Reddit’s announced that they’ve appointed Jyoti Vaidee as their new VP of Ads Product. Jyoti was previously the Director of Product Management at Google where she spent 11 years leading ads products like Google’s Display Ads and monetization efforts. In this new role, Jyoti will drive ads product strategy, execution, and management of the Ads Product organization.
Investigating scams is not a risk free business. For example a scam website might be a vector for malware or viruses. Which means if I use my MacBook Pro to test something, that there’s a risk that I could blow it up and be out of business for days. Fortunately, there’s a way around that. I use virtual machines.
A virtual machine is the virtualization or emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination of the two. In my case, I currently run two pieces of virtual machine software to do my investigations:
For Windows I run the free VMware Fusion Player. This has the ARM version of Windows 11 Professional which is always fully patched.
For Mac I run the free UTM virtualization software. This has macOS Sonoma which is always fully patched.
So why not have a simply have an extra computer or two lying around to do this sort of thing? We’ll, there’s several advantages for me:
Because it’s on my MacBook Pro, this is portable. Which means that I can use these on a client’s site at home or abroad.
Virtual machines have the advantage of being able to be cloned or snapshotted depending on the virtual machine software that you’re using so that you can save the current state of the the virtual machine so that if a virus blows it up, you can simply restore from the clone or snapshot and be back in business.
You can fully isolate the virtual machine from the real computer. So any infections that a virtual machine gets won’t spread.
Now running virtual machines requires a powerful computer to do it properly. In my case I run a 16″ MacBook Pro with the M1 Pro processor. Between the powerful processor and the 32 GB of RAM, I have no issues. But when it comes time to replace this computer, which as I wrote here I don’t see the need to do currently, I’ll likely be bumping up the RAM to 64GB and maybe increase the storage from 1TB to 2TB to accommodate additional virtual machines. I should note that if you’re on PC, you will likely need a Core i7, Core i9, Ultra 7 or Ultra 9 processor with 32 to 64 GB of RAM to do what I do.
Now, earlier on I did mention that I currently run two virtual machine software. That’s going to change as I am going to migrate to UTM for all my virtual machines. I’m doing that because since VMware has been acquired by Broadcom, their level of support has nosedived. You can take a scroll through the VMware Sub-Reddit to see the complaints about this acquisition that people have. And a lot of my clients are looking to move their enterprise level virtual machines off of the VMware platform for greener pastures like Microsoft Hyper-V, Nutanix or Citrix as a result of the chaos caused by the Broadcom acquisition. That lessens my need to run VMware’s software. Also UTM has much broader support for classic operating systems such as Windows XP and Windows 7. Which is something that VMware doesn’t offer. Thus it makes sense for me to transition to UTM.
So that’s my current virtual machine setup. After I do my transition to UTM, I’ll be doing a follow up to walk you through my setup and how I did it. Stay tuned for that and please leave any questions or comments below.
Posted in Commentary with tags Bell on May 11, 2024 by itnerd
Recently, I’ve written about two instances where I’ve come across a threat actor or actors using Bell Canada’s name in an attempt to scam people. If you want to read about those scams, click here and here for details.
I wanted to make sure that my readers have every opportunity to protect themselves. So I went to Bell directly to ask for commentary as well as tips that would allow you to protect yourself from scams like these. A Bell representative sent me this which I have reprinted verbatim:
This style of fraudulent activity is what is called social engineering, where fraudsters exploit emotions to achieve various objectives. These include accessing sensitive information like passwords, credit card or SIN details, gaining control over computers or devices, or directly acquiring funds from unsuspecting victims.
We want our customers to know that Bell will never contact you to ask for personal information unless we are responding to an inquiry made by the customer. We strongly advise our customers to beware of these fraudulent tactics, trust their instincts, and if they are uncertain about a caller’s identity, hang up and contact our team directly. We take such matters seriously and investigate each matter brought to our attention. If you suspect you have encountered someone fraudulently posing as a Bell representative please email fraud.fraude@bell.ca. For more information on how to protect yourself from telecom fraud, please visit bell.ca/security.
This is very good advice as a whole. And I want to highlight this part specifically:
We strongly advise our customers to beware of these fraudulent tactics, trust their instincts, and if they are uncertain about a caller’s identity, hang up and contact our team directly.
