Category Archives: postmedia

Quebec insurer says personal information of present, past staff may have been exposed in cyberattack

A Montreal-based insurance firm’s website is still offline four weeks after a cyberattack and is still trying to recover from the incident.

Promutuel Assurance says the attack started on Dec. 20 and made its IT systems unavailable. In a statement yesterday, the firm said that, so far, its investigation shows no signs of compromised social insurance numbers, driver’s licence numbers, credit card numbers or banking information of insured members.

However, the statement added, personal information of past, present and retired employees “may have been compromised.” As a precaution, Promutuel says it will provide them with credit monitoring and data protection services.

In an email, a spokesperson for the company was asked to confirm to IT World Canada if the incident was ransomware. According to a source working for a cybersecurity research firm in Canada who wished to remain anonymous, the website of the DoppelPaymer ransomware gang lists Promutuel as a victim. It also lists file names it allegedly copied in an attack. Typically, DoppelPaymer threatens to release copied files if the victim doesn’t pay for a data decryption key.

The spokesperson referred the publication to its official statement, which didn’t explain the attack’s source.

Another attack

Meanwhile, Winnipeg-based fashion retailer Nygard, which is in receivership, has acknowledged that it was hit by a ransomware attack.

Earlier this week, the Journal de Quebec reported that confidential documents from the firm had been published online. In a story today, the news site said Promutuel told it those 15 files were recovered.

Meanwhile, late Friday afternoon, the receiver for the Nygard group of companies issued an advisory to employees, customers and partners about a Dec. 12 ransomware attack.

Richter Advisory Group Inc., the court-appointed receiver of Nygard Holdings (USA) Limited, Nygard Inc., and several related companies, said it issued the statement to advise current and former employees, customers, suppliers and others to monitor their information for any unusual activity, including suspicious emails or other communications that claim to be from the retailer.

Richter has been selling off Nygard assets for several months after taking control of the company in March 2020. The cyberattack happened after the receiver took over the company. However, it says that while the attack encrypted many servers, data copied for forensic purposes wasn’t impacted.

On Dec. 30, Richter issued a report to the Manitoba court on the progress of its work, which included a description of the attack. It said the attackers from the Netwalker ransomware gang initially demanded the equivalent of about $3.6 million in bitcoin for the decryption key or copied data would be released. That demand has gone up to the equivalent of $7 million.

In its statement to the court, the receiver said a ransom wouldn’t be paid.

Richter has hired security firm Sophos to work with it to try and restore data from Nygard backups. As of the end of December, the receiver couldn’t say who might be impacted by the attack. Of Nygard’s 245 servers, 58 were encrypted, including five with data on current and former employees, five with sales data and eight with financial data. The report says 54 backup servers are available, but it isn’t confident the data can be relied on in part because the attack damaged  Nygard’s IT system.

Former company head Peter Nygard was taken into custody Dec. 15 and is awaiting extradition to the U.S. on allegations of racketeering, sex trafficking and related crimes.

The post Quebec insurer says personal information of present, past staff may have been exposed in cyberattack first appeared on IT World Canada.

Weak cyber hygiene behind many successful cloud attacks, warns US agency

Experts maintain that organizations that mandate multifactor authentication as an extra step to protect logins greatly improves their defences. However, it’s not fail-proof.

The latest example is this week’s warning from the U.S. government’s cyber expert that successful hacks have been reported on cloud services, including one that got around MFA, possibly by stealing browser cookies.

The report from the Cybersecurity and Infrastructure Security Agency (CISA) also makes it clear that firms thinking cloud services alone improve security are wrong: “Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks,” the report says.

“Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.”

One thing many cloud attacks have in common, the report adds, is that victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access the cloud services.

Phishing tactics

Threat actors often use phishing emails with malicious links to harvest credentials for users’ cloud service accounts. Some included a link to what appeared to be a secure message, while others looked like a legitimate file hosting service account login. After a targeted recipient provided their credentials, the threat actors then used the stolen credentials to gain to the user’s cloud service account. The attackers then sent emails from the user’s account to phish other accounts within the organization. In some cases, these emails included links to documents within the organization’s file hosting service.

