Posted in Commentary with tags Spotify on February 1, 2022 by itnerd
This just keeps getting worse for Spotify. News is breaking that two more artists have decided to pull their music from Spotify. The first is India Arie who announced this on Instagram:
That’s a pretty damming commentary on Spotify that I wonder if or how the company will respond to. The second is Graham Nash. That’s not a surprise as he was a member of Crosby, Stills, Nash & Young with the Young being Neil Young. The guy who started this exodus from Spotify. And like India Arie, he took to Instagram to tell the world.
This is not getting better for Spotify which underlines the fact that Spotify has a serious problem on its hands. And at some point if this mass exodus gets big enough, or people “pause” posting content on the platform, Spotify will have to make a really hard choice which they clearly don’t want to make.
Posted in Commentary with tags Spotify on February 1, 2022 by itnerd
If you’re mad about the way that Spotify is dealing with the Joe Rogan fiasco and want to cancel the plan that you pay for which is known as their premium plan, Spotify doesn’t make it easy for you. So after a few of my clients emailed me for help, I figured that I would put together this quick primer on how to do that. You’ll need a web browser to do this:
Select Change plan. Scroll down the entire page of available plans and select Cancel Premium. Spotify will ask if you’re sure. Select Yes, cancel.
That’s pretty much it. But before you cancel you have to ask yourself if you want to move your playlists to another streaming service. If you do want to take your playlists with you to say Apple Music or Tidal, you should check out this primer that details some options on how to do that. Then you can cancel your Spotify account.
Mandiant Threat Reporting research has recently disclosed 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information. In 2021, Mandiant Threat Intelligence observed ransomware operators extorting thousands of victims by disclosing terabytes of stolen info on shaming sites. This trend, called “Multifaceted Extortion” impacted over 1,300 organizations from critical infrastructure and industrial production sectors in just one year:
Based on our analysis, one out of every seven leaks from industrial organizations posted in ransomware extortion sites is likely to expose sensitive OT documentation. Access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber physical attacks. On top of this, other data also included in the leaks about employees, processes, projects, etc. can provide an actor with a very accurate picture of the target’s culture, plans, and operations.
That in effect implies that the attack surface that an enterprise would have to protect is huge. And I’m not the only one who thinks so. Sam Jones, VP of Product Management, Stellar Cyber:
“The reality of today’s enterprises is that data is everywhere. It is on the computer, it is in SaaS apps, it is in homegrown apps, and it is likely now on employee personal computing assets. Unless a holistic data protection plan is in place, and an enterprise is detecting across all forms of the attack surface, this will likely be a worsening problem for most enterprises.”
I’d encourage enterprises of all sizes to read this report. Then they should consider how best to defend themselves. Be it using software, hardware, policies, or whatever is needed to get the job done.
UPDATE: Sanjay Raja, VP of Products and Solutions for Gurucul added this comment:
“The Mandiant report highlights how ransomware isn’t a ‘one-and-done’ attack campaign. While ransomware is seemingly focused on getting paid to unlock your sensitive data, threat actors often return multiple times once they are successful at an attack, knowing the victim has paid once. We also knew they often replicate the data for themselves for sale even as they lock organizations out of their own data. However, this additional extortion through threats of posting the already stolen data is another example of how threat actors find ways to extract more out of their victims. It feels like a never-ending cycle for targeted organizations. This reinforces the need to evaluate newer and more advanced technologies beyond current XDR and SIEM platforms as part of ongoing threat detection and response initiatives within security operations to prevent a successful detonation of ransomware. Prioritizing solutions that automate detection, prioritize seemingly random indicators of compromise for further investigation and even automating responses with a high-level of confidence and low impact are critical in deciding where to invest.”
