Atlas VPN Windows app’s security gets verified in an independent audit

Posted in Commentary with tags on December 5, 2022 by itnerd

Atlas VPN has completed an independent security audit of its Windows application between July and November this year. The security assessment was conducted by global cybersecurity experts from MDSec.

MDSec’s cybersecurity specialists tested the 2.4.4 version of the Atlas VPN Windows app, looking for issues that could leave it susceptible to compromise. The thorough research did not detect any high or critical category threats within the app. The app’s developers have since implemented all the recommendations provided by the auditor, as confirmed in a retest by MDSec.

Windows application audit by MDsec is the second independent assessment of Atlas VPN, as in 2021, Atlas VPN’s iOS app received a positive review in a security audit by VerSprite. The company expects to complete even more independent tests of Atlas VPN service in the future.

Atlas VPN is a freemium VPN provider with a mission to make safe and open internet accessible to everyone. To protect the privacy of its users, the company uses military-grade encryption and protocols and has a no-logs policy. Today, Atlas VPN is trusted by users from more than 170 countries worldwide.

More information: https://atlasvpn.com/blog/independent-audit-verifies-the-security-of-our-windows-app

Leave a comment »

Apple Must Take Complete Responsibility For Issues In Their Supply Chain

Posted in Commentary with tags on December 4, 2022 by itnerd

I am certain that readers of this blog would have seen videos of people in an iPhone plant run by Foxconn in China where people were literally fighting their way out of the plant because of a major COVID outbreak along with a lack of food and medicine. Not to mention a lack of pay. If you missed this, here’s a couple of clips for you to look at

Here’s the thing. Apple needs to take responsibility for this. I say that because I’ve been reading a lot of stories over the last two weeks. And the closest thing to responsibility that Apple has taken in terms of the conditions that caused these people to riot like this is as follows:

We are working closely with our supplier to return to normal production levels while ensuring the health and safety of every worker.

Here’s the problem that I have with this. This isn’t the first time that something like this has happened. There was a riot last year in an iPhone plant run by Wistron where workers rioted because of poor living conditions and accusations of explotation:

Now Apple did slap the hand of Wistron over this. And I am sure that Foxconn will get something similar in terms of punishment over their recent issues. But the thing is that this sort of thing has now happened twice over the last year. And the only reason why this sort of thing happens is that Wistron and Foxconn think that they can exploit workers with little or no punishment from Apple. Which implies that Apple is okay with it unless something gets into news that shouldn’t. In which case Apple has to do something to show that they are large and in charge.

Let’s face facts. Apple and their shareholders want high profit margins on everything it sells. That means that Apple will go to places like India and China to get large amounts of workers to build iDevices at a low cost. And Apple will look the other way in terms of anything bad that might be going on in those places as a result. For a company who tries to claim the moral high ground in terms areas like privacy being a human right, which these days is questionable at best, this is pretty bad. Apple needs to own the fact that they have companies like Foxconn and Wistron working for them who clearly are bad actors, and do something substantive about it to ensure that products with their name on it are built by people who are not being actively exploited. Otherwise, Apple is simply talking the talk, but failing to walk the walk. Thus I hope that people in the US Congress are watching this situation closely and are prepared to hold Apple to account if Apple themselves don’t do the right thing and find ways to build iDevices that doesn’t involve the exploitation of workers by third parties. And when it comes to those who buy iPhones, perhaps every one of us need to take into account the conditions that the people who build your next iPhone work in before you take out your credit card to buy your next iPhone.

Your move Apple.

Leave a comment »

Twitter Alternative Hive Goes Offline After HUGE Data Breach

Posted in Commentary with tags on December 3, 2022 by itnerd

People who weren’t happy about Elon Musk taking over Twitter have run to Hive which saw massive amounts of growth recently. But Hive is now offline after a stunningly huge data breach:

A report published earlier this week alleges that Hive had a massive—and I do mean massive—problem on its hands. According to the German security collective Zerforschung, Hive had grievous software vulnerabilities that exposed pretty much all of its users’ personal data to the internet. A cybercriminal aware of the bugs would have been able to steal Hive users’ kit and caboodle—everything from private messages to registered account information. Researchers claim the bugs were so serious that they refrained from sharing technical details about them—fearing that hackers would exploit them.

