Browse > Home / Search

Are Smart Meters A Hacker Wonderland?

December 21, 2022

One reason to not upgrade your entire life to the digital cloud is an increased risk of hacking vulnerability. Interior and exterior security cameras, particularly baby monitors, are prone to hacking, but did you ever think smart meters for electricity and heating would be a target? Yahoo News reports that British households are being hacked by energy companies: “Switch By Stealth’: Alarming Rise In Homes With Smart Meters Being Cut Off Remotely.”

Smart meters are digital readers that monitor the amount of electricity a household uses, then sends the information back to the energy company. Smart meters provide energy companies with better information about energy consumption and billing. Smart meters also allow energy companies to remotely switch a customer’s payment method. The payment method is switched from debit payments to an expensive prepayment method.

What is worse is that when all the funds from the prepayment method are used up, the energy company will shut off the energy leaving a household without electricity and heating.

The British government is listening, but not acting quickly enough:

“It comes amid the worsening cost-of-living crisis, with the average yearly energy bill reaching £2,500 in October – a record high, and almost double the price it was last year. And energy bills are set to rise again in April, with estimates the average yearly bill could hit £3,500 per year. Campaigners are urging the government to honour their pledge to uprate benefits with inflation in the autumn statement next week, warning millions of low income households are already being forced into destitution without more support.”

It is understandable energy companies need to earn money to pay their employees, purchase energy, and keep the lights on, but why would they harm their customers? It would not be surprising if some bad actors wearing a white hat hack the smart meters and assist the people about to have their energy cut off.

Whitney Grace, December 21, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News | Comments Off on Are Smart Meters A Hacker Wonderland? 

Microsoft Software Quality: Word Might Stop Working. No Big Deal

December 20, 2022

I read a short item which underscores my doubts about Microsoft’s quality methods. l have questions about security issues in Microsoft’s enterprise and cloud products and services. But those are mostly “new” and the Big Hope for future revenues. Perhaps games will arrive to make the Softies buy Teslas and beef up their retirement accounts, just not yet.

Microsoft Confirms Taskbar Bugs, Broken File Explorer, and App Issues in Windows 10” reports:

If you use Windows 10, you might experience the following symptoms:

  • ?The Weather or News and Interests widget or icons flickers on the Windows taskbar
  • ?The Windows taskbar stops responding
  • ?Windows Explorer stops responding
  • ?Applications including Microsoft Word or Excel might stop responding if they are open when the issue occurs

The weather and news are no big loss in my opinion. Microsoft believes that Windows 10 users want weather and news despite the mobile phone revolution. (Remember Microsoft and its play to create a mobile phone? Yeah, that was spun as fail early and fail fast. I think of that initiative as a basic fail, not a fast or early fail. Plain old fail.)

The Taskbar and file manager are slightly more interesting. A number of routine functions go south for some lucky Windows 10 users.

But the zinger fail is that Microsoft Word or Excel die. Now that’s just what’s needed to make the day of a person who is working on a report at a so-so consulting firm like one of the blue-chip outfits in Manhattan, a newbie at a big law firm with former government officials waiting for the worker bees to deliver a document for the bushy eyebrow set to review, or a Wall Street type modifying a model to make his, her, thems partners lots of money.

These happy users are supposed to be able to handle stress and pressure.

I wonder if Microsoft executives have been in a consulting firm, law firm, or financial services company when a must have app stops responding. Probably not because these wizards are working on improving Microsoft’s quality control processes. Could Redmond’s approach to quality be blamed on an intern, a contractor, or a part time worker? My hunch is that getting blamed is not a component of the top dogs’ job description.

Stephen E Arnold, December 20, 2022

Written by Stephen E. Arnold · Filed Under Business process, Microsoft, News | Comments Off on Microsoft Software Quality: Word Might Stop Working. No Big Deal 

Who Can See Your Kiddies?