UPDATE #2: Saumitra Das, CTO and Cofounder, Blue Hexagonadded this commentary:
“The IT/OT barrier is more a logical separation than an actual one. Attacks typically start on the IT side and propagate into OT because of improper network segmentation and privilege limitations. In light of this report, focusing on the IT/OT boundary and protecting access to the OT networks is critical because defending against a threat once inside the OT network is much harder. Attackers can not only use IT network compromise to laterally move to OT but can now obtain detailed information and diagrams so they can plan their attack into the OT side.”
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.
Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point.
And:
Bleeping Computer received the following comment from the company regarding the current situation:
On Saturday, January 29th 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group discovered we have been the victim of a cyber incident affecting our IT systems. Upon learning of the incident, we immediately took steps to enhance the security of our systems and processes and launched an investigation into the matter. We are working to solve this issue according to our contingency plans, as well as to understand the full scope of the incident. We are undertaking a thorough investigation, together with external specialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.
Oiltanking Deutschland GmbH & Co. KG, an operating unit within the Mabanaft Group, operates all terminals in Germany and is not part of the Oiltanking GmbH Group.
Oiltanking GmbH Group continues to operate all terminals in all global markets. Oiltanking Deutschland GmbH & Co. KG terminals are operating with limited capacity and have declared force majeure. Mabanaft Deutschland GmbH & Co. KG has also declared force majeure for the majority of its inland supply activities in Germany. All parties continue to work to restore operations to normal in all our terminals as soon as possible.
“While there is a lot of discussion around ICS/OT security, the reality is that most operations are disrupted by compromises and attacks that begin within IT. While the devices and systems themselves may run on hardened or proprietary operating systems and architectures, the management of these devices often do not, leaving them susceptible to a malware or ransomware attack. This shows how critical it is to invest in more advanced threat detection and response solutions that can enable automation with higher confidence and lower impact to help security teams prevent disruption and the detonation of ransomware.”
Hopefully this attack is remediated quickly as we’ve seen with other cyberattacks on oil and gas facilities like the Colonial Pipelines attack, they can be devastating and cause all sorts of disruptions.
UPDATE: Saumitra Das, CTO and Cofounder, Blue Hexagonadded this commentary:
“The use of cyberattacks for achieving nation-state or criminal gang aims continues to increase. This is reminiscent of the Colonial Pipeline attack where cyberattacks on critical infrastructure companies, even if on the IT side, can lead to issues in critical infrastructure. Attackers do not always have to infiltrate OT systems, bringing down the IT side of the house can cause enough disruption to achieve their end goals – whether that is a ransom payment or a geopolitical.”
In all the Spotify related news, I forgot to do a post on the CRTC taking out Canadian HeadQuarters. This was a Dark Web marketplace and the four people behind it have been slapped with fines:
Before shutting down, CanadianHQ was one of the largest Dark Web marketplaces in the world and significantly contributed to harmful cyber activity in Canada. It specialized in the sale of goods and services, including spamming services, phishing kits, stolen credentials and access to compromised computers, which were used by purchasers to engage in a variety of malicious activities.
The CRTC’s investigation focused on four individuals who allegedly sent emails mimicking well-known brands in order to obtain personal data including credit card numbers, banking credentials and other sensitive information. The following individuals have been issued penalties for sending commercial electronic messages without consent in violation of Canada’s anti-spam legislation (CASL):
Chris Tyrone Dracos (a.k.a. Poseidon) – $150,000
Marc Anthony Younes (a.k.a CASHOUT00 and Masteratm) – $50,000
Souial Amarak (a.k.a Wealtyman and Supreme) – $50,000
Moustapha Sabir (a.k.a La3sa) – $50,000
As the creator and administrator of the marketplace, a higher penalty is being issued to Mr. Dracos for allegedly aiding in the commission of numerous violations of CASL by the platform’s vendors and customers.
As part of this investigation, a number of other vendors have been identified and enforcement actions will be taken against them in the near future.