Port 80 open

In one case, the report says an organization didn’t require a virtual private network (VPN) for accessing the corporate network. Although their terminal server was located within their firewall due to remote work posture, the terminal server was configured with port 80 open to allow remote employees to access it—leaving the organization’s network vulnerable. The threat actor attempted to exploit this by launching brute force login attempts.

Abuse of email forwarding

In several cases, threat actors collected sensitive information by taking advantage of email forwarding rules, which users had set up to forward work emails to their personal email accounts.

In one case the attackers modified an existing email rule on a user’s account — originally set by the user to forward emails sent from a certain sender to a personal account — to redirect the emails to an account controlled by the actors. The threat actors updated the rule to forward all email to the threat actors’ accounts.  Attackers sometimes modified existing rules to search users’ email messages (subject and body) for several finance-related keywords and then and forward the emails to the hackers.

In other cases the threat actors created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users’ Really Simple Syndication (RSS) Feeds or RSS Subscriptions folder in an effort to prevent warnings from being seen by the legitimate users.

MFA abuse

CISA verified that in one case a threat actor successfully signed into one user’s account with proper multi-factor authentication (MFA). CISA believes the threat actors may have used browser cookies to defeat MFA with a “pass-the-cookie” attack.

On the other hand the agency admits MFA did thwart attempted brute force attacks on some accounts.

The report “is a rude awakening that attackers are seeing personal email accounts as the soft underbelly to corporate environments and are starting to use “pass-the-cookie” techniques to successfully bypass multi-factor authentication,” said Ed Bishop, CTO of security firm Tessian. “While phishing is a persistent threat to company security, the risk posed by people sending emails to personal accounts is often overlooked, and it’s a risk that’s been heightened as people work remotely.”He added that personal accounts are easier to compromise because they are typically only protected by home routers often have remote management APId. Companies should only allow access to corporate cloud infrastructure from known IP addresses, ideally via a corporate VPN endpoint with separate strong authentication or MFA in place.

In addition, businesses must treat remote home networks as untrusted, in the same way they do for airports or coffee shops, and require remote workers to use a VPN for any work-related task. Lastly, it’s important that companies monitor when new forwarding rules are created, and in some cases even disable auto-forwarding rules altogether.

Christian Espinosa, managing director at Cerberus Sentinel, noted that pass-the-cookie attacks aren’t new.

Cookies establish session persistence for web applications, he said in an email, and are placed on a computer whether MFA is used or not. The cookie contains the session ID and access tokens to the web application to avoid constant re-authentication. “This is an inherent flaw in the HTTP protocol and how web applications work. HTTP is a stateless protocol and relies on cookies to maintain state.”

He said the way to mitigate the MFA pass-the-cookie vulnerability is with better cookie management and better user training. Cookies should be set with a short lifespan and for a single session, so when the browser is closed, the cookie is made void. Users should be trained to logoff the web application and close their browser after they are done using the web application. Many users never logoff or close a browser, he noted, which increases risk.

The CISA report includes a long list of recommendations for better security cloud applications. For those using Microsoft Office 365, it specifically recommends:

  • Assigning a few (one to three) trusted users as electronic discovery (or eDiscovery) managers to conduct forensic content searches across the entire environment (Mailboxes, Teams, SharePoint, and OneDrive) for evidence of malicious activity.
  • Disabling PowerShell remoting to Exchange Online for regular users. Disabling for non-administrative users will lower the likelihood of a compromised user account being used to programmatically access tenant configurations for reconnaissance.
  • Don’t allow an unlimited amount of unsuccessful login attempts.
  • And consider using a tool such as Sparrow or Hawk, which are open-source PowerShell-based tools used to gather information related to Office 365, to investigate and audit intrusions and potential breaches.

The post Weak cyber hygiene behind many successful cloud attacks, warns US agency first appeared on IT World Canada.

KNBA to open global technology centre Hub350 this year

The Kanata North Business Association (KNBA) announced today that it is opening a global technology centre for Canada’s largest tech park – Hub350 – in 2021.