December 20, 2022

In an alarmingly hilarious situation, iCloud users are seeing photos of strangers on their devices. What sounds like a hacker’s gaff, actually proves to be a security risk. XDA Developers investigates what is going on with iCloud in, “iCloud For Windows Users Are Reportedly Seeing Random Family Photos From Strangers.”

People buy Apple products for its better security and privacy settings than PC devices. While Apple has an iCloud app for PC users, the app is not working as well as its fellow Apple products:

“Based on the reports, the corrupted files seemingly revolve around videos shot on iPhone 13 Pro and iPhone 14 Pro models. The footage in some cases is showing a black screen with scan lines. Though, what’s more worrisome is the random content that is showing up for some users. While it’s not confirmed yet, these photos of families, children, and other private moments could potentially belong to other people’s iCloud libraries. If this is the case, then Apple could get in some serious trouble. Unfortunately, deleting the iCloud for Windows app seemingly doesn’t solve this, as the issues are being reflected on the server.”

No one is certain what is causing the bug, but Apple needs to get on the problem. Apple will probably blame the issue on PCs being inept devices and the compatibility between Macs and PCs could be the reason. Apple is not infallible and here is a lesson in humility.

Whitney Grace, December 20, 2022

Written by Stephen E. Arnold · Filed Under News, Security | Comments Off on Who Can See Your Kiddies? 

Need Holiday Cash? Some Gotchas Exist

December 19, 2022

Perhaps one’s mobile device is not the best place to turn when shopping for a loan. The Dailyhunt shares, “Nearly 300 Predatory Loan Apps Circulating on Google, Apple Stores: Report,” originally published at India.com. The brief write-up cites a recent report from Lookout, stating:

“Nearly 300 loan apps are circulating on Google Play and the Apple App Store that exhibit predatory behaviour, such as exfiltrating excessive user data from mobile devices and harassing borrowers for repayment, a new report has revealed. According to cloud security company Lookout, these loan apps exploit victims’ desire for quick cash to trap borrowers into predatory loan contracts and require them to grant access to sensitive information such as contacts and SMS messages. Some victims have reported that their loans were accompanied by hidden fees, high-interest rates, and repayment terms that were not as favourable as advertised. Lookout also found evidence that data exfiltrated from devices were sometimes used to pressure borrowers for repayment, which is a common threat tactic to disclose a borrower’s debt to their networks. Researchers at Lookout discovered 251 Android apps that had been downloaded over 15 million times. On the Apple App Store, the researchers discovered 35 apps that ranked among the top 100 finance apps in their regional stores.”

High interest rates, hidden fees, and bait-and-switch terms are problematic enough. Stealing personal information for more effective threats and harassment is next-level abuse brought to us by modern technology. It is not as if the companies are unaware there’s a problem. We learn Google recently removed over 2,000 personal loan apps from its Indian Play Store and ordered loan apps in Kenya to submit proof of licensing. It seems, though, more comprehensive measures may be required. Borrower beware.

Cynthia Murrell, December 19, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News | Comments Off on Need Holiday Cash? Some Gotchas Exist 

Apple, the Privacy and Security Outfit, Has a New Spin for Pix

December 16, 2022

In an alarmingly hilarious situation, iCloud users are seeing photos of strangers on their devices. What sounds like a hacker’s gaff, actually proves to be a security risk. XDA Developers investigates what is going on with iCloud in, “iCloud For Windows Users Are Reportedly Seeing Random Family Photos From Strangers.”

People buy Apple products for its better security and privacy settings than PC devices. While Apple has an iCloud app for PC users, the app is not working as well as its fellow Apple products:

“Based on the reports, the corrupted files seemingly revolve around videos shot on iPhone 13 Pro and iPhone 14 Pro models. The footage in some cases is showing a black screen with scan lines. Though, what’s more worrisome is the random content that is showing up for some users. While it’s not confirmed yet, these photos of families, children, and other private moments could potentially belong to other people’s iCloud libraries. If this is the case, then Apple could get in some serious trouble. Unfortunately, deleting the iCloud for Windows app seemingly doesn’t solve this, as the issues are being reflected on the server.”