“Like Silk Road and more recently the White House marketplace takedown, it’s probable that another Canadian-specific marketplace for illicit goods will likely re-appear,” Ryan Westman, manager of threat intelligence team at eSentire, said in an interview.
“Individuals who are harvesting personally identifiable information to sell for the purposes of fraud will have to find a new marketplaces to do business … As long as there’s demand there’s going to be individuals who are interested in fulfilling it.”
To get another perspective, I reached out to Darktrace’s David Masson and here’s what he said:
Despite occasional news items about the arrests and, even rarer, the convictions of cyber-attackers, most people would be forgiven for thinking that bad actors almost always get away with it. It can be challenging to find those responsible and hold them accountable, thanks to the anonymity of the internet and a host of sophisticated applications designed to cloak offenders’ identities.
In terms of getting an arrest and a subsequent legal trial, knowing “who done it” is not the same as being able to prove it in a Court of Law. It is also difficult to prove what was done. While it may be clear that attackers stole money or identities, how it happened and who is to blame can be more challenging to prove with evidence. Nevertheless, legal mitigations can still occur with more creativity and bigger thinking.
With the above in mind, we should congratulate the Canadian Radio-Television and Telecommunications Commission (CRTC) for recently issuing penalties to four individualsin Canada for their involvement in the Dark Web marketplace Canadian HeadQuarters (also known as CanadianHQ). According to a CRTC statement, “The CRTC’s investigation focused on four individuals who allegedly sent emails mimicking well-known brands to obtain personal data including credit card numbers, banking credentials and other sensitive information.”
In actuality, the CRTC issued the penalties “for sending commercial electronic messages without consent in violation of Canada’s anti-spam legislation (CASL).” We should remember, it was an inability to pay his taxes that took down Al Capone, not his other much more malicious activities. Still a result nonetheless, but both secured via more nuanced means.
It will be interesting to see how long it takes for this operation to reappear on the Dark Web. Because in my view, fines are great. But jail time would have been better. But given how hard these crimes are to prosecute, I’ll take anything that I can get in terms of punishing those behind these operations.
In the last couple of months I am discovering that app controlled devices are everywhere. But an app controlled water bottle that claims to help you to ensure that you’re drinking the proper amount of water that your body requires is a new one for me. However that’s what I am reviewing today. Meet the HydrateSpark PRO smart water bottle. Here’s what you get in the box:
You get the bottle (which comes in 17, 21, and 24 ounce sizes. I got the 21 ounce version) a box with the charging cable and instructions, and a piece of paper that declares HydrateSpark’s love for happy customers. The bottle is made of stainless steel vacuum insulated material, keeping drinks cold up to 24 hours (hot drinks are not advised by the company) and lightweight but shatter and odour resistant plastic. You also get the choice between a lid with a straw and a lid that allow you to chug your water. I got the latter. It feels solid and well constructed.
Let’s take a look at the charging cable:
It’s a USB-A cable that is unique to this set up. Or put another way, if you lose or break it, you’re going back to HydrateSpark to get a new one. It attaches magnetically to the bottom of the water bottle which HydrateSpark calls the sensor puck once you unscrew the bottom from the rest of the water bottle:
And it glows slowly when it is charging as seen in this video:
Once it is fully charged, it will have a solid green light. That took me about three hours to get it fully charged and it lasts 10 to 14 days between charges. Once it’s charged, that’s where we get down to business. My wife volunteered to the the guinea pig for this review as she isn’t good at keeping herself hydrated. For example, she used our Withings Scale which among other things, measures hydration levels, to get a sense of how much water was in her body on the morning that we started doing this review. The number was 44%. Which is below the 50% that Withings says is “normal” for most humans. Thus underscoring why she was the perfect test subject for this review. The company cites a number of clinical studies to show why consuming water on a regular basis has positive health benefits. And she recognizes that she needs to better on that front.