Located at 350 Legget Drive, at the core of Ottawa’s special economic zone development project, KNBA says this new space will better facilitate introductions for its member companies to funding resources, research, and new talent, representing the creation of a physical community to support members and their employees, community partners and sponsors. The goal is to bring together industry, academia and finance professionals in Kanata North to further support its member companies.

Related:

Ontario’s Kanata North Business Association launches new platform to grow local tech cluster

 

Since the Ontario province is still facing restrictions due to the pandemic, Hub350 won’t be open to the public until the summer. Once the centre is fully operative, KNBA says it will implement and adhere to all the safety protocols dictated by the authorities. 

The centre will serve as the “gateway to Canada’s largest technology park”, said Jamie Petten, the president and executive director of KNBA, in a press release. “The Hub350 space will be the truest intersection of nature and technology – a trendy, natural atmosphere to attract world-class talent and companies, while showcasing Kanata North as Canada’s destination to live, work, play and learn.”

The future for the next 25 years

The Hub350 is being launched with the aim to better support KNBA’s member companies and further the Ottawa region as one of the world’s leading tech capital, says Vicki Coughey, KNBA chair. 

The new hub furthers this aim by serving as a foundation for the technology park’s special economic district designation, a concept developed and co-led by KNBA and City of Ottawa long term planning, economic development teams in support of the national capital region’s new Official Plan. The City of Ottawa’s next Official Plan will support future development across the city and within the technology park over the next 25 years, according to the press release. 

“With support from Hub350, teams like ours will be able to set up more meetings with post-secondary institutions, corporate partners and investors in the future. Having these resources available all in one collaborative and dynamic community workspace at the heart of the technology park will be invaluable,” said Tracy King, vice-president of marketing at Martello Technologies. “It’s great to see that, in many ways, we will now have a town hall for the hundreds of tech companies located in Kanata.”

Hub350 will also be the physical home of Canada’s largest aggregated tech job board Discover Technata which seeks to attract job seekers from around the world to Ottawa’s Kanata North as part of the business association’s economic recovery plan to accelerate innovation through the pandemic, according to the announcement. 

The 350 Legget location is home to the original Mitel Networks campus, and will be designed by Linebox studios, designers of the Shopify offices. The new hub will be supported by a series of Canadian and multinational enterprise sponsors, which KNBA will announce in the coming weeks.

The post KNBA to open global technology centre Hub350 this year first appeared on IT World Canada.

CRTC says Canadian ISPs may be forced to get tougher on botnets

Canada’s telecom regulator may force internet service providers to adopt network-level botnet blocking to limit criminally-run automated systems’ ability to spread malware.

ISPs can use several techniques to fight botnets, including domain-based blocking, internet protocol (IP)-based blocking and protocol-based blocking. However, these and other strategies aren’t required by regulation or controlled for possible bias.

But on Wednesday, the Canadian Radio-Telecommunications and Telecommunications Commission (CRTC) called for comments on a proposal to require ISPs to implement strategies to fight botnets at the network level by blocking suspicious email, texts and communications by malware to command and control servers.

It would do so by approving a mandatory or voluntary network-blocking framework that carriers would follow. To meet privacy concerns, the commission says any approved framework has to be done in ways that protect internet user privacy, enable subscribers to opt into or out of message blocking, provide a mechanism to correct possible false positives of messages, ensure blocking decisions are unbiased and made in the best interest of Canadians, and minimize subscriber information monitoring, collection, and usage.

Technically, the CRTC says, any filtering or blocking affects the principle of net neutrality — the concept that all internet traffic should be given equal treatment by ISPs, with little or no prioritization. But there are exceptions, the CRTC notes. For example, blocking access to child exploitation material. If rules for network-based blocking are approved, “a limited exception to net neutrality may be warranted” to give Canadians protection from spyware, information theft and ransomware, the regulator says.

The commission also suggests that rather than leave decisions in the hands of ISPs, an independent body with expertise in cybersecurity might assess whether blocking a particular domain or IP address is justified. That body could also decide how message blocking decisions can be unbiased and accurate. The commission doesn’t suggest a body, but one possibility is the federal government’s Canadian Centre for Cyber Security.

