Ask Mondelez how much a successful cyber attack costs

I’m that IT guy. No you can’t have Facebook at your work PC. No you can’t access the company Wi-Fi network with your personal device. No you can’t remote access the work servers from any PC you want to. No you can’t skip this month’s security training.

Know why I’m such a pain? Because one slip up on my part will bring the company crashing down.

Ask Mondelez, the snack maker that owns Oreos and Cadbury, what the cost of a successful cyber attack is. According to an article on Food Business News, it was an immediate $7.1 million loss, another $150 million in lost sales, and an ongoing “to be determined” repair cost.

Back in June, Mondelez got hit with the ransomware strain “Petya”. The effects were immediate and brutal. Production came to a complete stop, and the company scrambled for weeks trying to remove the ransomware infection from their company servers.

According to Food Business News, “The malware affected a significant portion of the company’s global Windows-based applications and its sales, distribution and financial networks across the company.”

“Although the company believes it has now largely contained the disruption and restored a majority of its affected systems, the company anticipates additional work during the second half of 2017 as the company continues to recover and further enhance the security of its systems. For the second quarter, the company estimates that the malware incident had a negative impact of 2.3% on its net revenue growth and 2.4% on its organic revenue growth. The company also incurred incremental expenses of $7.1 million as a result of the incident.”

The worst part? “In an Aug. 2 conference call with investment analysts, Irene Rosenfeld, chairman and chief executive officer, said Mondelez was not yet “back to normal.”

June. July. August. And an untold number of months to go.

Yes, IT guys like me are a royal pain. It’s not because we want to be. It’s because we know what will happen if a cyber attack is actually successful.

Time Warner ended partnership with Dell’s Sonic Wall

In a big giant bit of ugly news today, our local Time Warner rep informed me that Time Warner corporate is no longer offering Dell Sonic Wall products or services.

If you are in a Time Warner corporate environment and are currently using a Dell Sonic Wall product provided by Time Warner, you should have grandfathered-in support for the time being. HOWEVER, if your existing Sonic Wall goes out or you need to add to your WAN/LAN, your only option now will be to switch to Time Warner’s new Cisco/AdTran services or buy and config your own Sonic Wall.

Nightmare scenario: the corporate Sonic Wall goes out. Time Warner has nothing to drop ship you as a replacement. You will either have to re-configure your entire network through their new Cisco/AdTran services or find an identical Sonic Wall online to clone your previous config to. How long will either scenario take?

If you’re in this boat, contact your Time Warner rep for more details.

New research shows 3D through-wall imaging using only two drones and Wi-Fi

This should get the tinfofil hat brigade nice and riled up. New research from the University of California Santa Barbara has shown it is possible to make a “high-resolution 3D through-wall imaging of completely unknown areas” using only basic Wi-Fi signals and two drones.

The concept is pretty straightforward but the tech behind it is fairly complex. One drone acts as the Wi-Fi broadcaster, and the other drone “reads” the signals and maps out the interior. Both drones follow multiple paths around the area until a satisfactory image is created.

The idea is to use this tech for “emergency response, archaeological discovery, and structural monitoring”.

The link to the video showing the drones in action, the tech involved, and article is on the TechTV site here

Notegraphy shutting down web services by June 30th

Notegraphy announced in a press release that as a result of “overhauling their technology platforms”, the web version of Notegraphy will be discontinued on June 30th.

If you have anything on Notegraphy you want to keep before the June 30th purge, you will need to…

  1. Login to www.notegraphy.com with your username and password
  2. Go to Settings
  3. Select Backup my notes
  4. Check your email for the link to download your notes to your PC or Mac

The company has a new app they are pushing (of course!), but to delete all of their user’s works in Notegraphy instead of automatically migrating them to the new app is a boneheaded executive decision. After all, if they are willing to eviscerate Notegraphy with one week’s notice and not offer a full migration path to its’ supposed successor, what’s to stop them from doing the same with any of their future products?