Thus I installed the HydrateSpark app on her iPhone 13 (also available on Android) and then went through the process to pair it via Bluetooth, and calibrate it by putting it on a flat surface while empty, and then filling it up and putting it on a flat surface as that is how it figures out how much water you drank. My wife tried to use it as intended by drinking some water. Except that it didn’t work. As in nothing was automatically recorded. So after looking through the online help we decided to unpair it and go through the pairing and calibration process again. This time it did work as intended. As in every time you took a drink from the bottle, it records how much you drank every time you place it on a flat surface. More on the accuracy of that in a bit. I should also note that there’s an Apple Watch app that helps you to keep track of this information as well. Should you lose the bottle, the app can also tell you where the last location was that it connected via Bluetooth. There’s also a gamification aspect as it will give you awards for things like using the app three days in a row for example. Here’s an example:
You can see what trophies that my wife got. And anything that is locked is the next target for you to achieve. One thing that caught my attention is that you can see how many plastic bottles that you’ve saved. Which shows the environmental impact that you’re having. You can also compete with friends who also use the app. Overall, my wife found the gamification aspect to be very engaging as it helps her to ensure that her water consumption is on point.
As part of the setup process, it takes into account your sex, weight, age, and activity levels to come up with a goal in terms of how much water that you should be drinking. In my wife’s case that’s 3.5 bottles a day for the first day she used it. Which is a lot. Now to save you some effort, the app can pull the data it needs from Apple Health if you have it entered there, and it can record how much you are drinking in Apple Health. Which is great for Apple Health users like my wife and I. It also supports this list of apps as well. And if you start to slack off in terms of drinking water, the app can prompt you to do so. And the prompts are kind of funny and humorous at times. But they are also supportive as well as they are designed to get you to drink water as often as possible. All of those reminders can be customized from this page:
Plus as an extra party trick, the bottom of the bottle can glow in a multitude of colors that you can customize when you need to take a sip.
In terms of accuracy, we performed testing over several days and the HydrateSpark PRO is pretty accurate in terms of measuring how much you drink as long as you calibrate it daily. Failure to do so results is completely inaccurate measurements of how much water you are drinking. And the fact that you have to calibrate it daily may turn off some users as it can become a bit of a chore. Especially since the wizard makes you pick the size of bottle and walk through the process of calibration as if it is a new bottle. That’s a bit of a pain that HydrateSpark should be able to fix seeing as when you set up the bottle, they know what size you have. Thus they could streamline this process. Though on the flip side I will note that you can manually add water consumption to the app if it is inaccurate or you had a drink from something other than this bottle.
If I did have a gripe, it would be about one aspect of the app. At a macro level knowing what your daily target happens be is simple based on this screenshot:
In this screen shot above the goal looks simple. My wife has drank her way to 31% of her goal and she has 2.5 bottles to go. But see the dot on the 9 o’clock position of the circle? If you click on it give you another goal. Here’s a close up look at that.
And it also moves around the circle on its own and it allows you to set your own target. But why is does this exist in addition to the other target? My wife and I could not figure that out. For the record, there is this FAQ that does sort of explain how the daily target is calculated. But it didn’t help us to explain what this is. And I think it needs to be crystal clear if people are going to properly leverage this tech to help people stay hydrated.
So, does this work? Well, after the first three days of using it, the amount of water in my wife’s body went up from 44% to 46%. Still not the 50% that it should be, but it’s headed in the right direction. And she’s hitting her daily water consumption goals based on this screenshot:
The confetti that appears when you hit your target for the day is a nice touch.
Let’s get down to the price. The HydrateSpark PRO retails for $69.99 USD with free shipping. It’s not exactly cheap. But as far as my wife is concerned, the health benefits outweigh the cost of this smart water bottle. And though you have to expend some effort in terms of remembering to calibrate it every day, she considers this a win. And seeing as she has a health sciences background, I’ll buy into that as I just fix computers for a living and health is her area of expertise. So my advice would be that if you want to move the needle in terms of your health, the HydrateSpark PRO is worth a look.