The commission also acknowledges that any blocklist of forbidden IP addresses will need to change regularly to remain accurate. It wants to hear about worries of over-blocking and false positives and ways to take wrongly-blocked addresses off a list quickly.

“Malicious botnet attacks are a serious and recurring concern,” CRTC chair Ian Scott said in a statement. “Almost every week, we see another organization victimized by ransomware or hear of a fellow citizen lured in by a phishing scam. With the launch of this proceeding, we are aiming to better protect Canadian individuals, businesses and institutions against damaging botnet activity.”

ISPs, exchange carriers, web hosting companies, consumers, and others have until March 15th to file comments. Submissions are limited to 20 pages.

In an interview, telecommunications consultant Mark Goldberg said that by launching this consultation, the CRTC might be signaling that blocking and filtering measures ISPs already perform need formal approval of the commission under the Telecommunications Act. Section 36 of the act says a carrier shall not control content or purpose of communications it carries without permission.

In a statement the Competitive Network Operators of Canada (CNOC), which represents many independent ISPs, said the consultation may raise end-user concerns with content interference and blocking and overreach. At the same time, it added, network integrity, public safety, and user safety are crucial. “We will study this new consultation, to identify any meaningful areas requiring comment in terms of independent ISPs and concerns about how this might affect our users, and our ability to compete fairly.”

Greg Young, vice-president of cybersecurity at Trend Micro who used to work for the federal department of communications, applauded the proposal to create an anti-botnet framework. “Anything that blocks known bad traffic is a good thing,” he said in an interview.

The CRTC has the authority to fight spam by enforcing the Canadian Anti-Spam Legislation (CASL), which prevents Canadian-based companies from sending commercial email without the recipient’s consent, installing software on computers without consent, and making false or misleading representations to promote products or services online. The CRTC expects ISPs to take steps to limit such behaviour on their networks. Botnets, which are huge networks of interconnected PCs, servers and other internet-connected devices around the world that pump out spam, violate CASL.

However, most are controlled outside Canada and therefore out of the reach of the regulator. A framework would give ISPs a guide to implementing technologies to block messages from botnets to domains of their command and control (C2) servers, as well as meet privacy concerns.

No one-size-fits-all solution

The CRTC document notes that one strategy alone won’t accomplish its goals. Not all malware connects to C2 servers using domains, so that domain-based blocking won’t work for these attacks. That’s why IP-based blocking (through firewalls that block communications to suspected C2 servers) and protocol-based blocking need to be used.

The commission says if it goes ahead with mandating botnet traffic blocking, it could do many things to protect privacy. Suggested ideas include prohibiting carriers from monitoring, collecting, or disclosing content or metadata that does not contribute to blocking botnet traffic; limiting monitoring and collection to the destination domain name or IP address requested and the number of times the malicious service is requested, and restricting disclosure of monitored data to parties participating in the blocking program.

And while internet subscribers should know some information from ISPs to decide which provider to chose and whether to participate in a blocking program (such as whether a particular domain or IP address is blocked), the CRTC also says it may put limits on how much an ISP can publicly divulge about its blocking technology.

Carriers can use the consultation to list their preferred blocking techniques, listing pros and cons. If domain-based blocking is one, they can talk about which domain resolver technology they prefer. Domain resolvers translate domain names into IP addresses. Domain resolver providers include the Canadian Internet Registry Authority’s (CIRA) Canadian Shield, Quad9, OpenDNS, Comodo Secure DNS and CleanBrowsing.

(This story has been updated from the original to add statements from CNOC and Greg Young of Trend Micro)

The post CRTC says Canadian ISPs may be forced to get tougher on botnets first appeared on IT World Canada.

CES 2021: AMD launches Ryzen 5000 mobile processors and new desktop processors for OEM

AMD announced its 5000 series mobile processors at CES 2021 and two new lower-power desktop processors for OEM.

Ryzen 5000 mobile processors

AMD divided the Ryzen 5000 mobile family into the H-series high-performance processors for gaming laptops and the U-series mainstream processors for ultraportable.

