Starbucks Gets Mad At Security Researcher Who Exposed Vulnerability

Posted in Commentary with tags , on May 25, 2015 by itnerd

In a case of “don’t shoot the messenger” a security researcher is under fire from Starbucks because he found a vulnerability and brought it to their attention. Here’s what the BBC had to say on this:

Egor Homakov found a flaw that let him duplicate funds on a gift card, which he spent in a store to test his theory.

He told Starbucks so they could fix the flaw, but said that the company had then called his actions “malicious”.

“The unpleasant part is a guy from Starbucks calling me with nothing like “thanks” but mentioning “fraud” and “malicious actions” instead,” he wrote.

Now keep in mind that Starbucks and IT security have been mutually exclusive terms for a while now seeing as their iOS app had to be fixed because of the way that passwords were stored on it. But this only happened after their handling of the issue turned into a bit of a gong show. And more recently users were having their accounts drained and Starbucks blamed the users for their own misfortunes. So the fact that Starbucks basically shot the messenger when it comes to this latest issue doesn’t surprise me. If I were Starbucks, I’d want people like Mr. Homankov to come forward and point out flaws like this. That way I could make the customer experience better by having a more secure environment. But clearly Starbucks doesn’t feel that way. That’s very disappointing.

Starbucks really needs to change their thinking when it comes to the security of their payment systems. If they don’t, they will find that people will continue to find holes and not all of them will be as altruistic as Mr. Homakov. That will ultimately drive people away from buying coffee at Starbucks because they aren’t secure and everyone will know about it.

So how about it Starbucks?

Could Companies Be Lining Up To Buy BlackBerry?

Posted in Commentary with tags on May 25, 2015 by itnerd

Hot on the heels of cutting jobs just before the weekend comes this report that a lot of big name companies might be in the market for BlackBerry:

Canadian telecommunications company BlackBerry Ltd. has once again made their ways into the news with lot of gossiping taking place about its acquisition, and this time there’s Microsoft at the other end of the story.

Sources even claim that few other tech companies like Xiaomi, Lenovo and Huawei are also amongst those interested in positively spinning their chances off with BlackBerry.

Microsoft is reportedly working with few investment firms to assess their chances of taking over BlackBerry, planning to upgrade its intensity in the business mobile solution segment and its patent portfolio in the Internet of Vehicles (IoV), as well as mobile platform and communications sectors.

Sources also claim that Chinese smartphone manufacturers are mainly intended to invest in BlackBerry so that they can improve their brand visibility across US and European business sectors.

Now, this isn’t the first time that rumors of a buyout have surfaced. But I decided to run with this one as it seems a little more than ironic that these rumors have surfaced after the company turns a profit. That may be enough for one of these companies to believe that there’s something here that’s worth buying. Or it could just be another rumor with no substance.

We’ll have to wait and see.

BlackBerry Lays Off Unknown Number Of Employees

Posted in Commentary with tags on May 24, 2015 by itnerd

Clearly BlackBerry isn’t out of the woods just yet as news appeared just before the weekend that some more BlackBerry employees were laid off:

BlackBerry Ltd. said Friday it is laying off an undisclosed number of employees in its device business including those focused on development of smartphone software and applications. 

The move is part of the company’s goal of boosting sales of higher margin mobile-management and security software to reignite growth, it said.

Well, that’s unfortunate for those involved. But BlackBerry says it is still “committed” to putting out devices:

BlackBerry remains committed to the device business, having released since September a string of new smartphones aimed at professionals with more planned for this year. But the Waterloo, Ontario, company is increasingly betting on new mobile software aimed at fostering worker productivity and security for BlackBerrys, Apple iPhones, and devices powered by Google Inc.’s Android and other operating systems.

We’ll see if that is the case going forward.