Congress’ basic guidelines for automated vehicles miss the potential problems

In a recent article on Government Tech’s website, Congress announced they have already come up with six basic guidelines to regulate the future of autonomous vehicles.

The six legislative principles that have been defined are…

  • Prioritize safety
  • Promote continued innovation and reduce existing roadblocks
  • Remain tech neutral
  • Reinforce separate federal and state roles
  • Strengthen cybersecurity
  • Educate the public to encourage responsible adoption of self-driving vehicles

While the government is starting off some very generic principles to regulate the industry and have some other concerns they are starting to look into, I see a few very significant problems that must be addressed before fully autonomous vehicles become the nationwide standard.

  1. Since non-automated vehicles as stated in the article are already responsible for “94 percent of crashes” due to “human error or decision”, ownership of a non-connected vehicle will eventually be vilified (if not seen as an outright criminal liability). This issue may play out through a heavy “tax” and/or insurance levy on those individuals who wish to retain their non-automated vehicles, or an outright ban on the manufacture of “human driven” vehicles after a certain date. Will automated vehicles and “human driven” vehicles be allowed to co-exist? Or will there be a mandatory phase-out period in the coming decade?
  2. Navigating any city using an outdated GPS system is already a problem with “human driven” vehicles. What will happen if an automated vehicle is allowed to operate with an outdated GPS system? To avoid a potentially lethal outcome, I expect the government to create an oversight agency to mandate all autonomous vehicles have the most recent firmware and software updates at specific intervals. This may play out through updates as infrequently as every “state inspection”, or be more strict via mandatory updates at every refueling (with the option to penalize or completely restrict owners who continue to use a vehicle with outdated software). This, by proxy, also brings up the issue of standardization of GPS systems. While the government has so far been hesitant to declare a standard for automated vehicles to use, this could soon be a pressing safety issue that will not wait for a consumer verdict.
  3. When automated vehicles can be sent home at any time, as stated in the article, “this could create significantly more vehicle-miles traveled, ultimately causing worse congestion. People could potentially send their car home rather than paying for expensive parking in an urban core.” Cities would lose income on previously reliable parking garage and meter fees and will also have to address the sudden glut of unused parking buildings across their downtown areas. I don’t expect any city to gracefully accept this loss of income, and will instead create toll lanes on previously “free” roads as well as a new universal “miles usage” tax for increased “wear and tear” on the roads. Will the federal government allow this?
  4. When automated vehicles become the majority, what is to stop overreach from non-traffic related issues once vehicles become fully interconnected? If you owe the IRS, a court judgement, have overdue child support payments, or even a late credit card payment, what is to stop a restriction from being placed on a connected vehicle’s use since it will be readily available online? Is driving still a privilege and not a right in the coming era of automated vehicles?
  5. Uber is already a nightmare for city taxi services. What is to stop Uber (or a similar company) from purchasing several automated buses that pick up and drop off passengers at designated areas defined by the users themselves? Instead of losing their bus/subway/transport base (IE: income), I expect a hard push back on Uber-style companies through city-based lawsuits and insurance bribes concerns on the safety of a peer-controlled company with no external oversight.

While self-driving cars sound like a futuristic utopia we might actually see in our lifetimes, once the industry makes it to the “real world”, I think the early winners won’t be the consumers, but the attorneys who will be litigating every step of the way.

How to make a “thread” (or “tweetstorm”) on Twitter

If you’ve been on Twitter recently, you might have noticed more and more people have a topic they want to discuss that takes far more than the 140 character limit per Tweet allowed. When they have a long topic to discuss, they create a “thread” on Twitter you can read all at once.

Here’s an example of a “thread” that was recently posted by Twitter…

Example of a Twitter thread

The way to create a “thread” like the one above was outlined in a recent Twitter Business post.

The process is very simple…

  1. Create a “first” tweet
  2. Reply to your own “first” Tweet
  3. If your @name appears in the Tweet compose field, delete it. The reply you type will nest under your first Tweet automatically.
  4. Continue replying to the newest / most recent Tweet in your thread until your narrative is complete.