AMD says that the gaming industry is now larger than the music and movies industries combined. All image credits: AMD.

With this release, AMD brings the Zen 3 architecture to its mobile segment. AMD claims that the Ryzen 5000 mobile chips are 16 per cent faster in single-threaded tasks and 14 per cent faster in multi-threaded performance than the previous gen.

Full AMD Ryzen 5000 series mobile processor lineup. Click to enlarge.

The new chips fall between 15 to 45W+ thermal design power (TDP). AMD further divided the “H” suffix into “H” for 20W, “HS” for 35W, and “HX” for 45W+ TDP. Chips designed for mainstream have the “U” suffix and 15W TDP. In addition, HX chips support manual overclocking, hence their 45W+ TDP.

All Ryzen 9 series chips have 8-cores/16-threads and 20MB of cache. Their performance is segmented by their thermals. At the top is the 45W+ Ryzen 9 5980HX. As the hottest chip, the Ryzen 9 5890HX also has the highest frequency, clocking in at 4.8GHz boost and 3.3GHz base.

AMD Ryzen 9 5900HX vs the Intel Core i9-10980HK mobile processor.

During the presentation, AMD CEO Lisa Su noted that the Ryzen 9 5900X beats the Intel Core i9-10980HK, which also has eight cores and 16 threads, in PassMark and 3DMark FireStrike Physics. Most importantly, Su showed the Ryzen 9 5900HX beating the Core i9-10980HK in Cinebench’s single-threaded test by 13 per cent. She also demonstrated the PlayStation console exlusive Horizon Zero Dawn running at 100 FPS at 1080p on the Ryzen 9 5900HX, and said that gaming notebooks with Ryzen 5000 mobile processors can deliver “smooth gaming experiences” at 4K.

The Ryzen 7 segment is topped off by the Ryzen 7 5800H, an 8-core/16-thread part that measures at 4.4GHz boost and 3.2GHz. Moving down the ladder, the Ryzen 5 5600HS carries 6-cores/12-threads and 4.2GHz / 3.3 GHz boost.

In the mainstream segment, the Ryzen 7 5800U is the company’s best offering. It has eight cores just like the performance range but caps the base clock to 1.9GHz due to its lower-rated TDP. Also note that the Ryzen 5 5500U and the Ryzen 3 5300U are based on Zen 2 architecture, not Zen 3.

AMD Ryzen 7 5800U competes against the Intel Core i7-1185U.

Su compared the Ryzen 7 5800U to the Core i7-1185G7, Intel’s current best mainstream mobile processor. The company’s internal tests showed that the Ryzen 7 5800U leads video encoding in Adobe Premiere by 44 per cent thanks to its higher core count. In addition, the Ryzen 7 5800U was shown to lead in PC Mark 10 content creation and application benchmarks.

AMD says it expects the Ryzen 5000 series to power over 150 devices this year.

New desktop processors for OEM

AMD also announced two desktop processors with reduced TDP for OEMs. The Ryzen 9 5900 and the Ryzen 7 5800 are lower-powered alternatives the Ryzen 9 5900X and the Ryzen 7 5800X. They both feature 65W TDP, down from the 105W of the originals. As expected, reducing the TDP also drops the clock speed, especially for the base clock. It’s not yet known whether these new chips support overclocking.

The Ryzen 9 5900 and Ryzen 7 5600 cut the TDP at the expense of clock speed.
The post CES 2021: AMD launches Ryzen 5000 mobile processors and new desktop processors for OEM first appeared on IT World Canada.

CES 2021: Intel’s new vPro platform, Tiger Lake-H, new chips for education, and Rocket Lake-S

Intel announced the 11th gen intel vPro mobile platform, 11th gen Core H-series mobile processors, new Pentium and Celeron processors, and previewed Rocket Lake-S and Alder Lake desktop processors.