Posted in Commentary with tags Telstra on February 1, 2022 by itnerd
Telstra and the National Hockey League (NHL) have signed a five-year agreement to distribute up to 1,400 games per year to viewers around the world using Telstra’s Global Media Network (GMN). The deal will see Telstra deliver NHL games to rights-holders in Europe, the Middle East and Africa, with plans to expand to other markets worldwide.
Telstra’s GMN is a purpose-built video contribution and distribution network supporting permanent and occasional use services for point-to-point and point-to-multipoint on a consumptive-based business model across traditional broadcast, IP video standards and cloud connectivity.
Telstra will support the delivery of the NHL content through its Broadcast Operations Centers in Pittsburgh, Sydney and London. These centers provide 24/7 monitoring of Telstra’s Global Media Network, ensuring continuous stable and reliable connectivity to provide fans with the highest-quality viewing experience.
Telstra is a leading telecommunications and technology company with a proudly Australian heritage and a longstanding, growing international business. We have been operating in the Americas for over 25 years and provide data and IP transit, internet connectivity, network application services such as unified communications and cloud, and managed services to over 500 businesses in 160 cities in the region. Our products and services are supported by one of the largest fiber optic submarine cable systems reaching Asia-Pacific and beyond, with licenses in Asia, Europe and the Americas, and access to more than 2,000 points-of-presence around the world. Through our unparalleled network reach and reliability as well as market-leading customer service and expertise, we connect businesses in the Americas to some of the world’s fastest growing economies, including China, Southeast Asia, North Asia, and Australia. For more information, please visit www.telstra.com/americas.
Today Salesforce announced the launch of Safety Cloud, a tool to help businesses better manage their entry protocols and health testing to create safer in-person experiences at events and in the workplace.
With Ontario emerging from its fourth lockdown yesterday, it’s clear that Canadian businesses and governments are struggling with effective ways of managing and tracking the health and safety of the public. Though 56% of Canadians supported the latest round of government restrictions, one in four people feel increased loneliness due to lockdowns, longing to ‘just move on with it.’ Going forward, technology will play a critical role in bringing communities together safely.
Key Safety Cloud Features
Management of health and safety protocols: Innovations allow employees and customers to get together safely by automating protocols and easily scaling health status collection
Collect and verify COVID health status: Organizations can now implement and manage health and safety protocols, collect and verify employee and customer health status, and streamline entry into buildings with secure, multi-factor credentials
Automate and streamline entry: Instead of reviewing every proof of vaccination manually, SMART Health Cards enable organizations to automate verification of an individual’s health status
Salesforce has now used different features from Safety Cloud to reopen 84 of its offices globally. It also facilitated more than 21,500 COVID-19 tests and verified more than 8,000 vaccine credentials, helping more than 4,500 attendees get together safely at Dreamforce SF and NYC 2021. Partners Traction on Demand and Accenture are also using the technology.
Posted in Commentary with tags OVH on February 1, 2022 by itnerd
With six new DBaaS solutions available, OVHcloud now offers its customers one of the largest DBaaS portfolios on the market. This acceleration was made possible thanks to a partnership with Aiven, the European software company that combines the best of open-source technologies and cloud infrastructure.
With its six new Database-as-a-Service solutions (MySQL, PostgreSQL, Apache Kafka, Apache Kafka Mirror Maker, RedisTM and OpenSearch) along with 5 other solutions (Apache Cassandra, M3, M3 Aggregator, Grafana and Apache Kafka Connect) all available in spring 2022, OVHcloud is offering its customers the most comprehensive choice of managed databases.
Through its extensive Public Cloud Database portfolio, OVHcloud supports the adoption of a company’s Managed Platform-as-a-Service and facilitates the acceleration of their transformation as part of application modernisation, the implementation of a native cloud strategy, or the extrapolation of data through a complete data pipeline, based on artificial intelligence.