According to Zerforschung’s blog:

“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login. Attackers can also overwrite data such as posts owned by other users…”

Zerforschung researchers say they reached out to Hive last Saturday about the security vulnerabilities but that the company failed to fix a majority of the issues in the report. After a couple of days, researchers decided to publish their findings, labeling their blog “Warning: do not use Hive Social.” It was only after the research went live that Hive publicly acknowledged the security issues and subsequently took its service offline.

On Thursday, Hive put out a statement, ironically posting it to the platform’s Twitter account. It reads: “The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience.” In an additional post, Hive optimistically quipped: “Our server is temporarily shut down. You’ll be able to sign up once we’re back online!”

Whatever is going on, it must be pretty bad to take the entire site down. As I type this, it appears that Hive might be slowly coming back online. Though a check of their Twitter account indicates that it isn’t online. But when they do pop up, I hope that they have their security situation sorted out because you can bet that everyone and their dog will be looking for holes because of this incident.

Leave a comment »

Twitter Massively Misses Ad Revenue Targets Further Adding To Elon Musk’s Troubles

Posted in Commentary with tags on December 3, 2022 by itnerd

Elon Musk’s troubles with Twitter are really starting to mount. And that’s being illustrated by this New York Times article that a reader pointed me towards were Twitter is massively missing its ad revenue targets at a time that Twitter should not only be hitting them, but exceeding them:

The World Cup has historically been a boon for Twitter, bringing in record traffic and an influx of advertising dollars.

But this time, when the global soccer tournament started on Nov. 20, Twitter’s U.S. ad revenue was running at 80 percent below internal expectations for that week, three people with knowledge of the figures said.

In tandem, Twitter was rapidly cutting its revenue projections. The company previously forecast that it would generate $1.4 billion in the last three months of the year, down from $1.6 billion a year ago because of the global economic downturn. But as Twitter kept missing its weekly advertising targets, that number slid to $1.3 billion, then to $1.1 billion, two people said.

Elon Musk, Twitter’s new owner, has warned repeatedly that his social media company faces dire financial straits. Interviews with seven former employees and internal documents seen by The New York Times paint a fuller picture of Twitter’s financial woes.

Here’s why this is happening according to the Times:

Many of the company’s troubles can be traced to Mr. Musk’s takeover in late October. Since then, advertisers — which provide 90 percent of Twitter’s revenue — have paused some spending on the platform, citing concerns about how Mr. Musk might change the service. The billionaire, a self-described “free speech absolutist,” has reinstated banned accounts and dropped at least one misinformation policy. Hate speech on Twitter has soared in recent weeks, researchers found.

At the same time, Mr. Musk has alternated between wooing advertisers and blasting them. Last month, he threatened a “thermonuclear name & shame” of brands that halted their spending on Twitter. This week, he briefly picked a fight with Apple, which was on track to spend more than $180 million on Twitter ads this year, three people said.

Elon has really painted himself into a corner here with no clear way to get himself out of the situation that he’s in. His behavior has sent Twitter into free fall. And at some point he’ll have to make a call as to what he will do to salvage the situation. Because the longer that this goes on, the less options that Elon has at his disposal. Which means that it is more likely that Twitter crashes and burns under his watch.

Leave a comment »

Eufy Needs To Be Banned Because They Can’t Be Trusted

Posted in Commentary with tags , on December 3, 2022 by itnerd

This week it came to light that Eufy has been lying about the security of their cameras. That’s not a surprise to me as when I reviewed their cameras last year, they were dealing with similar issue where users could see other people’s cameras without any effort. The issue was corrected quickly. But it wasn’t the first time something like this has happened.