11th Gen Intel vPro platform

Intel’s vPro platform has been updated to 11th generation. With it, commercial and enterprise users can now benefit from the more efficient 10nm SuperFin transistors and Intel’s Xe graphics. The 11th gen Core i5 and i7 vPro processors also natively support Wi-Fi 6/6E, as well as Thunderbolt 4.0. Intel says that the new vPro platform is 23 per cent faster in productivity than the competition in Office 365 and up to 50 per cent faster in video conferencing.

On the heel of its vPro platform, Intel also announced the Intel Evo vPro platform to push the industry towards sexier laptop designs for business. Similar to the consumer Evo verification, Intel has set criteria around responsiveness, wake times, and battery life to ensure user experience.

High-performance Tiger Lake-H (H35) processors

Tiger Lake mobile processors have been around for some time now, but Intel has been mum on the arrival of its H-series chips. Seeing its release at CES 2021 is a sight for sore eyes.

Tiger Lake-H launch lineup. Click to enlarge. All image credits: Intel

The new H-series lineup consists of the Core i5-11300H, Core i7-11370H, and the Core i7-11375H Special Edition. They retain the 4 cores of the power-effient Tiger Lake U processors but raise the thermal design power (TDP) to 35W. This increased TDP refers to the configurable TDP (cTDP) up, the highest base TDP the processor can run at with adequate cooling.

Perhaps even more significant is the jump in the minimum configurable TDP. For Tiger Lake-H, the cTDP-down, the lowest TDP the processor can be configured, has been increased to 28W. The new Tiger Lake-H’s cTDP-down matches the cTDP-up of the highest-end Tiger Lake processor in the mobile segment.

Related:

Big cat swims: Intel details Tiger Lake and SuperFin transistors

 

Raising the cTDP-down also raises the processor’s base frequency. Whereas the Core i7-1185G7 runs at 1.2GHz at its cTDP-down of 12W, the Core i7-11375H runs at 3GHz at 28W, which is the cTDP-up frequency of the Core i7-1185G7.

Intel Tiger Lake-H performance and features overview. Click to enlarge.

Looking at the three SKUs, the only difference between the Core i7-11375H Special Edition and the Core i7-11370H is that the former has a 200MHz higher boost clock. The Core i5-11300H has the same number of cores but lower frequencies, as well as 4MB less cache.

Because Tiger Lake-H’s cTPD-down has more than doubled, it needs more powerful cooling solutions. Since it needs more thermal pampering, Tiger Lake-H will be more at home in gaming systems that have better cooling than ultraportables.

Intel has been making an effort into the mobile gaming market. Despite its higher power profile, Tiger Lake-H will find itself in 14 to 15-inch laptops that are under 2cm thick.

Other than the tweaked power and thermal parameters, Tiger Lake-H looks identical to the high-end Tiger Lake U processors launched last year. In this launch, Intel could be trying to squeeze out more performance from its existing chips by tuning the power profiles until it could release the next product. Intel was not immediately available for comment.

Click to enlarge.

And the next product is coming soon. The company also showcased an 8-core mobile processor that’s still in the works. Not much is known about this chip other than it can hit 5GHz across multiple cores.

Tiger Lake-H will come with DDR4 support, Wi-Fi 6 and 6E, PCIe Gen 4, and a resizable base address register (BAR) feature that will give CPU access to the entire GPU memory. AMD’s Smart Access Memory (SAM) is built on the same concept.

New Celeron and Pentium processors for education

Remote learning has exponentially driven up the demand for affordable mobile PCs. Intel suggests that 10 per cent of all PC purchased were for students. Targeting this sector, Intel launched the Pentium Silver N6000, Celeron N6211, Celeron N5100, and Celeron N4500 series processors built on the 10nm node. Intel claims that these new processors deliver up to 35 per cent overall application performance and 78 per cent better graphics performance gen-on-gen.

Core i9-11900K to lead Rocket Lake-S lineup, Alder Lake-S powered on

Intel also announced that Rocket Lake-S, the 11th generation desktop processors, will arrive in Q1 2021. The lineup will be led by the Core i9-11900K that features 8-cores and 16 threads. Rocket Lake’s Cypress Cove core architecture is a backport of Ice Lake’s 10nm Sunny Cove core architecture onto Intel’s 14nm node. It is not based on Tiger Lake’s Willow Cove core.