Because I come to the rescue of people who come in contact with scammers on a regular basis, I can say that trusting your instincts is one of the best things that you can do to protect you from being a victim of a scam. If you get the sense that something is wrong, go with it because you’re likely right. And trusting your instincts can save you from a very bad situation. On top of that, if you get a call from someone claiming to be from Bell, and what you hear doesn’t sound right, hang up and call Bell directly at 310-Bell. Finally, this advice doesn’t just apply to Bell, but to any situation that you might find yourself in where you get contacted out of the blue by someone claiming to have some great deal for you, or wanting to take some course of action that doesn’t sound right.
I want to thank Bell for responding to my request for a comment on this as this will help a great many people avoid being on the wrong end of a scam.
The Ascension Hospital cyber attack continues to head much of this week’s news, particularly as it follows on both the Heritage healthcare cyber attack and the City of Wichita getting hit by LockBit this week. CNN is reporting that the BlackBasta ransomware group is behind the attack. This latest cyberattack has had significant effects in terms of patient care:
The cyberattack on Ascension, a St. Louis-based nonprofit network that includes 140 hospitals in 19 states, is also disrupting access to electronic health records, some phone systems and “various systems utilized to order certain tests, procedures and medications,” Ascension said in a statement distributed Thursday evening.
The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack. Downtime procedures are typically when health providers revert to backup processes, including paper records, that allow them to care for patients when computers are down.
“So we’re just getting word that Black Basta is behind this attack at Ascension Healthcare and this in the same week that the LockBit ransomware group claimed the attack on the city of Wichita, taking down their network and demanding a ransom. This marks a worrying trend. Russian ransomware groups, such as BlackBasta, LockBit and Blackcat (AlphV), are intensifying their focus on U.S. healthcare. These actions follow the FBI’s operation against Blackcat’s infrastructure, with both groups vowing increased attacks on this sector. These organizations, deeply embedded in Russia, likely amassed close to a billion dollars in ransom in 2023 alone. Their connections with former KGB leaders, including Putin, suggest a geopolitical strategy to target sectors that Putin aims to destabilize.
“The financial toll of these attacks is staggering. United Healthcare’s $22 million payment to decrypt data is minor compared to the broader economic impact, likely exceeding $5 billion. Hospitals like Lehigh Valley Health Network have faced both data encryption and extortion, with potential legal fallout from the threatened release of sensitive patient photos.
“Healthcare systems, with their myriad of IoT devices, widespread provider networks, and vast attack surfaces, are particularly vulnerable. The recent suspension of operations in Northeast hospitals due to cyberattacks underlines the sector’s susceptibility and the potentially fatal consequences of such disruptions.
“For healthcare, preparation is not optional but essential. They must develop robust backup, recovery, and rapid ransomware containment strategies to mitigate these risks and minimize the impact of these inevitable attacks.”
As usual when healthcare organizations get pwned, I get to say that this sector is a soft target for hackers. This needs to stop because at some point someone is going to die because they can’t get the care that they need because of a cyberattack like this one. And the only way that this stops is through making sure healthcare organizations can make the required investments that allows them to be less of a target.
Posted in Commentary with tags Scam on May 10, 2024 by itnerd
Fun fact. Or perhaps not such a fun fact. More and more companies have done away with having a phone number that you can call for technical support. Having a tech support line and staffing it with competent people is a cost that businesses want to avoid. So these businesses have moved to doing email or online support such as a chat bot as that’s much cheaper. But many consumers are used to calling someone for help with their tech. Scammers know this and have filled in the void by creating technical support scams that are easy for the unsuspecting to find via a Google search. What I mean by that is that scammers will poison Google search results so that their scams pop up first as the natural human tendency is to click on the first, second or third result in a Google search. Then if the unsuspecting person calls the number, bad things will happen to them.
That’s what happened to an elderly couple yesterday. They had their Bell Fibe modem replaced yesterday and everything was fine except their Brother printer which was wireless wouldn’t print. So they Googled for a tech support number for Brother and somehow ended up in the hands of a company called Stallions Geek Solutions. More on them later. But what happened over the next hour or so was that someone who provided this couple his first name and employee number (Top tip: If a tech support person gives you only their first name and employee number on a phone call, that should be a red flag that something might be up as no legitimate tech support organization would ever do that) used TeamViewer to connect into their Mac to attempt to fix the problem. When the printer still wasn’t working, he claimed that this was a “driver issue”, and then said that he would have to escalate this to someone senior who would call them back, and it would cost them $200 to fix the problem. But first the couple would have to fill out a form that was asking for all sorts of personal information. The couple did start to do that but got suspicious and hung up the phone. That’s when I got a phone call that made me drop what I was doing to drive to their home and investigate.