Now in case you didn’t want to read any of that, here’s the TL:DR (too long, didn’t read) on this: Eufy’s cameras aren’t as secure as they have claimed for years. Threat actors with the right information can watch video from your Eufy camera. If that’s not bad enough, Eufy also uploads some data to the cloud that customers were previously unaware of. Now the company has issued an apology and has updated its product language in the Eufy app to better clarify which settings will trigger a cloud upload. Though, in a bizarre twist, Eufy issued a second statement on December 2 that from a PR and customer confidence standpoint sucks:

“eufy Security adamantly disagrees with the accusations levied against the company concerning the security of our products. However, we understand that the recent events may have caused concern for some users. We frequently review and test our security features and encourage feedback from the broader security industry to ensure we address all credible security vulnerabilities. If a credible vulnerability is identified, we take the necessary actions to correct it. In addition, we comply with all appropriate regulatory bodies in the markets where our products are sold. Finally, we encourage users to contact our dedicated customer support team with questions.”

Now where I sit, I can’t say if Eufy is just lazy when it comes to security, or if they are trying to do something nefarious. But seeing as they are a Chinese company, issues like these have to be treated with some degree of extra suspicion. And seeing as this has happened more than once, I think we’re at a point where retailers should not only stop selling their gear, but I would argue that governments should ban this company from being able to sell their gear. Just like Huawei has been banned from many telcom networks.

Eufy keeps saying that that they will do better going forward. But we’re not seeing evidence of that seeing as this keeps happening. At this point I am through giving them chances. And so should governments around the world because there is no way that this sort of behavior by Eufy should be tolerated. A ban will send the message to Eufy and others that they need to talk the talk and walk the walk when it comes to security. Plus if Eufy or others really want to have the confidence of consumers, they need to have their claims validated by a third party. But I suspect that Eufy won’t subject themselves to that level of scrutiny. Thus they need to be banned. And the sooner the better.

Now if you ask me what you should do if you have an Eufy camera? My advice would be to rip them out because your privacy and security is invaluable. That is true for both indoor cameras and outdoor ones too. I would even go as far as to say that you shouldn’t even resell them as you’re just passing along a major problem to someone else which is not fair on that person. My advice is to recycle them at your local electronics recycling facility and take these security and privacy nightmares out of circulation forever.

Finally, if Eufy is reading this, I have to say that you’ve created this mess and it’s way too late for you to say sorry for it. Consumers put a lot of trust in the vendors of this sort of gear and you’ve burned through that trust. And since you can’t fix your issues, hopefully governments around the world will fix it for you by banning you out of existence.

Game over Eufy.

2 Comments »

BlackFog Releses The State of Ransomware For November 2022

Posted in Commentary with tags on December 2, 2022 by itnerd

BlackFog today released the November State of Ransomware Report. Key findings for the month of November from Dr. Darren Williams, CEO and Founder, BlackFog:

  • “Unusually, November saw the second highest number of ransomware attacks this year, a 180% increase year over year with a total of 42 attacks. There seems to be no end in sight, with recent insurance statistics demonstrating a general lack of preparedness. In fact, providers are now mandating more serious levels of protection before underwriting any new cybersecurity policy.
  • The biggest changes this month saw the persistent use of data exfiltration at 89% and a further increase in the use of PowerShell, now utilized in 86% of all attacks.
  • The greatest increases by industry involved Healthcare and Manufacturing with increases of 26% and 25% respectively. Smaller increases were observed in Education and Government, with 14% and 13% respectively, but continue to be the most targeted industries. Typically, these organizations struggle due to financial and skill shortages (please refer to BlackFog’s latest research article @ https://www.blackfog.com/cybersecurity-leaders-consider-quitting/). 
  • LockBit easily took the lead this month in terms of variants with a 33% increase in successful attacks followed by BlackByte and BlackCat with increases of 25% and 14% respectively.”