With the backport, Intel hopes to at least bring the architectural benefit of Sunny Cove to its 14nm node. According to the company, Rocket Lake-S achieves 19 per cent instruction per cycle (IPC) improvement over Comet Lake-S. Several slides also show that the Core i9-11900K can hit a max single-core frequency of 5.3GHz on a single core and 4.8GHz on all cores.

The Core i9-11900K is expected to carry to 20 CPU PCIe 4.0 lanes, four more than what Comet Lake processors offer and a generation newer. It will support up to DDR4-3200 memory. Intel will release a new 500 series chipset with Rocket Lake-S, but the processor will be backward compatible with motherboards using Intel’s 400 series chipsets.

Looking towards the future, Intel’s 12th gen Alder Lake processors are set to arrive in the second half of 2021. In addition to its enhanced 10nm SuperFin transistor, Alder Lake’s will see a new design by combining performance cores and efficiency cores into a single product. This approach is reminiscent of the long-standing strategy adopted by smartphone processors.

Intel demonstrated an Alder Lake PC during its CES presentation. Click to enlarge.

 

The post CES 2021: Intel’s new vPro platform, Tiger Lake-H, new chips for education, and Rocket Lake-S first appeared on IT World Canada.

Common development error likely led to huge Parler data theft, says expert

The huge theft of data from the controversial — and now almost homeless — social media app Parler was accomplished in part through a common web development mistake, according to one expert.

“Essentially the Parler [software] engineers made a mistake in that they allowed an endpoint [a web address] to exist that people could sequentially query,” says Matt Warner, CTO and co-founder of Blumira, an Ann Arbor, Mich.-based a cloud-based threat detection provider. “And if you can stand up enough people looking at different blocks of numbers you can essentially scrape nearly unlimited amounts of data through that endpoint.”

In short, the URLs Parler developers created included sequential numbers, like “ID=12345.” Knowledgeable people could guess the next numbered page was 12346 and would get a hit if access wasn’t protected.

That’s all right if the page is public. If it’s not — for example, it’s a page only logged in bank customer “Jane” is only allowed to access — then once anyone is logged in they can see other pages/accounts just by changing the page number.

Software developers call this an insecure indirect object reference (IDOR), and for years it was one of the Open Web Application Security Project’s (OWASP) Top 10 vulnerabilities. To be exploited, OWASP says, an IDOR issue must be combined with an access control problem, which gives an attacker access to a web page. Warner suggested the researchers or activists might have gained that access after several providers like Twilio dropped Parler after last week’s mob attack on the U.S. Congress. That may have made it impacted email verification, making it easier for new users to subscribe, opening the door to the IDOR expoit.

The data scraping happened shortly after it was revealed that Parler would be de-listed by providers because people involved in last week’s mob attack on the U.S. Congress used it to communicate. Apple and Google dropped Parler from their app stores, and Amazon stopped allowing Parler to use its hosting facilities. Parler is now suing Amazon.

In what Warner calls “probably the most co-ordinated hactivism we’ve seen in a while,” some 15 people who were told of Parler’s vulnerabilities quickly copied apparently almost every users’ post and attachment. According to the news site Gizmodo, 56 terabytes of data has been captured.

A question of timing

One interesting question is whether the IDOR vulnerability was discovered after the incident in Washington, or if it’s been known for some time, according to Warner.

IDOR is “a really common risk” among developers who build their own websites and application programming interfaces (APIs), Warner said. “It used to be a lot more common five or 10 years ago when people were standing up early database-driven web sites. It’s not that common these days with the prevalence of UUIDs (universally unique identifier, sometimes called a globally unique identifier), which are long and complex [URL] IDs, but for whatever reason on this specific endpoint, which was associated with their mobile app, they weren’t doing that. And because of that it essentially exposed all of Parler’s attachments and metadata.”

It’s one of the reasons why application security and testing is essential, Warner said. Parler more than likely didn’t have their application tested from a web application point of view. And it’s one of those things that can cascade very quickly just because it indicates other areas of risk within the environment — if you’re missing checks in this area you’re probably missing other areas in the application.”