Now the actual problem with the printer was really simple. The printer as I said earlier was a wireless one. So when Bell replaced the modem, nobody updated the printer’s wireless configuration so that it knew how to connect to the new modem. That’s why it wouldn’t work, and that took me a grand total of four minutes to sort out. Any person with even a basic understanding of how this stuff works who listened to the situation should have come to that conclusion. But clearly these scammers weren’t competent enough to do that. Or they were simply too focused on putting on a show so that they could execute their scam.
When I examined the Mac, I found a copy of TeamViewer. And based on the TeamViewer logs, it looks like the scammer tried to set it up so that they could connect to the computer any time they wanted. But they failed miserably in doing so. I didn’t find any evidence of any other remote access software like ConnectWise which is a favourite of scammers these days. So while I have to follow up with them in a few days, I felt confident in saying that their Mac was clean. And I think what saved them from something much worse happening was that the scammer didn’t really know his way around a Mac, and they refused to give the scammer their admin password for the Mac. If they did, he could have done anything he wanted. But they didn’t which limited what the scammer could do.
So, who are these Stallion Geek Solutions people? Using the number that they called, I managed to hunt down their website. Now I won’t post the URL for the website, but I will show you what it looks like:
It looks pretty. But to be totally honest, it’s one of the worst websites that I have ever seen. The text on it would make an English teacher cringe. It was clearly written by someone whose first language wasn’t English and the text that is there seems to be there to fill in space so that it makes this business look legitimate. Or put another way, they’re likely hoping that people won’t look at the details of the website and come to the conclusion that this business isn’t who they say that they are. To add to that, some of the links on the website go nowhere, which for a company who claims that they do web design among other things is pretty bad. For fun I checked their domain registration and found that the domain was registered in Europe. But all the administrative and technical contact info had been redacted for privacy. That isn’t unusual in isolation. But it combined with what else I am going to serve up makes this company look suspect.
This company had a Canadian address, but when I looked at it on Apple Maps, it was in a home in suburban Toronto. Again, by itself that’s not unusual. But when I checked to see what “Printer Services” that they offered, this made it unusual:
This was on the same page as their Canadian address. So are they in Canada or Australia? I’m guessing that they’re at neither place. Or maybe the Canadian address is some sort of front for the company as Apple Maps lists the company as operating out of the home that I spoke of earlier. And the company is elsewhere on the planet.
Finally, the phone number that the couple phoned has been implicated in a pop up scam back in 2022. I discovered that by running the number through a number of Scambaiter websites and getting a few hits. Such as this one:
In case you’re not familiar with the term, scambaiters are basically people who go after scammers by pranking them and doing everything that they can to disrupt their operations as it’s difficult if not next to impossible to get scammers arrested. Thus they feel that vigilante justice is better than no justice.
There’s enough evidence here that I think that I can conclude that this company was out to scam this couple. And that this company likely are some sort of scam operation. As part of this incident I submitted the log files from TeamViewer and passed them along to TeamViewer so that they can take action against these scammers. Which means that TeamView can use these logs to remotely disable their software so that the scammers can’t use it. That will put them out of business for a bit until they find some other remote access software to use.
Now if you need tech support for some piece of tech, Google is not your friend. Like I said earlier, scammers will do things to ensure when the search results pop up, they appear ahead of legitimate companies. Thus my recommendation is to go directly to the official website of the product manufacturer and only use their official channels for tech support. And if they don’t have actual phone support, don’t go hunting for some sort of phone number. That will only end badly for you because there are no “secret” or “unpublished” phone numbers for tech support, despite what you might have heard.
I’ll be updating this story with new information as warranted. But for now, consider this situation a cautionary tale of what can happen if you are not careful in terms of how you’re looking for tech support for the tech that you own.
Posted in Commentary with tags Roku on May 9, 2024 by itnerd
Roku and TVA Group announced the launch of TVA+ on the Roku platform. Expanding the options for French-language content on the Roku platform in Canada, TVA+ brings an exciting array of entertainment, news, public affairs programming, and sports, including the NHL and MLB, to Roku users.
