Security breach

Indigo a No Go Online

Online purchases have been temporarily suspended at Indigo Book Stores due to a security breach on February 8th, 2023.

Customers have received emails from this retailer re-assuring them that credit and debit card information was not likely accessed during the breach and other customer data appears to not have been compromised either. But the retailer has taken their online orders offline until further notice.

In store purchases are unaffected and customers should be able to use the site to browse but it appears that they will be unable to check a product’s availability at the stores online.

The Indigo app is also offline and any Plum points expiring in February will have their expiry date extended to March 31st, 2023.

Get Your Security Updates !

A new Wi-Fi exploit has been discovered and you should update all of your devices a.s.a.p.

That includes anything that uses wi-fi, from your desktop/laptop to tablet/cell phone. And yes, some devices will not be patched immediately so keep trying.

Microsoft has patched their software, from Windows 7 to 10, and Apple is currently working on getting their iOS patches up and running, having already released them for developers. But Android users may need to wait until November 6th, 2017 for an update.

In the case of Linux operating systems and routers, OpenBSD systems have already been patched and patches are available for Debian-based systems. But most of the router manufacturers are working on firmware updates so you’ll need to contact your Internet Provider or Router manufacturer for details on that.

The problem is the KRACK wi-fi vulnerability, which is an issue to anyone that accesses non-secured websites online and doesn’t use a Virtual Private Network to do so. But it should be noted that Android and Linux users are more vulnerable to the exploit than anyone else because most of the other desktop and laptop operating systems are more complex.

The good news is that if you rent a cable modem from your internet provider, it will be updated by your internet provider soon (if it isn’t already updated). And if you don’t use your tablet and phone to browse the net outside your home, you will likely not have an issue.

If you use public wi-fi services in hotels or at your local coffee shop/restaurant, then I would recommend keeping an eye on updates and getting a virtual private network set up on your device to encrypt your internet, including those unencrypted sites you browse on.

By the way, there’s no point in changing your wireless password but you should change your router’s admin password, especially if it’s been left at default. :-/

Attention Playstation Users

If you were registered on Playstation, PSN, Qriocity or Sony Online Entertainment from January 1st to May 15th, 2011 and have signed onto the PSN-POE Settlement, you may receive an email entitling you to a free game or other form of compensation. Keep an eye on your email.

Warning To Internet Explorer/Edge Users

Microsofticon recommends that you update to the latest version as soon as possible because of a potential security issue.

Older versions of Internet Explorer prior to 11 will also not be supported as of January 12th, 2016.

Microsoft

Russian Hackers Compromise 4.5 Billion Records

Hold Security had warned the media outlets that a gang of Russian hackers have gained access to 4.5 billion email addresses and passwords.

The Milwaukee based security firm estimates that 420,000 web and ftp sites, including some Fortune 500 company sites, have been compromised. But details on what specific websites were compromised were not released.

The New York Times have claimed to have had the information analyzed by a security expert not affiliated with the security firm who confirmed the authenticity of the database of stolen information. And The New York Times have also reported that some of the companies involved are aware of the situation.

Most of this information was gathered via a botnet, a collection of interconnected computers that have been infected with a virus that collects and forwards information to individuals who either sell it or use the information to send unsolicited commercial email or gain access to web sites and credit card information.

According to Hold Security the most vulnerable users are those that use a generic password on multiple sites, whose generic passwords can be used to gain access to sites that are not in the records.

They had found that out of the 4.5 billion records, only 1.2 billion had unique passwords so the firm suggest the use of more secure, unique passwords.

An individual password should not be used on multiple sites and a combination of letters (in upper and lower caps), numbers and special characters (punctuation, symbols, etc.) should be used to prevent predictability.

The use of a frequently updated anti-virus program also helps keep individual computers from being infected with viruses that keep track of the passwords used.

Bill S-4 – (The not quite) Digital Privacy Act ?

I had originally wanted to wait until the Privacy Commissioner of Canada released a report on Bill S-4 before commenting but decided that I should just go ahead and post something about this senate bill.

This bill was proposed to help in the cases of security breaches, to help control identity theft. But unfortunately it may also cause individuals to have their information given to third parties without their consent or knowledge.

“an organization may disclose personal information without the knowledge or consent of the individual if

(a) the disclosure is made to the other organization, the government institution or the part of a government institution that was notified of the breach under subsection (1); and

(b) the disclosure is made solely for the purposes of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.” – Bill S-4, Section 10.2 (3)

Furthermore warrants may not be required under Bill C-13 and the costs associated to the infrastructure required to keep records of your online activities would be passed onto either consumers and/or taxpayers.

Are to believe this bill is meant to improve our situation ? We would be paying more for internet and give more private information to a government that was just hacked because of the Heartbeat Bug.

I think this bill needs to be re-written. And if you do too I think you should sign the Open Media petition on Privacy.

Thank you.