IDOR vulnerabilities can be avoided if website designers make sure authentication and authorization of URLs are included early in development, says Warner. Otherwise, “if you have a lot of complex code you have to figure out where to jam that authentication check.”

Another way is to make sure sequential IDs are not part of page numbering so people can’t guess brute force access to pages.

The post Common development error likely led to huge Parler data theft, says expert first appeared on IT World Canada.

HP Elite Dragonfly G2 and Max take off at CES 2021

HP’s new Elite Dragonfly G2 and Dragonfly Max laptops include new remote work enhancements.

Device HP Elite Dragonfly G2 HP Elite Dragonfly Max
CPU Up to 11th-gen Intel Core i7 vPro processor Up to 11th-gen Intel Core i7 vPro processor
GPU Intel Iris Xe graphics  Intel Iris Xe graphics
Display
  • 13.3-inch, 1920 x 1080p, 400 nits, low power
  • 13.3-inch, 1920 x 1080p, 1000 nits, HP Sure View Reflect
  • 13.3-inch, HDR400, 3840 x 2160, 550 nits
13.3-inch, 1920 x 1080p, IPS, 1000 nits, HP Sure View Reflect privacy screen
Memory Up to 32GB LPDDR4 Up to 32GB LPDDR4
Storage Up to 2TB Up to 2TB
Battery TBD 56.2Wh
Ports 1x USB 3.1 Gen 1, 2x USB-C (Thunderbolt 3), 1x HDMI 1.4b, 1x nano SIM 1x USB 3.1 Gen 1, 2x USB-C (Thunderbolt 3), 1x HDMI 1.4b, 1x nano SIM
Weight Starting at 1kg (2.2lbs) Starting at 1.13kg (2.49lbs)
OS Up to Windows 10 Pro Windows 10 Pro
Price TBD TBD

Elite Dragonfly G2

HP Elite Dragonfly G2

When the first Elite Dragonfly hit the market, its lightweight and attractive design swooned commercial and personal users alike. The Elite Dragonfly G2 retains its predecessor’s design language and tacks on a ton of new features.

The chassis is still made using magnesium alloy and weighs under a kilogram. But under the hood, the Dragonfly G2 now uses Intel’s 11th-gen Tiger lake vPro processors. It also expands memory support to 32GB, double that of the previous generation. The touchpad is now backlit and the keyboard spill-resistant.

Users can configure their device with a 13.3-inch 400 nits 1080p display or a 550 nits 4K display. For those who work in bright environments, HP also offers a 1080p display option that can reach 1000 nits with HP’s privacy screen that shields the display from prying eyes. All displays are covered using Corning’s Gorilla Glass 5 and are compatible with the HP Pen.

Hardware aside, the Elite Dragonfly G2 now supports on-lap detection, intrusion detection, and enhanced sound and AI noise cancellation.

There are some sidegrades as well—for example, the manual webcam shutter slider. Instead, the Elite Dragonfly G2 features a dedicated key on the keyboard to turn the webcam on and off. The webcams still boast an IR sensor for Windows Hello sign in.

Designed as an always-connected device, the Dragonfly G2 accompanies a 4G and 5G radio alongside Wi-Fi to ensure that the Zoom meeting is never interrupted.

Elite Dragonfly Max

HP Elite Dragonfly Max

The Dragonfly Max has all the benefits of the Dragonfly G2 and then some. In addition to the updated performance and features, the Dragonfly Max also comes with a sharper 5MP webcam. It also features four microphones to capture sound from multiple directions and participants. It also features HP Eyease, a blue light filter typically found on HP’s business monitors.

The extra functionalities do come at the cost of a slight weight increase. Moreover, the Dragonfly Max has only a single 1080p display option.

Availability

The HP Dragonfly G2 is coming to Canada in late January. The Dragonfly Max will follow in April. Pricing will be announced closer to the launch date. Since they’re the best HP has to offer, both in terms of function and style, don’t expect them to be cheap.

The post HP Elite Dragonfly G2 and Max take off at CES 2021 first appeared on IT World Canada.