 2 million days of global volunteerism.
As urgently highlighted in the most recent Giving Report, issued by Canada Helps, the last 15 years has seen a steady decline in charitable donations by Canadians and this is expected to decline even further as lasting effects of the pandemic, economic uncertainty, geopolitical tensions and inflation continue. Last year’s Giving Report highlighted how one in four Canadians (25 per cent) expect to give less in 2022 than they did in 2021, while in contrast, one in four Canadians (26 per cent) expect to use or are already using charitable services in 2022 for basic necessities.
While purpose-driven initiatives are often first to see corporate cuts or underfunding during recessionary times, TELUS’ focus on putting ESG and social responsibility at the centre of its business strategy ensures that it can continue to deliver critical and sustainable support for our team, communities and Canadians who need our help now more than ever.
Over the last three years, TELUS’ giving has steadily increased:
TELUS Friendly Future Foundation directly impacted the lives of more than 1 million youth in 2022 by granting $10.6 million to 548 charitable organizations.
TELUS gave over $30 million in 2022 to establish a new innovative bursary fund to support economically-disadvantaged Canadian youth to get access to a post-secondary education, even if they can’t afford it.
TELUS enabled $6.6 million in community giving in 2022 for humanitarian and emergency relief around the world, directly helping those impacted by the conflict in Ukraine, Hurricane Fiona and Hurricane Ian, the flooding in Pakistan, and the unrest in Iran.
Delivering on TELUS’ $10 million commitment to support Indigenous Reconciliation, TELUS has granted donations to 15 community programs supporting food security, cultural revitalization and the health and well-being of Indigenous Peoples across Canada.
Launching our first-ever summer camp for Canadian youth focused on inclusivity, well-being, and customized nature experiences.
TELUS has expanded low cost internet, mobility, health and technology programs to support 342,000 marginalized individuals to date, including expanding Internet for Good to thousands of low-income seniors in BC, Alberta, and Quebec; expanding the reach of our Mobility for Good program for government assisted refugees and Mobility for Good for Indigenous Women at risk to Ontario.
To learn more about how TELUS is helping create a friendlier future for all, visit telus.com/purpose.
Twitter Is Now Shoving Elon Musk’s Tweets In Your Face
Posted in Commentary with tags Twitter on February 14, 2023 by itnerdRemember last week when Elon Musk lost his mind because his engagement on Twitter was down, and as a result fired someone over it? Well I guess that his engagement on Twitter really matters to him as Twitter users are reporting seeing way more of Elon than they are used to:
Several of us here at The Verge are seeing more Musk replies than usual, and I personally counted five at the very top of my feed, with many more sprinkled in between tweets from other users. The same is true for some accounts that don’t even follow Elon Musk.
And:
Over the weekend, Musk said Twitter rolled out some sort of change to fix this “visibility” issue, with the billionaire CEO stating that 95 percent of his tweets weren’t “getting delivered.” I’m not sure if this is at all related to this Elon-filled feed, but I’m hoping Twitter fixes this issue soon — unless the new mandate is to get the boss more views by any means necessary.
I don’t see a fix coming for this soon as this is how Twitter is going to be under Elon. It’s basically become his own echo chamber where only the gratification of his ego matters. If you needed another reason to flee Twitter, this is a great one because his head is becoming so big, the rest of us won’t fit onto Twitter because of that.
1 Comment »