Today’s full report can be found here: https://privacy.blackfog.com/wp-content/uploads/2022/12/BlackFogRansomwareReport-Nov-2022.pdf

Leave a comment »

Major Web Browsers Drop Sketchy Certificate Authority

Posted in Commentary with tags , on December 2, 2022 by itnerd

Here is something that got my attention. All the major web browsers, meaning Firefox, Chrome, and Edge, have decided to drop a certificate authority that has ties to a US military contractor.

Mozilla’s Firefox and Microsoft’s Edge said they would stop trusting new certificates from TrustCor Systems that vouched for the legitimacy of sites reached by their users, capping weeks of online arguments among their technology experts, outside researchers and TrustCor, which said it had no ongoing ties of concern. Other tech companies are expected to follow suit.

“Certificate Authorities have highly trusted roles in the internet ecosystem and it is unacceptable for a CA to be closely tied, through ownership and operation, to a company engaged in the distribution of malware,” Mozilla’s Kathleen Wilson wrote to a mailing list for browser security experts. “Trustcor’s responses via their Vice President of CA operations further substantiates the factual basis for Mozilla’s concerns.”

The Post reported on Nov. 8 that TrustCor’s Panamanian registration records showed the same slate of officers, agents and partners as a spyware-maker identified this year as an affiliate of Arizona-based Packet Forensics, which has sold communication interception services to U.S. government agencies for more than a decade. One of those contracts listed the “place of performance” as Fort Meade, Md., the home of the National Security Agency and the Pentagon’s Cyber Command.

That would qualify as sketchy as this company makes software that should ring alarm bells. Pratik Selva, Lead Security Engineer at Venafi added this:

When considering security, one of the areas that is still not given due focus by many organizations is Certificate Authorities (CAs). CAs are / should be a key component in any corporate security strategy as they are machine identity enablers. A root CA is the most significant piece in that hierarchy as it holds the potential to impact the security and the trust of the entire certification hierarchy due to any abuse or compromise. This view needs to be factored in when organizations conduct threat modeling or assessments.  

Additionally, there can be also compliance implications if there are weak or non-existent checks and balances in place for ensuring the security of a CA. What is more alarming is that CA compromise has been found to be achieved using living-off-the-land (LOTL) techniques and tools. LOTL attacks are problematic from a detection standpoint and are an incident response (IR) nightmare. As root CAs pose a cascading risk, they have been a favorable target of nation state APT actors aiming to mount a crippling attack.”

My advice would be to make sure your browsers are up to date as that is how the removal of this certificate authority would take place. But this also underscores that you need to be on your toes when it comes to security and privacy.

Leave a comment »

Kayne West Gets Suspended From Twitter Again

Posted in Commentary with tags on December 2, 2022 by itnerd

This guy doesn’t get it.

Apparently Kayne West, or Ye, or whatever this clown calls himself posted a picture of a swastika last night. And that resulted in him getting suspended from Twitter again.

Rapper Kanye West is on yet another a timeout from Twitter after testing the limits of owner Elon Musk’s free speech policy. Twitter issued West, who has legally changed his name to Ye, a 12-hour suspension late Thursday after Ye tweeted a picture of swastika inside a Star of David with the caption “YE24 LOVE EVERYONE #LOVESPEECH”.

West turned to the platform Truth Social to post a picture of a notification informing him of the suspension due to his violation of Twitter’s rules. Musk confirmed on Twitter that West’s suspension was due to “incitement of violence.” It had nothing to do, he added, with the unflattering photos Ye had tweeted of Musk wearing swimwear on a yacht. “Frankly, I found those pics to be helpful motivation to lose weight,” Musk said.

A 12 hour suspension isn’t enough. He’s proven to be anti-semitic by his words and actions. Thus his timeout from Twitter should be forever. But clearly Elon doesn’t see things that way. Perhaps it will take even more advertisers bailing out on the platform to change his mind?