As TVA’s digital destination, TVA+ includes Quebec’s most popular original content – often surpassing 1 million views – as well as a catalogue of nearly 100 movies and series from here and abroad. TVA+ provides viewers with a wide range of original hit shows like Indéfendable, Si on s’aimait, Alertes, Sorcières, and Révolution, plus popular Quebec adaptations such as La Voix, Sortez-moi d’ici and Chanteurs masqués, the family-friendly variety series that has ranked #1 in Canada (regardless of language) for 3 consecutive seasons. TVA+ also features TVA newscasts, along with several public affairs and sports programs.
Included in TVA+ is TVA Sports en Direct, available with a choice of two subscription packages. TVA Sports en Direct is the exclusive French-language broadcaster of the National Hockey League (NHL), including Saturday night Montreal Canadiens games and all playoff games. The channel also offers Major League Baseball (MLB), WTA tennis, the National Bank Open, the Laver Cup, UFC galas, and much more.
TVA+ is now available on all Roku devices and Roku TVs and can be added to the home screen directly from the Channel Store.
This morning, TikTok announced that they have become the first video sharing platform to start automatically labeling AI-generated content (AIGC) that’s made on other platforms by implementing Content Credentials, a new technology from the Coalition for Content Provenance and Authenticity (C2PA). TikTok already labels AIGC made with TikTok AI effects and were the first to launch an AIGC labeling tool which over 37M creators have used since September 2023.
On top of that, TikTok is launching new media literacy campaigns that we developed with guidance from experts including Mediawise. And they are also joining the Adobe-led Content Authenticity Initiative (CAI) to help drive Content Credentials adoption.
EnGenius Technologies Inc., a leader in advanced connectivity solutions, is excited to unveil the much-anticipated ECW526, the newest addition to the Cloud Wi-Fi 7 Access Point series. With the Wi-Fi 7 4×4 ECW536 access point, now priced at $499, and the new Wi-Fi 7 2×2 ECW526 access point, businesses of all sizes can now affordably deploy Wi-Fi 7, making it accessible and practical for every business environment. EnGenius now offers customers the flexibility to choose the appropriate Wi-Fi 7 access point for their specific needs, whether for densely populated areas like conference rooms or providing extensive coverage in large spaces such as assisted living or student housing. It’s the perfect choice for businesses that demand optimal performance and value as they transition onto the Wi-Fi 7 landscape and cater to the growing number of bandwidth-intensive devices and applications.
The ECW526 reaffirms EnGenius’s dedication to bringing the latest Wi-Fi technology to everyone. This cutting-edge access point is a sleekly designed tri-band device that delivers unprecedented speeds of up to 9.4 Gbps. By using three frequency bands – 2.4 GHz, 5 GHz, and 6 GHz -one access point can support a larger number of IoT devices, regular devices, and the latest high-tech gadgets. The device is backward compatible, seamlessly integrating with existing Wi-Fi setups, facilitating a smooth transition to the next generation of wireless connectivity.
The ECW526 harnesses the advanced capabilities of Wi-Fi 7, including 320 MHz channels, 4096-QAM, and Multi-Link Operation. It effortlessly supports bandwidth-intensive tasks such as streaming 4K videos and running cloud applications, guaranteeing optimal network utilization, low latency, and unparalleled signal reliability. EnGenius engineered the ECW526 with a lightning-fast 10 Gbps Ethernet port while maintaining a modest power consumption of just 21 Watts at peak, ensuring compatibility with traditional PoE+ switches and injectors. The ECW526 is the future of Wi-Fi 7 connectivity, offering businesses fast, flexible, and secure networks that will transform how they connect.
Key Features:
Experience Unmatched Performance with Next-Gen Technology: This elegant device uses Wi-Fi 7 for lightning-fast speeds of up to 9.4 gigabits using three bands, 320 MHz channels wide channels, 2×2 MU-MIMO, 4096-QAM, Multi-Link Operation, and Multi-RU puncturing to improve reliability and performance in data-intensive applications.
Seamless Network Management Made Easy: The EnGenius Cloud platform simplifies modern network management, reducing operational costs while enhancing network performance and reliability.
Security is Top Priority: With advanced security features like WPA3 Enterprise, the ECW526 ensures that your network is always protected against unauthorized access and potential threats, always keeping your data and connections secure.
Simplified Setup: With a quick scan, you can register and configure your device in 5 minutes or less. You can easily monitor and troubleshoot your network remotely.
Manage Your Network on the Go: With the EnGenius Cloud and our mobile app, you can easily manage your network from anywhere and effortlessly manage an unlimited number of APs.