No one is certain what is causing the bug, but Apple needs to get on the problem. Apple will probably blame the issue on PCs being inept devices and the compatibility between Macs and PCs could be the reason. Apple is not infallible and here is a lesson in humility.

Whitney Grace, December 16, 2022

Written by Stephen E. Arnold · Filed Under News, Profile, Security | Comments Off on Apple, the Privacy and Security Outfit, Has a New Spin for Pix 

Using Microsoft? Lucky You in 2023

December 14, 2022

Several days ago, I had a meeting with an executive representing a financial services firm. In the course of confirming the meeting, the person told me, “We use only Microsoft Teams. Our security group has banned our use of Zoom and other video chat services.”

That’s why I found myself sitting at a sticky table in a coffee shop talking with this executive about a notification procedure which caught my attention. In that meeting, I mentioned that for each email sent to my official email by this person I received a notice that the individual was out of the office until mid-September 2022. Since we were meeting in the first week of December 2022, I found the emails from this person confusing.

I asked, “Why are you sending me an email and when I reply, I receive a notification from your corporate email system which tells me you are out of the office until September 2022.”

The response was, “Really? I will get IT to help me.”

Wow. Really.

Many organizations have embraced Microsoft systems and services. My hunch is that people want to use Excel. With full time employees in corporate information technology departments getting crushed by fixes, user issues, and software which does not do what the IT professional expects, companies want an fix.

Enter the cloud, certified consultants who can arrive like Wonder Woman, and big time engineers from a regional office to make everything work. Perfect. What could go wrong?

I read an article which may be accurate or may be presenting an incomplete report. Let’s proceed assuming that there is a kernel of truth in “Ransomware Discovered Carrying Legitimate Windows Certificates.” The write up states:

Cyber security company Sophos has issued a warning over antivirus-nullifying malware it discovered bearing legitimate digital certificates, including signatures from Microsoft’s own digital verification service.

The drivers, found paired with a ‘loader’ executable that was used to install the driver, carried the digital signature of Windows Hardware Compatibility Program (WHCP), and appeared to be specially designed to limit the functions of endpoint detection and response (EDR) security programs.  Code signatures are cryptographic certificates that indicate a program has not been altered since its release by its manufacturer. WHCP signatures are only intended to be given to software that Microsoft has checked over and given its personal seal of approval, and therefore seen as trustworthy files to run by Windows systems. Researchers say that the find shows that threat actors are working harder to move up the ‘trust chain’, employing increasingly sophisticated methods to sign malware with legitimate cryptographic signatures so that it can be installed on systems without detection.

The article is in my opinion content marketing; that is, the information is designed to cause someone to license Sophos technology.

The idea is that bad actors can exploit systems and methods set up my Microsoft to make certain their systems are secure. People have struggled with getting Windows to print; others have found that Exchange Server (probably the email system which baffled the financial executive) vulnerabilities have caused some sleepless nights.

Several observations are warranted in my view:

  • Microsoft like Google is a Leviathan. It is a target, and is may be that the Softies are in over their heads. Perhaps too big to make secure?
  • Users are baffled with fairly simple operations of widely used software. What interesting security issues does this pose? Phishing works for a reason: Users click without th8inking.
  • Corporations perceive their decisions to be good ones. The continuing increase in cyber aggression is not something people want to discuss in a meeting of suits, sales professionals, and worker bees.

Net net: Good enough software and systems, PowerPoint presentations from certified partners, and customer cluelessness suggest an exciting 2023. Legitimate Windows Certificates? Oxymoron maybe?

Stephen E Arnold, December 14, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News, Windows | Comments Off on Using Microsoft? Lucky You in 2023 

Does the UK Really Want to End Google and Apple Mobile Monopolies?

December 14, 2022

While there continues to be some market competition with big tech companies, each has their own monopoly in the technology industry. The United Statuses slow to address these industry monopolies, but the United Kingdom wants to end Google and Apples’ control says Mac Rumors in the article: “UK Begins Market Investigation Into Apple and Google’s Mobile Dominance.”

