The IT Nerd

To the surprise of nobody on planet Earth, Intel is facing multiple class-action lawsuits over the Meltdown and Spectre vulnerabilities. The Guardian is reporting that three separate suits have been filed by plaintiffs in California, Oregon and Indiana. The plaintiffs are seeking compensation because of the security vulnerability as well as Intel’s failure to disclose it in a timely fashion. On top of that, they want compensation for whatever slowdown to their PCs that will be caused by the fixes needed to address the security concerns.

I’m predicting that this is only going to get worse for Intel. There will be more lawsuits filed, and some of those will come from cloud providers like Amazon, Google and Microsoft who care about how the speed and security issues related to this impact their businesses.

Get the popcorn ready, because Intel has a full blown disaster on its hands.

Linus Torvalds who is the man behind the LINUX operating system, which means he has some “street cred” as the kids say, had some choice words for Intel via this post. In short, he was enraged by the statement that the chip giant made in relation to the CPU vulnerability that came to light in the last couple of days. Here’s the key point:

I think somebody inside of Intel needs to really take a long hard look
at their CPU’s, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with “not all CPU’s are crap” in mind.

Or is Intel basically saying “we are committed to selling you shit
forever and ever, and never fixing anything”?

Because if that’s the case, maybe we should start looking towards the
ARM64 people more.

Mic drop.

That’s a slap to the face. But to be fair, I said this yesterday when I covered the release of this statement:

Interesting. A statement that’s designed to create plausible deniability and avoid a massive lawsuit. 

The fact is Intel has some explaining to do. And if they can’t explain this adequately, I wonder how they would feel if Apple, Dell, ASUS, HP and others migrate to AMD chips? Would that get their attention?

This isn’t good. A serious design flaw and security vulnerability has been discovered in Intel’s CPUs that will require an update at the operating system level to fix, reports The Register:

Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

So a fix is inbound. But the fix might be worse than the cure:

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

A recent Intel Security shows that although protecting personal information is top of mind for Canadian consumers, they often fall short in taking the proper precautions to do so.

Some of the key findings include:

• Canadians are worried about the security of their financial information. In fact, 44% of survey respondents are most concerned about a hacker stealing personal financial information.
• The fear of losing personal information has many Canadian consumers motivated to keep a close eye on their devices. 83% of consumers check to ensure their connected devices have not been compromised.
• Unfortunately, 51% of Canadians don’t know how to check to make sure their devices or applications have not been compromised.
• Top Canadian consumer cybersecurity concerns include:
  • Theft of their personal financial information (44%)
  • Identity theft (38%)
  • Being watched or listened to if their device has been compromised (23%)

Below are some tips from Gary Davis, Chief Consumer Security Evangelist with Intel Security, that can help Canadians remain safe while leading a connected life:

• Lock down your devices. Our devices are like an extension of our bodies. It’s imperative that they are locked down with a strong PIN code, as well as complex and unique passwords to prevent unauthorized access. Use a multi-factor authentication (MFA) solution, like True Key by Intel Security, that will combine your strong passwords with an extra layer of security – like your fingerprint or facial recognition.
• Keep your devices updated. Be sure to update your devices when new versions of the operating system or applications become available. Updates often include critical security fixes designed to patch and protect from attacks.
• Take control of your home network. Setting up a guest Wi-Fi network allows visitors to access the internet but keeps your home network private and isolated from their devices. You can also separate your IoT devices (smart home devices, wearables, etc.) from traditional connected devices (laptops, smartphones, tablets, etc.) where more secure information is stored, so if an IoT devices is compromised, the breach will be limited to devices connected to the guest network. Solutions, such as McAfee Secure Home Platform [Warning: PDF], help you easily manage and protect devices connected to both networks, and can ensure that guest devices connected to your network don’t open you up to an attack.

More information is available in a blog post by Gary at: https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/connected-life/

Intel Security commissioned OnePoll to conduct a survey of 13,000 adults (aged 18-55+) in December 2016. Respondents used an internet-connected device on a daily basis and were based in the following regions: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, Mexico, the Netherlands, Singapore, Spain, the UK, and the U.S.

Intel Security today announced its second annual cloud security report, “Building Trust in a Cloudy Sky.” The report outlines the current state of cloud adoption, the primary concerns with private and public cloud services, security implications, and the evolving impact of Shadow IT of the more than 2,000 IT professionals from around the world surveyed.

Trust in the Cloud on the Rise 

The trust and perception of public cloud services continues to improve year over year. Most organizations view cloud services as, or more, secure than private clouds, and more likely to deliver lower costs of ownership and overall data visibility. Those who trust public clouds now outnumber those who distrust public clouds by more than 2-to-1. Improved trust and perception, as well as increased understanding of the risks by senior management, is encouraging more organizations to store sensitive data in the public cloud. Personal customer information is the most likely type of data to be stored in public clouds, kept there by 64 per cent of Canadian organizations surveyed.

Risks Also Rise: Shadow IT and the Cybersecurity Skill Shortage

The ongoing shortage of security skills is continuing to affect cloud deployments. Half of the Canadian organizations surveyed report the lack of cybersecurity skills has slowed adoption or usage of cloud services, possibly contributing to the increase in Shadow IT activities. Another 35 per cent report they are experiencing a scarcity but are continuing with their cloud activities regardless. Only 15 per cent of those surveyed state they do not have a skills shortage.