Hassle-Free Installation: The click-n-twist mount and Kensington lock slot ensure a hassle-free and secure installation process, giving you peace of mind that your device is securely installed.
I’ll say right up front that I am still investigating this, thus details are a bit light. But having said that, I wanted to make sure that this new scam involving Bell Canada is out there so that you are aware and can protect yourself accordingly.
Yesterday, my home number (as opposed to my business number) got a call which went to voice mail as nobody was home at the time. When I played the message back, it was a pre-recorded message that was claiming to be from Bell Canada. And that they were disconnecting my Internet and TV “line” temporally. I was then prompted to press one to get to a representative or press two to get to technical support to “address the unusual activity on your line.” So what the scammers are hoping that you will do is freak out because your Internet is being disconnected or that you have “unusual” activity on your connection and engage with them. Then they can execute whatever their evil plan is, which at this point isn’t clear.
Now while Bell Canada is our telco provider at the moment, I knew right away that this was clearly a scam. For starters, the audio quality was horrible. No telco would ever have an outbound message with audio that was that bad. That made me think that it might be the same threat actors that were behind this Bell Canada scam from a few weeks ago who clearly haven’t improved the approach to this scam. The second thing was the number that they calling from. It was from an 847 area code which is in Illinois and not Canada. So clearly the number is spoofed, and the threat actors aren’t smart enough to use a Canadian area code. Though there were two other things that tipped me off that this was a scam. But I am not going to disclose those at this time as I don’t want to give the threat actors ideas in terms of improving the effectiveness of the scam.
Now related to this, I did find on DSL Reports that there’s a slightly different version of this scam making the rounds as well, which I suspect is from the same threat actors. You can read about that here. Clearly there’s an active scam campaign out there that while it won’t get non-Bell Canada customers, some Bell Canada customers will fall for whatever version of this scam that hits their phone. I’ll be reaching out to Bell Canada later today to see if I can get some comment and some advice so that you can better protect yourself from this scam. But if you get a call from someone claiming to be Bell Canada, I feel safe in saying that you should immediately hang up and call 310-2355 and verify that the call that you received was real. Chances are, it wasn’t.
President and chief operating officer Clint Mahlman issued a letter Wednesday offering his “sincere apologies for the inconvenience and any concerns” that arose amid the week-long closure of the company’s 79 stores across British Columbia, Alberta, Saskatchewan and Manitoba.
While Mahlman didn’t elaborate on the nature of the breach targeting the company, he said the retailer had security measures in place, but “given the rapidly evolving landscape of cybersecurity threats, no organization can be 100 per cent safe from advanced cybersecurity incidents orchestrated by sophisticated third parties.”
I have to give him credit for apologizing for getting pwned. While they shouldn’t have been pwned in the first place, this is the next best thing. The second thing that he did was put out some more details:
The Richmond, B.C.-based retailer says it has found no evidence that customer databases, including health data from its pharmacies, were compromised in the cybersecurity breach.
“However, should we discover any evidence that customer information was impacted, we will inform our customers and privacy commissioners in accordance with privacy laws,” the company president said.
“At the outset, we proactively alerted the privacy commissions in the provinces we operate in and have reported this incident to law enforcement.”
While this can change at any point, it’s good news that no health data was swiped…. That they know of. There’s also this:
Beyond forcing the retailer to close its physical locations, the security breach also prompted company leadership to temporarily disable its telephone lines as part of a system-wide effort to locate and contain the breach.
“As soon as we became aware of suspicious activity in our environment, we immediately engaged third-party cybersecurity specialists from across North America to assist with containment, mitigation, and to conduct a forensic investigation,” Mahlman said. “Our investigation is ongoing.”
I for one hope that they continue this transparency and show the results of their investigation. I say that because if London Drugs really wants to restore the trust of their customers, they have to make that public along with how intend to avoid getting pwned again. Let’s see if they do that.
Reddit Announces New Ads Executive
Posted in Commentary with tags Reddit on May 13, 2024 by itnerdReddit’s announced that they’ve appointed Jyoti Vaidee as their new VP of Ads Product. Jyoti was previously the Director of Product Management at Google where she spent 11 years leading ads products like Google’s Display Ads and monetization efforts. In this new role, Jyoti will drive ads product strategy, execution, and management of the Ads Product organization.
You can read more about this appointment here.
Leave a comment »