That’s it!

For clarification, multiple posts in a row on the same topic are sometimes also referred to as “tweetstorms”, especially if they carry on for awhile.

If you want to create a “tweetstorm” with a numeric tally at the beginning of each tweet so your followers know how long the post will be (EX: A prefix of 1/12, then 2/12, then 3/12, etc…) there’s a freemium web service called WriteRack that will do that for you. You just paste your entire topic to their website (after you authorize WriteRack to access Twitter), and their service will break up your topic and post it for you with the appropriate sequence.

WriteRack’s free version limits you to 15 tweets in a “thread” and does not allow you to post images or space the postings out in a specified timeframe. Their premium service ($19.95 annually) allows for 100 tweets in a “thread” and removes the restrictions from the “free” version.

Be careful with all the other online apps that offer to post threads / tweetstorms for you. Some “need” to update your profile and add followers to your account as well as access your contacts. Choose another service if you see those requirements when connecting the app to Twitter.

FOSCAM cameras compromised. Affected models should be disconnected.

In a press release yesterday afternoon, Foscam officially announced their branded cameras manufactured by China-based Shenzhen Foscam have severe security vulnerabilities “which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network.”

Foscam recommends “disconnecting your current Foscam branded cameras from the internet until these issues have been resolved”

The models affected are:

  • Foscam R2
  • Foscam C1
  • Foscam C1 Lite
  • Foscam C2
  • Foscam FI9800
  • Foscam FI9826P
  • Foscam FI9828P
  • Foscam FI9851P
  • Foscam FI9853EP
  • Foscam FI9901EP
  • Foscam FI9903P
  • Foscam FI9928P

“The vulnerabilities affect “Foscam” branded cameras and cameras manufactured by China-based Shenzhen Foscam only. The vulnerabilities DO NOT affect Amcrest or FDT branded cameras which are produced by a separate factory and R&D team led by US-based Amcrest (formerly Foscam US and now Amcrest), which is totally unrelated to China-based Shenzhen Foscam.”

There is a damning report by FSecure [.pdf download] on the exact vulnerabilities found on the affected Foscam cameras. For starters, there’s hidden Telnet functionality, hidden hard-coded credentials for the web user interface, the FTP server account to the cameras have a hard-coded password, and the configuration back-up file is protected by hard-coded credentials. Any one of those is a very bad thing, but for all of those hard-coded backdoors to be on every camera system and on all models coming from one location? “Suspicious” would be a kind word.

Like I ranted about master passwords and again on master backdoors, hardware and software with embedded hard coded and/or universal master passwords are a big problem. Regardless of the original intent of having a master password and/or backdoor, once that “core” password gets out, that product is now fair game for anyone for any purpose anywhere anytime.

Good thing everyone on the internet is kind and rational. Oh, wait, that was just that one day back in 1989. Nevermind.

One Login password manager hacked

If you use One Login for your password storage, get ready for a bad weekend. The company announced their services have been hacked.

In an article on Ars Technica, the company said hackers compromised “customer data… including the ability to decypt encrypted data”.

If you have used One Login to save your passwords, you need to go through what you saved with them and change your password for all accounts they have.

On a side rant, using an online password manager is always a bad idea. Sure, it is convenient, but that also makes it a much bigger target for the bad guys. Thousands of unique bank accounts, account passwords and “real world” information like social security numbers and home security codes all in one place? I recommend using a local offline password manager instead.

What the iPhone 7 could have done to be different

The iPhone 7 is a definite “meh”. Same look, same system, same Apple repackaging of last year’s tech.

Apple keeps missing opportunities to innovate, and if they keep this trend going, more and more Apple fanatics are going to jump ship.