Due to the ease of procurement, almost 40 per cent of cloud services are now commissioned without the involvement of IT, and unfortunately, visibility of these Shadow IT services has dropped from about 50 per cent last year to just under 47 per cent this year. As a result, 60 per cent of Canadian IT professionals think this phenomenon is interfering with their ability to keep the cloud safe and secure. This is not surprising given the amount of sensitive data now being stored in the public cloud and more than half (52 per cent) of Canadian respondents reported they have definitively tracked malware from a cloud SaaS application.

Data Centre Progression

The number of organizations globally using private cloud only has dropped from 51 per cent to 24 per cent over the past year, while hybrid cloud use has increased from 19 per cent to 57 per cent. This move to a hybrid private/public cloud architecture requires the data centre to evolve to a highly virtualized, cloud-based infrastructure. On average, 52 per cent of an organization’s data centre servers are virtualized, 80 per cent are using containers and most expect to have the conversion to a fully software-defined data centre completed within two years.

Recommendations:

• Attackers will look for the easiest targets, regardless of whether they are public, private or hybrid. Integrated or unified security solutions that provide visibility across all of the organization’s services could be the best defense.
• User credentials, especially for administrators, will be the most likely form of attack. Organizations need to ensure they are using authentication best practices, such as distinct passwords, multi-factor authentication and even biometrics where available.
• Security technologies such as data loss prevention, encryption and cloud access security brokers (CASBs) remain underutilized. Integrating these tools with an existing security system increases visibility, enables discovery of shadow services, and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment.
• Organizations need to evolve toward a risk management and mitigation approach to information security. They should consider adopting a Cloud First strategy to encourage adoption of cloud services to reduce costs and increase flexibility, and put security operations in a proactive position instead of a reactive one.

Survey Methodology

In fall 2016, Intel Security surveyed over 2,000 IT professionals across a broad set of industries, countries and organization sizes. Research participants were senior technical decision-makers from small, medium and large organizations located in Australia, Brazil, Canada, France, Germany, Japan, Mexico, Saudi Arabia, Singapore, the United Arab Emirates, the United Kingdom and the United States.

To download the full report, visit www.mcafee.com/ca/solutions/lp/cloud-security-report.html.

Source: Intel Security

With the summer season approaching, May is a popular month to start a new diet routine, and people are turning online for quick solutions. Thanks to better weather, more hours of sunlight and planned vacations, consumers have more opportunities to be active, which kick-starts a new wave of diets long after New Year’s resolutions come to an end. So it is timely that Intel Security today released findings from its new study, “Online Security Diet: You Are What You Click,” which examines the online behaviours and attitudes of Canadians ages 21 to 54 toward dieting clickbait. The research revealed that when it comes to the desire for the ideal body, people may be willing to sacrifice their online security if it takes them a step closer to achieving desired results.

Key highlights include:

• 56 per cent of survey respondents have clicked on a promotional link that offers a diet program.
• 50 per cent of survey respondents would most likely click on a promotional link for a diet program before the summer.
• 26 per cent of respondents are more likely to click on a promotional link or an article offering dietary tips featuring or endorsed by a celebrity.
• 19 per cent of survey respondents have purchased a service or product from a promotional link without knowing whether or not it’s a secure site.
• More than 40 per cent of respondents would be likely to click on a promotional link for diet programs generated by a Google search (42 per cent), with others reporting they would click links featured on Facebook (36 per cent), a website (26 per cent), or within an app that they already use (19 per cent).
• Many respondents report they are willing to share information like email address (57 per cent), full name (39 per cent) or age (40 per cent) with a website, service or company in hopes of reaching their goal weight or dream body.
• Yet 43 per cent of respondents don’t know how to check if a website is secure before providing payment details or personal information.

How You Can Better Protect Yourself to Avoid Online Diet Scams:

• Click with caution. Offers from sites that seem too good to be true, such as “Lose 10 pounds in one week,” may indicate that a site should be viewed with caution. Websites or emails might include phishing links that can lead you to sites that lure you into giving personal information to cybercriminals or download malware to your computer.
• Browse safely. Beware of phony websites. Sites aimed at scamming consumers may have an address very similar to a legitimate site, like “Wait Watchers” opposed to “Weight Watchers.” Phony sites often have misspellings, poor grammar or low-resolution images. If a site asks for personal information, double check the URL, and make sure it’s the site you intended to visit and not an imposter. Use a web reputation tool such as McAfee WebAdvisor that can help identify risky sites and inform you that you may be about to visit one.
• Develop strong passwords. Do away with the “123321” password, and use a strong one, like “9&4yiw2pyqx#.” Regularly change passwords and don’t use the same passwords across all your accounts. As a way to improve the quality of your passwords, consider using a password manager.
• Stay up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest operating systems and allow security patches to be updated on an ongoing basis. Also ensure you have the appropriate software set to conduct routine scans.
• Use a comprehensive security solution. Protecting all your devices with a comprehensive security solution, like McAfee LiveSafe, can help shield you from malware and other cyberattacks.

To find out more information:

• Blog post from Gary Davis: http://blogs.mcafee.com/consumer/the-security-diet
• To join the conversation on social media, use #securitydiet

You can also visit the Intel Security Facebook page at facebook.com/intelsecurity and McAfee Security Advice Center for information on the latest consumer threats and tips for living safer online.