Leave a comment »

Impact-Driven Vancouver Biotech Startup Wins $100k+ Investment

Posted in Commentary with tags on December 2, 2022 by itnerd

As Spring Activator‘s Women-led Impact Investor Challenge, presented by the TELUS Pollinator Fund came to a close Tuesday evening, we are excited to announce Dr. Karolina Valente of Voxcell BioInnovation Inc. was awarded a $100k+ investment from a cohort of both experienced and emerging impact investors.  

VoxCell BioInnovation Inc. is creating fully vascularized, human-like cancer tissue models by combining a custom high-resolution 3D bioprinter, advanced vascularization software, and proprietary bioinks. VoxCell aims to accelerate the development of life-saving anti-cancer drugs by providing tissue models that can identify viable candidates earlier in the drug-development pipeline.

The Impact Investor Challenge was created to help impact-driven businesses receive the capital and knowledge needed to succeed.The Pitch Finale is the pivotal moment in which we collectively make this happen for one impact venture! 

More details can be found here.

Leave a comment »

Elon Musk Begs People To Tweet And Other Oddities Of Life

Posted in Commentary on December 2, 2022 by itnerd

Yesterday, I resolved to go a full day without writing about the train wreck next to a dumpster fire that is Twitter. And I while I did manage to do that, a lot happened while I was off covering other things.

Let’s start with this Forbes article where Elon Musk is trying to get advertisers back onto the platform:

Elon Musk’s tumultuous five-week tenure as Twitter CEO continued to take a strange path Thursday, with the world’s wealthiest man pleading for users to post more on the social media site as the firm reportedly dangled a lucrative offer to advertisers who drive a majority of the company’s revenue but have soured on Musk’s vision for Twitter.

Companies who spend more than $500,000 on Twitter ads will receive a 100% match on their spending in equivalent marketing value up to $1 million, according to an email sent to advertisers viewed by the Wall Street Journal.

It’s “the most aggressive ad spend incentive” ever, according to an internal message from a Twitter executive viewed by Platformer editor Zoe Schiffer, explaining it’s intended to “make it worth it to get any paused advertisers to reactivate.”

It smells of desperation to me. And so does this:

Now why would he post this? I am guessing that he needs people actively Tweeting, and Tweeting a lot to convince advertisers to do ad buys as advertisers won’t go where the are no eyeballs to see their ads. That too sounds like desperation.

Elon really needs to wrap his head around why advertisers are fleeing the platform like passengers fleeing the Titanic. Let’s start with exhibit “a”:

WHEN ELON MUSK wanted to bring Donald Trump’s account back to Twitter, he turned to one of the platform’s most familiar features to legitimize the move—a poll. 

A narrow 51.8 percent of his audience voted to “Reinstate former President Trump,” leading the billionaire CEO to reinstate the infamous account. A week later, Musk once again turned to a Twitter poll to ask his followers whether to jailbreak the hordes of accounts suspended for posting far-right content, Qanon conspiracy theories, and lies about the 2020 election and the Covid-19 pandemic. 

There’s just one problem, multiple former Twitter employees say. The social network’s polls are magnets for bots and other inauthentic accounts. They’re literally designed to be spammed and gamed. 

“One of the first products I worked on was polls. And one of the big discussions was around the tradeoffs between integrity and privacy – keeping logs [or each user’s vote] or not. We landed on the side of privacy,” Yoel Roth, Twitter’s former Head of Trust and Safety who resigned this month, told Rolling Stone. 

“Polls are more prone to manipulation than almost anything else [on Twitter]. It’s interesting, given his [Elon’s] use of polls,” he added. Several other ex-Twitter employees gave similar assessments.

So for a guy who raged against bots, he relies on something that is full of bots to make his decisions. That’s more than a bit “sus” to say the least.

This circus is clearly getting bigger every day.

Leave a comment »

« Older Entries
Newer Entries »