Off the top of my head, here some things I would like Apple to do with their iPhone line…

  • Move the top camera behind the front screen so selfies and Facetime chats are “centered” and not focused on someone’s chin or forehead. The camera would “read” the colors in front of it (whatever pixels are on the display) and correct (ie: remove) them in the output. The camera would be invisible to the user and there would be no “black dots” on the screen. Video chats would finally look like they do in the movies where people look at the screen and not at the camera four inches over it.
  • Open a mid-level API so advanced developers could make “high end” apps for the iPhone. Nothing that would tweak the core iOS, but things like real system theme changes, control over zooming and scaling, changing the mail fetch interval, reading tower signal strength, etc. All the new apps that use the mid-level API would be in an “advanced” section of the app store. If any of the apps caused problems, mid-level apps could be disabled in SETTINGS.
  • Offer a battery enhanced model of all iPhones. They would be thicker than the “normal” versions, but with 300% more battery life. Bonus points if the battery could be hot-swapped for a “new” battery and a smaller internal battery would keep the iPhone working during the switch.
  • On a related note, wireless charging for “standard” iPhones would be a long-overdue addition, but also add charging transfer for the battery enhanced iPhones to “standard” iPhones. Imagine being able to transfer power from one fully charged iPhone to another iPhone if they were touching back to back.
  • Keep the existing microphone on the bottom of the iPhone, but add one microphone on the top to allow for “stereo” recordings. Put a built-in app that shows “left channel/right channel” sound editing for extra credit.
  • Add a micro SD card port for storage and photo/file transfers already.
  • Boost iCloud’s storage to half the iPhone’s current capacity. By default, 128s would get 64 gigs of cloud storage, 64s would get 32 gigs of storage and 16s would get 8 gigs of storage.
  • Color changing LEDs have been around for awhile, so why not have the LED on the back of the phone that’s just a “white flash” change color too? Blue, yellow, soft white, etc. Add intensity control and the ability to specify color changes in the camera as the photo is being taken and Instagrammers will go bananas.
  • Open AirDrop to all phone manufacturers so it becomes the standard for phone-to-phone wireless exchanges.
  • Finally, a minor tweak to the iTunes store – allow for apps, movies and music purchased online to be completely transferred to another account once every five years.

Like I said, just off the top of my head, there’s a lot of things Apple can do to keep their iPhones popular and far ahead of their competitors. Releasing the same design with trivial changes isn’t going to be a sustainable business model no matter how much liquid cash they have in reserve.

Concern over headphone based DRM on the iPhone 7

To paraphrase Han Solo, “I’m away for awhile and everybody gets delusions of grandeur.”

Apple just announced a new iPhone, and instead of being excited, I’m kind of worried. By removing the old fashioned headphone jack in the new iPhone 7 and making all audio go through their DRM enabled lightning jack, Apple has placed a HUGE hardware audio lock on all consumers.

Putting it in a really simple way, standard headphone jacks don’t have a guard at the exit door. Any sound can come out. Lightning jacks on the iPhone 7 DO have a guard at the door who can decide what sounds get to leave and what sounds can’t. The new guard may not let some sounds out unless there’s a specific ride waiting for them.

As for the sounds themselves, if the sound has to call home every time it wants to exit and play, if their home doesn’t answer or if their home says “you’re not supposed to be there”, the guard won’t let them out. 

Sounds that play already should be ok, but with this new guard at the door, more “homes” concerned with making money and keeping their sounds safe might demand calls home all the time. 

There’s no legal way to circumvent the guard, and since the guard is part of the hardware, he’s not going to move without a major undertaking.

This is a huge loss of consumer control. Apple can now lock out headphones, speakers and even audio formats if they haven’t paid the appropriate bribe to Apple in advance.

Did I say bribe? I meant licensing fee.

The really sad thing is that since Apple has set this as their new normal and Apple fans typically buy new iPhones in record numbers, other phone manufacturers will pick up on this new source of income and run with it.

This just might wind up in a class action lawsuit in a few years.

In other news, my world has changed for tremendously better, and this blog might maybe spin slightly in a new direction. It’s all good, though. Happiness is infectious!