OVHcloud offers open-source databases, allowing its customers to benefit from the latest updates and innovation from user communities. These sustainable solutions, standards and supported by the open-source community guarantee portability and reversibility, to avoid any vendor lock-in.
DBaaS solutions benefit from the advantages fundamental to the OVHcloud range: an accessible solution, an unparalleled price/performance ratio, predictable pricing and data location choices so you are not subject to extraterritorial laws.
With a strong presence in Canada since 2011, OVHcloud is a global player and Europe’s leading cloud provider operating over 400,000 servers within 33 data centres across four continents. For 22 years, the Group has relied on an integrated model that provides complete control of its value chain: from the design of its servers to the construction and management of its data centres, including the orchestration of its fiber-optic network. This unique approach allows it to independently cover all the uses of its 1.6 million customers in more than 140 countries. OVHcloud now offers latest generation solutions combining performance, price predictability and total sovereignty over their data to support their growth in complete freedom.
Headquartered in Helsinki and with hubs in Berlin, Boston, Paris, Toronto, Sydney and Singapore, Aiven provides managed open source data technologies, like PostgreSQL, Kafka and OpenSearch, on all major clouds. Through Aiven, developers can do what they do best: create applications. Meanwhile, Aiven does what they do best: manage cloud data infrastructure. Aiven enables customers to drive business results from open source that trigger true transformations far beyond their own backyard. Most recently, Aiven achieved a $2B unicorn valuation and has now raised $210M total funding backed by its investors Atomico, Earlybird, First Fellow, IVP, Lifeline Ventures, Salesforce Ventures and World Innovation Lab.
The Media Trust, the preeminent leader in digital security, trust and safety for websites and mobile apps, has been honored by the Trustworthy Accountability Group (TAG) as a “TAG Trust Champion” for its long-standing efforts to communicate and remediate malvertising threats across the digital advertising ecosystem.
Each year, TAG recognizes industry leaders who have made exceptional contributions to eliminating fraudulent traffic, facilitating the sharing of threat intelligence, or promoting brand safety and declares them TAG Trust Champions. This year, The Media Trust is being commended along with other members of the TAG Threat Exchange (TX) for sharing real-time intelligence and partnering to shut down malvertising assaults, resulting in shorter and less impactful attacks across the digital ad supply chain.
As a strong supporter and the only anti-malware vendor in the TAG Threat Exchange, The Media Trust continuously provides other TAG members with detailed information regarding active threats propagating in the digital advertising ecosystem. On a weekly basis, The Media Trust adds context to these threats and counsels industry partners on mitigation steps that can be understood by both technical and management teams.
A longtime proponent of ad industry collaboration, The Media Trust launched its Gold Shield program in 2021 to highlight AdTech platforms with remarkable quality standards and dedication to protecting consumers. Initial participants in the program include Adobe Marketing Cloud, Adelphic by Viant, Index Exchange, and Yahoo.
BREAKING: Two More Artists Pull Their Music From Spotify
Posted in Commentary with tags Spotify on February 1, 2022 by itnerdThis just keeps getting worse for Spotify. News is breaking that two more artists have decided to pull their music from Spotify. The first is India Arie who announced this on Instagram:
That’s a pretty damming commentary on Spotify that I wonder if or how the company will respond to. The second is Graham Nash. That’s not a surprise as he was a member of Crosby, Stills, Nash & Young with the Young being Neil Young. The guy who started this exodus from Spotify. And like India Arie, he took to Instagram to tell the world.
This is on top of Brené Brown deciding to “pause” her podcast which is exclusive to Spotify.
This is not getting better for Spotify which underlines the fact that Spotify has a serious problem on its hands. And at some point if this mass exodus gets big enough, or people “pause” posting content on the platform, Spotify will have to make a really hard choice which they clearly don’t want to make.
This is getting very interesting.
Leave a comment »