The UK Competition and Markets Authority (CMA) will investigate how Apple and Google dominate the mobile market as well as Apple’s restrictions on cloud gaming through its App Store. Smaller technology and gaming companies stated that Google and Apple are harming their bottom lines and holding back innovation:

“The consultation found 86% of respondents support taking a closer look at Apple and Google’s market dominance. Browser vendors, web developers, and cloud gaming service providers said the tech giants’ mobile ecosystems are harming their businesses, holding back innovation, and adding unnecessary costs. The feedback effectively justifies the findings of a year-long study by the CMA into Apple and Google’s mobile ecosystems, which the regulatory body called an “effective duopoly” that allows the companies to “exercise a stranglehold over these markets.” According to the CMA, 97% of all mobile web browsing in the UK in 2021 happened on browsers powered by either Apple’s or Google’s browser engine, so any restrictions can have a major impact on users’ experiences.”

The CMA will conduct an eighteen-month-long investigation and will require Apple to share information about its business products. After the investigation, the CMA could legally force Apple to make changes to its business practices. Apple, of course, denies its current practices promote innovation and competition as well as protect users’ privacy and security.

Whitney Grace, December 14, 2022

Written by Stephen E. Arnold · Filed Under Government, Legal matters, News | Comments Off on Does the UK Really Want to End Google and Apple Mobile Monopolies? 

Microsoft and the London Stock Exchange: Lock In Maybe?

December 12, 2022

I believe everything I read on the Internet. That’s one way I keep in touch with my inner GenZ self. Sometimes, however, stories ring true; for example, “Microsoft buys Near 4% Stake in London Stock Exchange As Part of 10 Year Cloud Deal.” I read the title via my dinobaby translation system and understood, “Yep, lock in, kiddo. Oh, Amazon AWS and Google Cloud professionals. Do not bother to call us. We will call you, okay.”

You may disagree with my dinobaby translator. That’s okay. I let many flowers bloom, unlike the London Stock Exchange which goes at life in what appear to be 10 year contracts. That’s a long time in techno-cloud land in my opinion.

The write up says:

Scott Guthrie, Microsoft’s executive vice president for the Cloud and AI Group, will be appointed as a non-executive director of LSEG.

I wonder if he will demo Microsoft Teams egames features and the security systems for Microsoft Exchange Server? Will he offer helpful inputs to those who might want to give an off the shelf AWS Sagemaker system a spin? What about the ever reliable Google VPN service which is super reliable and in demand right now?

The answer to these questions strike me as obvious. Azure is better, faster, cheaper, more reliable, and easier. I wonder if these benefits entered into the negotiation. (Personally I like the security angle and the cheaper plus.) My instinct has a tiny voice too. It is whispering to me, “Microsoft will deliver premier service to the London Stock Exchange when (which is unlikely) the system Azure system hiccups.

I noted this passage too:

Microsoft and LSEG will also work together in developing new professional collaboration tools. LSEG has developed a product called Workspace, a data and analytics platform. The two companies will be working on advancing this product and integrating it with Microsoft Teams, the firm’s messaging app.

I am tempted to reference the source of the stake, but I won’t. The parties involved make content marketing hay around the “trust” word.

I have a couple of observations:

  1. Microsoft has added a neon underline to the old marketing concept of “lock in.”
  2. The Redmond security giant can point to a big time financial customer and market its secure cloud solutions. Well, they are secure… at this time.
  3. The Amazon and Google cloud professionals will definitely find a way to respond.

Net net: Isn’t it wonderful that big tech innovation involves owning financial plumbing and access?

Stephen E Arnold, December 12, 2022

Written by Stephen E. Arnold · Filed Under Amazon, Business strategy, Google, Microsoft, News | Comments Off on Microsoft and the London Stock Exchange: Lock In Maybe? 

A Digital Schism: Is It the 16th Century All Over Again?