AdultFriendFinder Hacked… 3.5 Million Accounts Compromised

Posted in Commentary with tags , , on May 24, 2015 by itnerd

If you find your dates or whatever it is you’re into on AdultFriendFinder…. Not that there’s anything wrong with that…. You might have a reason to worry. About 3.5 million personally identifiable records were leaked from systems belonging to the adult oriented website which confirmed the breach after the hack first surfaced in April:

Word of Adult Friend Finder’s problems first surfaced last month. An IT consultant and Darknet researcher, who prefers to be known as Teksquisite, discovered the files on a forum in April. Salted Hash, looking to confirm her findings, discovered the same posts and files in short order.

The hacker claiming responsibility for the breach says they’re from Thailand, and started boasting about being out of reach of U.S. law enforcement because of location alone. As for local law enforcement, they’re confident they can bribe their way out of trouble, so they continued to post Adult Friend Finder records.

Using the handle ROR[RG], the hacker claims to have breached the adult website out of revenge, because a friend of theirs is owed money – $247,938.28. They later posted a $100,000 USD ransom demand to the forum in order to prevent further leaks.

In all, across 15 different CSV files, ROR[RG] posted 3,528,458 records. The files are database dumps with 27 fields in total; the most important being IP address, email, handle, country, state, zip code, language, sex, race, and birth date. Dates confirm that the data is at least 74-days old.

Here’s what AdultFriend Finder had to say:

“FriendFinder Networks Inc. has just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue. We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant, a FireEye Company, the law firm of Holland & Knight, and a global public relations firm that specializes in cyber security.

“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation. We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.”

Sure you will. Either you were covering things up until you were forced to admit it, or you were asleep at the switch or your IT security sucks. That’s bad any way you slice it and users of the website should be outraged. The only good thing that they did was that they got Mandiant to look into this. Maybe they will whip your website into shape.

So, why am I being so harsh on AdultFriendFinder? Simple, this hack hurts people who really didn’t need the fact that they surf the Internet looking for Mr./Ms. Right or Mr./Ms. Right Now. Let me illustrate how this hurts people:

The problem that came to light was that, buried in the data, people were using their work email address to register for Adult Friend Finder. It was noticed by some folks I spoke with who were familiar with the data, that there were email addresses for folks serving in the US Army, US Airforce, Australian military as well as members of the Colombian, Brazilian and the Canadian Forces. That was just based on a cursory search.

Further to that end, according to the leaked data, government related email addresses showed that staffers from around the world had registered with their work email. Rather amazing that people would do such a thing.

So, why is this a problem? Well, an enterprising sort could track a person back through some simple searches. In one scenario someone would be possibly able to find a military personnel’s home address, current station, and…the names of his wife and children just as an example scenario.

Now, I could say that anyone who is dumb enough to use their work e-mail address to register on this site deserves to have their privacy invaded. But that’s wrong. Nobody needs to have their privacy invaded. Ever. Hopefully the low lives who are responsible get caught and jailed as hacks that violate the privacy of people should not be tolerated.

BRICWAVE Xpress Now On Kickstarter

Posted in Commentary with tags on May 23, 2015 by itnerd

I have just become aware of a high-speed charging and data back-up device for smartphones and tablets that might warrant your attention. BRICWAVE Xpress lets you recharge mobile devices in just a fraction of the time it would take other charging cables to perform the very same task. It also backs up the data instantly with a high capacity flash memory integrated. The device has a 3-way switch to control the functions of the device effortlessly between normal “Sync & Charging”, “Data Back-up”, or “Express Charging”.

speedCharging22

Here’s a more detailed look at BRICWAVE Xpress:

ad2720b6b9798d0d3c07e5eb293ecc3c_original

Key features include:

• Sync & Charging (perform data sync and charging as an ordinary charging cable.)
• Data Backup & Managing (data backup to the flash drive for presentations, heavy campus assignments, and extra music, audio, video files)
• Express Charging (perform high-speed charging with reduced time by half)
• Compact Size (1.2″ X 3″ X 0.5″ form-factor promote ultimate mobility)
• Collapsible Flex Cable (6″ for full span from tip to tip for ultimate flexibility)
• MFi Certified Lightning Connector

BRICWAVE Xpress is currently 128% funded on Kickstarter. Early Birds will be able to pre-order one for $49.

Anti-Wheel Theft Mobile App Technology Now Being Crowdfunded

Posted in Commentary with tags on May 23, 2015 by itnerd

It’s getting harder to steal a car. They’re difficult to start without the proper key and if someone was able to do so, a thief may not get far as cars these days can be tracked, and even remotely disabled. So thieves are changing their tactics. They’re now stealing parts of cars rather than the car as whole. One of the more popular items to steal is the wheels as they tend to be untraceable.

This is where Project Overlord comes in. With their new Wheel Anti-Theft  Tracking Device & Mobile App, RimTech will alert vehicle owners when their wheels have been tampered with, and will track the owner’s wheels to the theft location within 10ft.

Overlord1

In short, the RimTech system is made up of a wheel tracking device with a corresponding mobile app. If your wheels get stolen, you can track them down (presumably with the help of the police). RimTech is currently under development and is being crowdfunded at IndieGoGo.com. The company is looking for support of the IndieGoGo campaign to help launch the RimTech device in October 2015. It sounds interesting so it may be worth a look.

CRTC Asks Canadians To Help Measure The Performance Of Internet Service In Canada

Posted in Commentary with tags , on May 22, 2015 by itnerd

Now I have to admit that this is an interesting project. The CRTC yesterday put this press release out asking for Canadians to help it measure how their Internet service at home performs:

The CRTC is recruiting up to 6,200 Canadians to help measure the Internet services provided by the participating ISPs. Volunteers will receive a device, called a “Whitebox”, that they will connect to their modem or router. The Whitebox will periodically measure broadband performance, testing a number of parameters associated with the broadband Internet connection, including download and upload speeds. The measurement tests will run when users are not actively using their Internet connection. The privacy of Canadians will also be assured. No information concerning online activities will be collected.

The results of this project will enable Canadians to gain additional insight into network performance, including actual connection speeds, and provide them with a better undestanding of whether certain Internet services from participating ISPs are delivering speeds as advertised. These results will also provide data that will enable the CRTC to improve its broadband policy-making.

Using these results as a baseline, the CRTC intends to publish a comprehensive report highlighting the findings of this project. While the initial project is set to last for one year, the CRTC intends to continue gathering data beyond the initial year. The data will ultimately form part of the CRTC’s data collection and monitoring activities.

If you want to participate, you should sign up here. But I suggest that you hurry as I suspect that this will be popular.

One thing that I did find interesting is that Rogers put out a press release of its own very quickly. It had a very interesting stance:

Rogers Communications announced today it is pleased the CRTC is launching Measuring Broadband Canada, a new independent testing program that gives Canadians real information on the performance of their Internet provider.  The announcement follows the move by Rogers in 2012 to begin independent testing using global expert SamKnows, the same broadband testing firm announced by the CRTC today.

“This is great news for consumers,” said Robert Goodman, Senior Director of Internet, Rogers Communications.  “We urged our competitors to join us when we began independent testing three years ago so we’re thrilled the CRTC is taking this step forward today.  Canadians deserve the Internet speeds they pay for and more transparency means they can make more informed choices.” 

For the record, I checked the press releases archives for Bell, Teksavvy and Telus for anything similar and I could not find anything.

I find it interesting because I will admit that Rogers has put a lot of time, money and effort into making sure that customers get the speeds that they pay for. And they’re not only not shy about telling the world about it, but they use third parties like SamKnows (Warning: PDF) to back up their claims. Thus they likely see something like this as an opportunity to get another third party to validate how good their Internet service is compared to their competitors. But since it would come from the CRTC, a body that Rogers hasn’t exactly had the best relationship with, it would add extra weight to Rogers claims. And for bonus points, by calling out their competitors for not doing the same, they look like the good guy. This is smart marketing, assuming of course everything goes to plan.

So, will you be participating? Please leave a comment and share your thoughts.

Follow

Get every new post delivered to your Inbox.

Join 322 other followers