December 12, 2022

I noted “FBI Calls Apple’s Enhanced iCloud Encryption Deeply Concerning As Privacy Groups Hail It As a Victory for Users.” I am tempted to provide some historical color about Galileo, Jesuits, and infinitesimals. I won’t. I will point out that schisms appear to be evident today and may be as fraught as those when data flows were not ripping apart social norms. (How bad was it in the 16th century? Think in terms of toasting in fires those who did not go with the program. Quite toasty for some.)

The write up explains:

Apple yesterday [December 7, 2022] announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, contacts, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy.

Who is in favor of Apple’s E2EE push? The article says:

We [the Electronic Frontier Foundation] applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data. Encryption is one of the most important tools we have for maintaining privacy and security online. That’s why we included the demand that Apple let users encrypt iCloud backups in the Fix It Already campaign that we launched in 2019.

Across the E2EE chess board is the FBI. The article points out:

In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it’s “deeply concerned with the threat end-to-end and user-only-access encryption pose.” The bureau said that end-to-end encryption and Apple’s Advanced Data Protection make it harder for them to do their work and that they request “lawful access by design.”

I don’t have a dog in this commercial push for E2EE encryption which is one component in Apple’s marketing of itself as the Superman/Superwoman of truth, justice, and the American way. (A 30 percent app store tariff is part of this mythic set up as well.) I understand the concern of the investigators, but I am retired and sitting on the sidelines as I watch the Grim Reaper’s Rivian creep closer.

Several observations:

  1. In the boundary between these two sides or factions, the emergent behavior will get around the rules. That emergent behavior is a consequence of apparently irreconcilable differences. The impact of this schism will reverberate for an unknown amount of time.
  2. Absolutism makes perfect sense in a social setting where one side enjoys near total control of behavior, access, thoughts, etc. However we live in a Silicon Valley environment partially fueled by phenomenological existentialism. Toss in the digital flows of information, and the resulting mixture is likely to be somewhat unpredictable.
  3. Compromise will be painful but baby steps will be taken. Even Iran is reassigning morality police to less riot inducing activities. China has begun to respond to increasingly unhappy campers in lock down mode. Like I said, Baby steps.

Net net: Security and privacy are a bit like love and Plato’s chair. Welcome to the digital Middle Ages. The emergent middle class may well be bad actors.

Stephen E Arnold, December 12, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, law enforcement, News, Privacy | Comments Off on A Digital Schism: Is It the 16th Century All Over Again? 

Study Concludes Apple Privacy Promises a Sham, Lawsuit Follows

December 2, 2022

Apple would have us believe it is a bastion of privacy protection. Though it talks a good game, Techdirt reports, “Apple Sued After Another Study Finds Its Well-Hyped Privacy Standards Are Often Theatrical.” Researchers at software firm Mysk found Apple’s data tracking basically ignores privacy settings altogether. The study prompted a lawsuit (pdf) under the California Invasion of Privacy Act. Write Karl Bode notes:

“This isn’t the first time Apple’s new privacy features have been found to be a bit lacking. Several studies have also indicated that numerous app makers have been able to simply tap dancing around Apple’s heavily hyped do not track restrictions for some time, often without any penalty by Apple months after being contacted by reporters. That’s a notably different story than the one Apple has gotten many press outlets to tell. Apple desperately wants to differentiate its brand by a dedication to privacy (as you might have noticed from the endless billboards that simply say: ‘Privacy. That’s iPhone.’). And while the company may certainly be better on privacy than many other large tech giants, that’s simply not saying much.”

Good point. The lawsuit observes that details about app usage can be “intimate and potentially embarrassing.” Not to mention financially sensitive. This is why some of us have refused to bring our devices into every aspect of our lives; a suspicious nature pays off occasionally. Yep, Apple privacy… a bit lacking. No kidding?

Cynthia Murrell, December 2, 2022

Written by Stephen E. Arnold · Filed Under Business strategy, News, Privacy | Comments Off on Study Concludes Apple Privacy Promises a Sham, Lawsuit Follows 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta