Archive

August 2022

Browsing

According to a blog penned by four Forrester analysts, the trend for tech whistleblowers to quit their jobs while many of their colleagues engage in “quietly quitting” should be a wake-up call to industry leaders.

A scorching job market for security, risk and privacy professionals combined with hiring a value-based workforce is creating a singular opportunity for tech majors, according to Forrester Quartet, Sarah M. Watson, Jeff Pollard, Eli Mellon and Alla Valente.

“This unique combination of circumstances presents an opportunity for technology leaders to make digital ethics, security improvements, risk programs and trust initiatives key topics of conversation,” he wrote.

He explained that many tech firms, including Twitter, have put responsible and ethical technology principles into practice in the form of AI ethics boards, responsible innovation guidelines, and offices for the ethical and humane use of technology. But these self-regulatory half-hearted measures are being called a wash of morality.

“Many tech companies are values- and ethics-first,” senior analyst Mellon told TechNewsWorld. “However, when they don’t deliver on those promises – especially with customer data – customers take notice and lose trust in them.

Customers are not the only notice takers. “It detracts from the talent who wants to work at a particular firm if a person knows they may be fired or silenced for allegedly speaking about interpersonal ethics and values, Mellon said.

The dangers of integrity hiring

When firms say they are developing technology responsibly, it attracts talent who believe in those values, the blog authors noted. “Employees are making proactive decisions based on a common set of goals and need to feel more connected to the potential employer’s vision and purpose,” Liz Miller, Constellation Research’s vice president and principal analyst, told TechNewsWorld. ,

When you choose people with ideals and integrity, you get people with ideals and integrity, the blog authors argued — and when you treat those people in ways that are unfaithful, they just don’t conform. – They rebel.

“Today’s employees value their employer’s mission, vision and promise,” Miller observed. “If you break that value chain, you do it at your own risk.”

“They will leave, which is an operating loss and cost,” she continued, “but there is also a great possibility that their frustrations, their experiences and their frustrations will carry over to social and digital channels.”

“Not listening to employees is as dangerous as not listening to customers,” she said.

The authors of the blog have mentioned that the damage caused to an organization by a whistleblower is like a wound inflicted by oneself. The bloggers wrote, “These people, led well before those concerns made headlines, tried desperately to change things inside their companies, but were pressured to conform, completely ignored.” and was later sidelined.

Bottom Line Trump Ethics

Anyone who has been paying attention to corporate America or technology companies shouldn’t be surprised by the wash of ethics, declared John Bumbaneck, a leading threat hunter at Netenrich, a San Jose, California-based IT and digital security operations company.

“At its core, business ethics requires executives to maximize shareholder value by making money,” he told TechNewsWorld. “They will adopt as few ethics as possible to avoid impact on the bottom line.”

“Unless one improves the business ethics of leaders – either by regulation or by changes in legislation – business leaders will continue on their current path,” he said.

If they continue on that path, they are likely to continue to find whistleblowers on it – even in the face of industry-wide layoffs and recessionary pressures. The blog authors state that the SEC has awarded $1.3 million to 278 whistleblowers since 2012. These incentives bring resources and greater legal protection, so it is unlikely that accountability seekers for the harms of technology will hold back, the authors said.

He also noted that technical staff is funding the organization works and providing advice and advice to whistleblowers. The same resource that put Facebook whistleblower Frances Haugen before Congress with a bipartisan moral-terror message also supported Twitter whistleblower Peter “Muj” Zatko, he wrote.

In some industries, layoffs can have an impact on employees who are willing to trade their jobs for their ethical beliefs, Mellon acknowledged, but not in cybersecurity. “Security talent is still in high demand – especially ethical and experienced talent,” she said. “Unless the talent gap in security is narrowed, there will still be a high demand for talent.”

go silent or not go quietly

Because few job markets compare security, risk, and privacy in terms of supply versus demand, the blog authors noted, that puts them in a unique position to lead change.

Furthermore, they point out that when internal advocacy fails, a clear and effective external playbook now exists. Admitting defeat, resigning with a vague “time to move on” and telling close friends how bad things were, is the old way of quitting, he maintained.

Lots of articles want to convince everyone that keeping quiet is the new normal, he continued. Whistleblowing is the opposite of leaving calm. Hiring value-based, empowered employees in areas with scorching demand and then not listening to them almost guarantees they won’t quit quietly.

However, Bumbleneck argues that most employees would rather leave quietly than face the consequences of whistleblowing. “Whistleblower protections are not really effective,” he insisted. “Employers may not retaliate directly but they may do so quietly over time.”

“Whistleblowers making press will often see job prospects drying up,” he said. Quietly quitting is a safe way for employees to exit the corporate environment that gives them ethics concerns without the professional implications of speaking up.

“The reality is,” he continued, “until you reach a certain point in your career, the risk of losing income and not being able to replace it will keep most people silent.”

“There are exceptions to those who leave and make statements in public, and this is reserved for professionals who are at the top of their careers who still have earnings potential,” he said. “Even most mid-career professionals can be silently blacklisted for this kind of behavior, which means most of them will keep going quietly.”

A Chinese cyber espionage group is using a fake news site to infect government and energy industry targets in Australia, Malaysia and Europe with malware, according to a blog posted online on Tuesday by Proofpoint and PwC Threat Intelligence .

The group is known by several names, including APT40, Leviathan, TA423 and Red Ladon. Four of its members were indicted by the US Department of Justice in 2021 for hacking several companies, universities and governments in the United States and around the world between 2011 and 2018.

APT40 members indicted by the United States Department of Justice in 2021

The United States Department of Justice indicted APT40 members in 2021 / Image Credit: FBI


The group is using its fake Australian news site to infect visitors with the Scanbox exploit framework. “Scanbox is a reconnaissance and exploitation framework deployed by an attacker to collect a variety of information, such as the target’s public-facing IP address, the type of web browser used, and its configuration,” Proofpoint Vice President for Threat Research and Detection Sherrod explained DeGripo.

“It serves as a setup for the information gathering steps that follow and potential follow-up exploits or compromises, where malware is deployed to gain persistence on the victim’s system and allow the attacker to carry out espionage activities.” can be done,” she told TechNewsWorld.

“It creates a perception of the victim’s network that the actors then study and determine the best path forward for further compromise,” she said.

“Watering hole” attacks that use Scanbox appeal to hackers because the point of compromise is not within the victim’s organization, added John Bumbleneck, a principle threat hunter at Netenrich, a San Jose, California-based IT and digital security operations company. .

“Therefore, it is difficult to detect that information is being stolen,” he told TechNewsWorld.

modular attack

According to the Proofpoint/PwC blog, the TA423 campaign primarily targeted local and federal Australian government agencies, Australian news media companies and global heavy industry manufacturers, which maintain a fleet of wind turbines in the South China Sea.

It noted that the phishing emails for the campaign were sent from Gmail and Outlook email addresses, which Proofpoint believes were created by attackers with “moderate trust.”

Subject lines in phishing emails included “sick leave,” “user research,” and “request collaboration.”

Threatened actors often pose as employees of the fictional media publication “Australian Morning News”, the blog explained, and provide a URL to their malicious domain, to view their website or share research material that the website is publishing. Ask for goals.

If someone clicks on the target URL, they will be redirected to a fake news site and without their knowledge, the Scanbox malware will be introduced. To give credibility to their fake website, opponents posted content from legitimate news sites such as the BBC and Sky News.

Scanbox can distribute its code in one of two ways: in a single block, which gives an attacker instant access to the full functionality of the malware, or as a plug-in, modular architecture. The TA423 crew chose the plug-in method.

According to PwC, the modular route can help avoid accidents and errors that would alert a target that their system is under attack. It is also a way for researchers to reduce the visibility of the attack.

phishing boom

As such campaigns show, phishing remains the tip of the spear used to break into many organizations and steal their data. “Phishing sites will see an unexpected increase in 2022,” said Monia Deng, director of product marketing at Bolster, a provider of automated digital risk protection in Los Altos, Calif.

“Research has shown that this problem will increase tenfold in 2022 because this method is easy, effective and a perfect storm to deploy in the post-work digital age,” she told TechNewsWorld.

DeGripo said phishing campaigns continue to work as threat actors adapt. “They use current affairs and holistic social engineering techniques, at times hunting down target fear and a sense of urgency or importance,” she said.

A recent trend among threat actors, he continued, is attempting to increase the effectiveness of their campaigns by building trust with intended victims through extended interactions with individuals or through existing interactions between coworkers. .

Roger Grimes, a defense campaigner with KnowBe4, a security awareness training provider in Clearwater, Fla., stressed that social-engineering attacks are particularly resistant to technical security.

“Try as much as you can, there is no great technical defense so far that prevents all social engineering attacks,” he told TechNewsWorld. “This is especially difficult because social engineering attacks can come across email, phone, text messages and social media.

Even though social engineering is involved in 70% to 90% of all successful malicious cyber attacks, it is the rare organization that spends more than 5% of its resources to mitigate this, he continued.

“It’s the number one problem, and we treat it like a small part of the problem,” he said. “It’s the fundamental disconnect that allows attackers and malware to be so successful. Until we see this as the number one problem, it will continue to be the primary way attackers attack us. It’s just math.” “

two things to remember

While TA423 used email in its phishing campaign, Grimes notes that opponents are moving away from that approach.

“Attackers are using other methods, such as social media, SMS text messages, and voice calls to do their social engineering more often,” he explained. “This is because many organizations focus almost exclusively on email-based social engineering and the training and tools to combat social engineering on other types of media channels are not at the same level of sophistication in most organizations.”

“That’s why it’s important that every organization builds an individual and organizational culture of healthy skepticism,” he adds, “where everyone is taught how to recognize the signs of a social engineering attack, no matter how it comes.” , web, social media, SMS messages or phone calls – and it doesn’t matter who it appears to be sent by.”

He explained that most social engineering attacks have two things in common. First, they come unexpectedly. The user was not expecting this. Second, it is asking the user to do something that the sender – whatever he is pretending to be – has never asked the user to do it before.

“This may be a valid request,” he continued, “but all users should be taught that any message with those two traits is at very high risk of being a social engineering attack, and should be verified using a reliable method. as if calling that person directly on a known good phone number.”

“If more organizations taught two things to remember,” he said, “the online world would be a much safer place to calculate.”

When I installed panels on my San Jose house in the early 2000s, I was an early adopter of the current generation of solar technology, only to see a rapid decline in yield from those panels over the next 20 years.

At our latest home, we use current generation LG panels that promise to hold over 90% of their production capacity for the same amount of time. However, not only am I unable to get the Tesla batteries I ordered last year (I’ve been told I can get them by next summer), I know I’m wasting a ton of energy because of my energy consumption. Usage is unregulated.

A truly green home isn’t just solar. It has a managed energy system so you can optimize usage. But home energy management systems that work well with solar are extremely rare, and I’ve been disappointed with everything I’ve tested.

Lunar Energy, run by former Tesla executive Kunal Girotra, appears to be one of the first next-generation solar companies to focus more on electrical efficiency than generation.

Lunar Solar is an early version of an upcoming wave of companies that will rapidly branch from solar production to energy management, providing a strong ROI for their products.

This week let’s talk about how we manage electricity, and how appliances are made by moving to solar power. Then we’ll end with our product of the week: the new Dragonfly Folio from HP.

problem with solar

Solar energy is cheap. In fact, it’s free but, sadly, the technology we need to use is next to nothing. My previous installation, which was heavily subsidized by the California and US governments, still cost me about $30,000 – even after subsidies – and my current system is closer to $100,000.

The direct benefit is that my electricity bill has gone up from $700 a month to less than $50 during the summer. But winter is a different story. You see, solar energy is powered by the sun. In winter when the sun is low on the horizon, it doesn’t power the panels as much, but you still need the energy to heat the house.

Admittedly, most of my house is now heated with gas, but I would like to go completely electric. It still cut my energy bill by about two-thirds, but the solar only works during the day and when the sun comes out. So, if you don’t want to go dark at night or on cloudy days, you need some sort of alternative power source.

If you are connected to the grid without a battery, you will still lose power if the power goes out on a hot summer day (as happened to me the other day). Batteries are not only expensive, but you must also draw enough electricity to charge them and power your home during the day, increasing the need for more solar-sourced electricity.

Now if you live on-grid, you will not have to pay this every night, but only if you discharge the battery during an outage. If you go off-grid, that means you’ll need about 30% additional capacity.

But what if you also focus on improving efficiency?

Firms like Lunar Energy promise

This is where these next generation solar companies are focused: less on generating energy and more on increasing the efficiency of energy use. While Lunar Energy is working on more efficient whole-house batteries, initially their overall effort is focused more on efficiency than production.

If you can make your home more efficient, you don’t need as much solar or as many batteries. This efficiency focus works whether you are solar powered or powered from the electric grid. You can use an energy management system no matter where you source your power.

You can also potentially do things like power down your chargers when the battery they’re charging is at full capacity and only turn them back on when those batteries are below 50%. This will help the battery last longer and potentially reduce daily energy usage.

In the past, tests of the Energy Star rating system showed huge holes in their process. This manageability will also expose devices that are idle, forcing equipment manufacturers to improve their energy efficiency, and catching people who may still be gaming the system.

next generation solar devices

There are now companies like Sundanzer that have built appliances for off-grid homes over the years, but the features and capabilities of these appliances remind me of what my grandmother had in the 1960s. Manual defrost, no cold water or ice-making capabilities, limited capacity and, for the most part, nothing you’d call attractive. But they are incredibly efficient.

What I anticipate with the next generation of devices from companies focused on solar homes blends the efficiency of off-grid offerings with the capabilities and presence of the current generation of modern appliances – so we can have the features that An off-grid product we want close to efficiency.

wrapping up

Lunar Energy is one of the first generation of solar power companies to focus more on efficient use of energy than its own generation.

I expect that by the end of the decade we will see entirely new companies in the market with increasingly efficient appliances, more advanced home energy management systems, better whole-house battery solutions, and a more comprehensive approach to green energy generation and use. Will see you come

We are just at the beginning of this solar energy wave. Over the next 20 years, kitchen and home designs will change, appliances will change, and we will use AI to ensure efficient use of every watt of energy we generate. Overall, this effort should result in a significant reduction in greenhouse gas formation and a major step towards combating global climate change.

Technical Product of the Week

HP Dragonfly Folio G3

I get to review a lot of laptops over the course of a year, and the one that has consistently been my favorite is the HP Folio. This line has gone through several iterations. It started out as a consumer-focused device, went into business with the Elite Folio, which I’m used to writing this, for the launch of its successor: the HP Dragonfly Folio G3.

The Elite Folio fixed my biggest complaint with the Folio was the contrasting colors. It came in brown and burgundy, and I’m sure the ’80s wanted their color back. But the previous generation, HP went black, used updated Qualcomm Snapdragon processors and graphics, and improved the pen dock and SIM slot. With all this, the Elite Folio becomes my favorite laptop of the year.

Well, I just recently got the HP Dragonfly Folio G3 and now my old Elite Folio is sadly out of date.

HP Dragonfly Folio G3 Notebook

HP Dragonfly Folio G3 / Image Credit: HP


HP found that IT buyers just didn’t want to risk a Qualcomm product. While that chip worked fine for me—and I really appreciated the massive battery life—other users complained about it getting worse. This is due to running an x86 emulator which pulled performance from the part that was performance-constrained.

In addition, Intel has reassured IT buyers that they need vPro, although most don’t currently use that capability (Microsoft is working to make Windows work with ARM that will eventually match performance with Snapdragon). should solve the problem).

So, the HP Dragonfly Folio G3 has improved the camera, added a privacy screen option, and while it has taken a battery life hit, it’s noticeably faster (the Snapdragon part of Qualcomm leads the industry in battery life).

In short, HP took my favorite laptop and made it better, so I’m in love again, and the HP Dragonfly Folio G 3 is my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

While we are accustomed to the new generation electronics just like the previous ones, the electronics segment is not protected from inflation. With recent announcements of semiconductor price hikes in 2023, consumers should move quickly to lock in lower prices this back-to-school and holiday season.

It started in June with Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest semiconductor foundry, announcing a price hike in 2023 and now falling dominoes.

TSMC’s announcement was followed by a similar announcement by Intel, and DigiTimes reported that Marvell and Qualcomm informed their customers that they would increase chip prices. It now appears that most, if not all, semiconductor companies are following along with price hikes of their own.

Price hike passed on to consumers

As a key component to everything we use in our daily lives, from electric toothbrushes and toasters to smartphones and cars, an increase in semiconductor prices will force similar increases across the value chain and ultimately those increases will be passed on to consumers. will be passed on.

Even the service charges charged by communication, internet and entertainment companies are likely to increase as they pass on the rising prices of their new equipment.

These pricing announcements are not surprising.

The semiconductor industry is grappling with capacity and supply chain constraints during the surge in demand during COVID. Previously, foundries pushed for greater investment in future capacity by their semiconductor customers or faced the consequences of losing manufacturing priority and/or higher prices.

But, with continued limitations and rising raw material prices, foundries and integrated equipment manufacturers (IDMs) such as Intel, Microchip and Micron are all facing the same problem – rising costs.

no quick fix

As Tirias Research has previously indicated, there is no easy solution to solving semiconductor supply issues. Most of the new fab capacity will be built to support new manufacturing process nodes where higher costs can be recovered through higher profit margins.

This leaves constraints on older process nodes until demand subsides as new products are introduced on advanced process nodes and additional capacity becomes available for older nodes.

With automotive, industrial, medical, and even some consumer applications using the same chips for five years, 10 years, or even longer, older process nodes and existing manufacturing capacity are past the level of manufacturing demands. Will take years

Additionally, it takes at least two years to build and commission a new semiconductor fab, even at an existing construction site. While some foundries have committed to building new fabs, much of that commitment was based on aided funding from the US and EU governments, which has been very slow to come.

As of writing this, the US has funded the CHIPS and FABS Acts, but it is unclear how those funds will be allocated and when the funds will be available to semiconductor manufacturers.

more inflationary pressure

These issues are bad enough, but when combined with continued shutdowns in China, limited mining for raw materials, bottlenecks in shipping, and labor shortages, the semiconductor industry, like all other industries, will succumb to inflationary pressures.

The only real solution to this issue is a reset in demand, which translates to an overall correction, aka bearishness, of the market. While the economy is headed for a recession, it will take time, possibly a few years, for inflation to slow down and balance prices of everything from disposable income and raw materials to consumer goods.

As a result, when it comes to electronics, the best plan for consumers is to lock in prices for this back-to-school and holiday season as higher prices will be the norm in 2023.

The cloud gaming market appears to be poised for some significant growth, though it will be tough for new players to enter the scene.

In her newsletter published Tuesday, consumer technology guru Elizabeth Parks said the cloud gaming market is at an inflection point as heavyweights in the industry continue their involvement in it, and the popularity of gaming in consumer homes grows.

By 2021, 75% of leading US broadband households report playing video games for at least an hour a week, and 30% of those households admit to subscribing to or testing out a free or paid gaming service, according to Parks . Who is the President and CMO of Parks Associates in Edison, Texas.

“Cloud gaming services provide a new opportunity to serve the gaming market and capture the consumer segment without gaming consoles or PC gaming hardware,” she wrote.

“Continuing advances in technology, growing expectations for entertainment consumption to be cross-platform, and the potential for cloud gaming inclusion in ecosystem strategies make this an interesting market to look forward to,” she said.

some new entrants

However, Parks predicted that there would be few new entrants to the market. He said that setting up and operating a cloud gaming service is extremely costly and challenging.

He continued, the most important requirement is performance-competitive cloud infrastructure. It is expected that if there are new entrants, given the status of existing competitors, it will be a party that is willing to employ the cloud resources of one of the existing competitors, or that they already have sufficient cloud computing. is infrastructure.

One place a new player can get the infrastructure is what it needs, said Ross Rubin, principal analyst at Reticle Research, a consumer technology consulting firm in New York City. “Google’s decision to focus on white label offerings indicates that it thinks it has better prospects in partnership than going as a first-party service alone,” he told TechNewsWorld.

The window for newcomers isn’t closed, but it can be narrow, he said. “It’s still a bullish market,” he said. “In contrast to the relatively expensive subscription end, there are more opportunities at the low-cost, ad-driven end of the market.”

battling established brands

Mark N. Venna, president and principal analyst at SmartTech Research in San Jose, Calif., agreed that conditions are becoming tougher for newcomers to the market.

“For companies that do not have a history in the gaming space, it is difficult to be seen as credible, as many established players have strong brand reputations around gaming, especially from the standpoint of a legacy gaming title, ‘ he told TechNewsWorld.

“Both Microsoft and Sony really captured the market a few years ago by grabbing some of the more prestigious gaming studios with franchise titles under their belts, which shuts down potential new entrants,” he said.

“Netflix, for example, is clearly trying to foray into the cloud gaming space and is running into difficulty because they don’t have well-known titles in their gaming arsenal and, more importantly, they are being used by consumers for gaming. Not considered as destination,” he said.

Established players can also trade losses for market share. “Microsoft has focused on using its cloud service as a losing leader. Most companies can’t afford to do that,” David Cole, an analyst at DFC Intelligence, a market research firm in San Diego, told TechNewsWorld. told.

Entering the gaming market is usually a daunting proposition to begin with, and doing it on the cloud poses additional hurdles, maintained Michael Inoue, a principal analyst at ABI Research, a global technology intelligence company.

“A new cloud gaming service will have a competitive disadvantage in most cases when it comes to game libraries,” he told TechNewsWorld. “Publishers aren’t ready to put their games on every cloud gaming service.”

“In some cases,” he continued, “publishers may push their own platform, enter into pre-existing deals with other cloud gaming services, or simply not agree to the business model.”

cross-platform demand

Still, Inouye said the market is huge and there are opportunities available for new players, especially in mobile gaming.

“Mobile-based cloud gaming, at least for premium services, can be challenging in many cases due to competition with free-to-play,” he said, “but may find success in the Asia-Pacific region because there “K gamers have shown willingness to pay for mobile game-based content, although revenue per player is low.”

Parks also predicted that consumer desire for aggregation in the video streaming market would extend to cloud gaming. Cloud gaming service customers can respond to marketing campaigns focusing on the simplicity of a single point of subscription, purchase, billing and consumption — one that allows them to play across platforms, she wrote.

Along with increasing the appeal of the services to consumers, he said, this aggregation approach potentially generates more revenue for game developers by increasing their reach and making it convenient for consumers to subscribe to their content services.

“More consumers are seeking cross-platform gaming experiences so that they can experience and participate in gaming, regardless of the device they are using – console, smartphone, tablet, PC, or even… That Chrome laptop,” explained Vena.

“Gaming has now become a multi-platform phenomenon and gamers do not want to be affected by gaming on a single device or OS platform,” he continued. “This is a result of the multi-device world we live in now, which is only to grow in importance as 5G connectivity becomes more widespread.”

thrifty gamers

Inoue agreed that there is a growing demand for cross-platform titles as a whole, and gamers especially appreciate it when buying games cross-platform — meaning, if you buy a game for a console, you have There’s access to the PC version – but gamers can be frugal, too.

“At the end of the day consumers will always welcome the opportunity to play their games on more platforms, but it’s not like they have to pay for every copy or settle on all platforms to get that capability,” he said. .

“Gamers who are willing to upgrade their hardware will not accept poor PC or console performance just to gain access to content on all three platforms for the same price,” he concluded.

Sometimes the world of smart technology innovations collides with the planet of dumb customer service provisions. That confrontation usually doesn’t bode well for the customer.

In my case, that scenario is especially true. I bought Lenovo’s Chromebook Duet 5 from a leading national electronics store at an attractive price. In the end, it was a purchase I wish I could undo.

The Duet 5 is considered by many reliable reviews as the best overall ChromeOS tablet / detachable computer available this year. Its large screen and detachable full-size keyboard create a usable and fun tablet experience that isn’t available with pure Android devices.

To me, that honor does little more than reaching that point. In fact, if your primary need for a Chromebook is to run Linux apps, think again about not buying Lenovo’s Duet 5. You may find a unit like mine that works even if Linux doesn’t. That failure is not considered a valid claim under Lenovo’s warranty.

I have become very fond of Chromebooks. ChromeOS devices complement my home office cadre of Linux computers. They link to my Android phone and its apps. I can run the same productivity apps and access their data directly on the Chromebook.

What fueled my fascination with the Duet 5 is it’s logical follow-up to the very popular 10.1″ original Duet that I bought a few years back. The Duet line has a detachable keyboard and is a stand-alone ChromeOS tablet.

Putting need versus need aside, I debated the potential for greater productivity and convenience with a bigger screen at 400 nits, a bigger keyboard, and 8GB of RAM. I knew the manufacturer and the retail store as well as the product line. Or so I thought.

What could have gone wrong? Three things: a failed product, no support, and a warranty that didn’t work!

maybe a lot

The last thing I needed to buy was another Chromebook. Over the years, I’ve used four or five models from HP, Lenovo and Asus.

The Duet 5 seemed to check all the boxes. As it turned out, the check mark for reliable technical support and customer service went out of the box.

No, I could not return the computer. By the time I realized its faulty nature, the undo window was closed.

I think this incident would prompt me to buy expensive add-on store warranties for less expensive electronic components. Adding insult to injury, Lenovo tech support said the malfunction was “out of the scope of the manufacturer’s one-year warranty.”

A final correspondence from Lenovo’s tech support told me that if I sent the device to its repair facility, all technicians would do is reset the unit to its original OS state and remove Linux.

Heck, I’ve already done the same thing twice.

Lenovo buyer beware

This account is not intended for product reviews. Rather, it explains what happens when corporate arrogance destroys the customer experience.

I usually write about business technology issues and open-source development affecting the Linux OS. My reporting beat overlaps with e-commerce and customer relationship management (CRM) issues.

As a technical writer and product reviewer, I’m used to having manufacturers send me their own products in hopes of showing off their best wares. Marketing wonders often offer high-end configurations to capture the attention of consumers. They go out of their way to make sure the reviewer is completely satisfied.

It’s too bad that mindset isn’t always present when inferior consumers are on the receiving end. But I wasn’t using a lending unit, I’d send back anyway, satisfied or not. I have purchased this model and have no plans to review it. I just wanted to use it.

My personal experience further hardened my resolve not to buy Lenovo products. Not because of a bad product encounter. Lenovo lost my customer loyalty due to shoddy customer service and no dedication to solving my problem with a bad computer I made.

white detail

According to Lenovo’s ill-conceived logic, the warranty on Chromebooks doesn’t cover user modifications. Since I ran into a problem with activating the Linux partition, deleting the partition, and not reinstalling Linux apps when I bought it, I was guilty of modifying the device.

To clarify, all Chromebooks require the user to have a Linux partition on and install Linux apps. The same process goes for using Android apps on a Chromebook.

Chromebooks are built to run ChromeOS and optionally run in separate built-in containers of Android and Linux software. Google certifies the hardware to make sure the software works.

ChromeOS likewise enables users to access websites in a browser environment. An additional option lets users access those web destinations to run application services within a tabbed browser window or as Progressive Web Apps (PWAs) in their own separate window.

That’s what Chromebooks are designed to do on any manufacturer’s hardware. Turning on/off these built-in features should not be considered as “modifying” the device.

tech support helm

A few weeks after getting the Duet 5, I only experienced one intermittent screen flicker problem. This cleared up after a system update. do not worry. No worries.

that time i turned on linux partition and installed the same linux app i use on my other less endowed Chromebook. Those devices worked fine with the same apps.

But Lenovo Duet 5 froze after loading Linux apps and running for few minutes. Messy installations happen. So I did what is standard troubleshooting. I have reset ChromeOS to its original state. Then I set up the Linux partition and resized it beyond the Google-recommended minimum size.

not a solution to the problem. So I wiped the Linux partition again. This time around, I installed a single Linux app at a time, looking for the culprit that stunned others. Every Linux app froze in isolation.

Lenovo technical support declined to examine or test the hardware. Agents suggest finding an affiliated tech center to pursue a solution.

stuck with no option

I would have happily done so. But the nearest such Lenovo repair center was about 150 miles across state lines.

I contacted the Google Chromebook support community for an alternative solution. A support person there had me run the “df command” in a Linux terminal to determine the physical health of the partition.

A readout of that diagnostic confirmed that the device contained a valid and working Linux container. This partially settled the question about the hardware. However, it did not identify what other hardware issues could be involved.

The Google support forum tech then suggested that I find one or more dude packages by following the procedure outlined above. But, of course, I have already done this many times.

poor lesson learned

If you’re planning on buying a Chromebook just to get easy access to selected Linux apps, seriously consider my experience. Maybe look elsewhere instead of Duet 5. Several Chromebook alternatives exist.

Who knows? Maybe the Linux apps on your Duet 5 work just fine for you. As I said, I haven’t had this situation on any other Chromebook product I’ve used.

No doubt my experience was a gross anomaly. The worrying part of all this is that I will never know the reason for it.

But if you buy the Duet 5 from a retail outlet directly from the manufacturer, be sure to confirm how that store honors the warranty. Now you know how Lenovo honors its warranty.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Having trouble understanding the person at the end of the support line you’ve called to get some customer service? A Silicon Valley company wants to make problems like this a thing of the past.

The company, Sunus, makes software that uses artificial intelligence to remove accents in the speech of non-native, or even native, English speakers and output a more standard version of the language. “The program performs phonetic-based speech synthesis in real time,” Sharath Keshav Narayan, one of the firm’s founders, told TechNewsWorld.

Furthermore, the voice characteristics remain the same even after the accent is removed. The sound output by the software sounds the same as the voice input, only the pronunciation has been removed, for example, the gender of the speaker is preserved.

“What we’re doing is allowing agents to keep their identity, keep their tone, it doesn’t need to change,” said Sunus CEO Maxim Serebryakov.

“The call center market is huge. It’s 4% of India’s GDP, 14% of the Philippine GDP,” he told TechNewsWorld. “We’re not talking about a few thousand people whose Along with their cultural identity they are being discriminated against on a daily basis. We are talking about hundreds of millions of people who behave differently because of their voices.”

“The concept is sound. If they can make it work, that’s a great deal,” said Jack E. Gould, founder and principal analyst at J.Gold Associates, an IT consulting firm in Northborough, Mass.

“It can make companies more efficient and more effective and more responsive to consumers,” he told TechNewsWorld.

talking local

Gould explained that local people understand the local dialects better and engage better with them. “Even talking to someone with a heavy Southern accent gives me pause sometimes,” said the Massachusetts resident. “If you can be too much like me it affects the effectiveness of the call center.”

“Many call center employees are located overseas and customers may have trouble understanding what they are saying in terms of strong accents,” said John Harmon, a senior analyst at CoreSight Research, specializing in retail and technology. told TechNewsWorld, a global advisory and research firm.

“But the same could be true for the regional American accent,” he said.

However, Taylor Goucher, COO of Connext Global Solutions, an outsourcing company in Honolulu, cited discounts as a source of customer frustration.

“It is well known that companies outsource call center support to different countries and rural parts of the United States,” he told TechNewsWorld. “The bigger issue is the positioning of employees and the right selection for the training and processes to make them successful.”

customer perception

Harmon notes that consumers may have a negative reaction when they encounter a support person with a foreign accent at the other end of a support line. “A caller may feel that a company is not taking customer support seriously because it is looking for a cheaper solution by outsourcing service to a foreign call center,” he said.

“In addition,” he said, “some customers may feel that someone overseas may be less able to help them.”

Goucher cited a study conducted by Zendesk in 2011 that showed customer satisfaction dropped from 79% to 58% when a call center was relocated outside the United States. “Everyone I know is likely to have a bad customer experience at some point in their life with an agent they didn’t understand,” he observed.

He said the biggest problem with poor customer experience is the lack of support systems, training and management oversight in the call center.

“Too often we see companies take call centers offshore just to answer the phone.” They said. “In customer service, answering the phone isn’t the most important part, it’s what comes next.”

“Agents, Accent or No Accent, will be able to deliver a winning customer experience if they are the right person for the role, have the right training, and have the right tools to solve customer problems,” he said. “It’s easy to say the pronunciation is the problem.”

prejudice against accents

When a customer support person doesn’t have the tools to solve a problem, it can be a huge disappointment for the customer, Gold said. “If I call someone, I want my problem solved, and I don’t want to go through 88 steps to get there,” he said. “It’s frustrating for me because I spent a lot of money with your company.”

“Anything that can be done to get over that hump faster has many benefits,” he continued. “From a consumer standpoint, I have the advantage of not annoying. Plus, if I can move faster, it means the service person can spend less time with me and handle more calls. And If I can understand the problem better, I won’t have to call about it again.”

Even if a customer support person has the equipment they need to provide the highest level of service, accents can affect the caller’s response to the person on the other end of the phone line.

“A customer may be bothered by decoding a foreign accent,” Harmon said. “There’s also a stereotype that some American accents seem illiterate, and a customer may feel like the service provider is getting cheap support.”

“In some cases, I think the biggest pre-existing bias is that if the agent has an accent, they won’t be able to solve my problem,” Goucher said.

options for voice

Serebryakov noted that one of the goals of Sunus is to provide people with options for their voice. “When we post photos on Instagram, we can use filters to represent ourselves however we want,” he explained. “But you don’t have a uniform medium for voice. Our mission at Sunus is to provide that kind of choice.”

Although Sunus initially targeted call centers for its technology, there are other areas that have potential for it.

“One of the biggest uses we see for the technology is in enterprise communications,” Narayan said. “We got a call from Samsung that they have 70,000 engineers in Korea who interact with engineers in the US, and they don’t talk in team meetings because they’re afraid of how they’ll be interpreted. That’s the next use case That’s what we want to solve.”

He said the technology also has potential in gaming, healthcare, telemedicine and education.

Sunus announced a $32 million Series A on June 22, marking the largest Series A round in history for the speech technology company.

As IT workers continue their arduous job of protecting network users from the bad guys, some new tools could help stem the tide of vulnerabilities that continue to add up to open source and proprietary software.

Canonical and Microsoft reached a new agreement to keep their two cloud platforms running well together. Meanwhile, Microsoft apologized to open-source software developers. But BitLocker made no apology for shutting down Linux users.

Let’s take a look at the latest open-source software industry news.

New open-source tool helps devs spot exploits

Vulnerability software platform firm Resilien announced on August 12 the availability of its new open-source tool MI-X from its GitHub repository. The CLI tool helps researchers and developers quickly know whether their containers and hosts are affected by a specific vulnerability to shorten the attack window and create an effective treatment plan.

Yotam Perkal, director of vulnerability research at Resilion, said, “Cyber ​​security vendors, software providers, and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes, which are often immediately detected. should be addressed.”

“With this flow of information, the launch of Mi-X provides users with a repository of information to validate the exploitability of specific vulnerabilities, creating greater focus and efficiency around patching efforts,” he added.

“As an active participant in the vulnerability research community, this is an impressive milestone for developers and researchers to collaborate and build together,” Perkle said.

Current tools fail to factor in exploitability as organizations grapple with critical and zero-day vulnerabilities, and scramble to understand whether they are affected by that vulnerability. It’s an on-going race to figure out the answer before the threatening actor.

To determine this, organizations need to identify a vulnerability in their environment and find out whether this vulnerability is indeed exploitable, for which there is a mitigation and treatment plan.

Current vulnerability scanners take too long to scan, don’t factor in exploit potential, and often miss it entirely. This is what happened with the Log4j vulnerability. According to Resilien, a lack of equipment gives threat actors plenty of time to exploit a flaw and do major damage.

The launch of Mi-X is the first in a series of initiatives to foster a community to detect, prioritize and address software vulnerabilities.

Linux thrives along with growing security crisis

Recent data monitoring of more than 63 million computing devices across 65,000 organizations shows that the Linux OS is alive and well within businesses.

New research from IT asset management software firm Lensweeper shows that even though Linux lacks the more widespread popularity of Windows and macOS, a lot of corporate devices still run the Linux operating system.

Scanning data from more than 300,000 Linux devices in approximately 26,000 organizations, Lensweeper also revealed the popularity of each Linux operating system based on the total amount of IT assets managed by each organization.

The company released its discovery on August 4, noting that around 32.8 million people worldwide use Linux, about 90% of all cloud infrastructure and nearly all of the world’s supercomputers are dedicated users.

Research by Lensweeper showed that CentOS is the most widely used (25.6%) followed by Ubuntu (20.8%) and Red Hat (15%). The company didn’t break down the percentages of users of many of the other Linux OS distributions in use today.

Chart showing Linux devices by company size


Lensweeper suggested that businesses exhibit a disconnect between using Linux for their enhanced security and proactively putting security processes in place.

Two recent Linux vulnerabilities this year — Dirty Pipe in March and Nimbuspun in April — plus new data from Lensweeper show that businesses are going blind when it comes to the security under their roof.

“It is our belief that the majority of devices running Linux are business-critical servers, which are desired targets for cybercriminals, and the logic suggests that the larger the company, the more Linux devices that need to be protected. ,” said Roel Decnett, chief strategy officer at Lensweeper.

“With so many versions and ways of installing Linux, IT teams are faced with the complexity of tracking and managing devices as well as trying to keep them safe from cyberattacks,” he explained.

Since its launch in 2004, Lensweeper has been developing a software platform that scans and inventory all types of IT equipment, installed software and active users on a network. It allows organizations to centrally manage their IT.

BitLocker, Linux Dual Booting Together Isn’t Perfect

Microsoft Windows users who want to install Linux distributions to dual boot on the same computer are now between a technical rock and a Microsoft hard place. They can thank the increased use of Windows BitLocker software for the worsening of the Linux dual-booting dilemma.

Developers of Linux distros are facing more challenges in supporting Microsoft’s full-disk encryption on Windows 10 and Windows 11 installations. The Fedora/Red Hat engineers noted that the problem is made worse by Microsoft sealing the full-disk encryption key, which is then sealed using Trusted Platform Module (TPM) hardware.

Fedora’s Anaconda installer cannot resize BitLocker volumes with other Linux distribution installers. The workaround is first resizing the BitLocker volume within Windows to create enough free space for the Linux volume on the hard drive. This useful detail is not covered in the often vulnerable installation instructions for dual-booting Linux.

A related problem complicates the process. The BitLocker encryption key imposes another deadly restriction.

To seal, the key must match the boot chain measurement in the TPM’s Platform Configuration Register (PCR). Using the default settings for GRUB in the boot chain for a dual boot setup produces incorrect measurement values.

According to the discussion of the problem in the Fedora mailing list, users trying to dual boot when attempting to boot Windows 10/11 are then left at the BitLocker recovery screen.

Microsoft, Canonical: A Case of Opposites Attract

Canonical and Microsoft have tightened the business knot connecting them with the common goal of better securing the software supply chain.

Both software companies announced on August 16 that native .NET is now available for Ubuntu 22.04 hosts and containers. This collaboration between .NET and Ubuntu provides enterprise-grade support.

Support lets .NET developers install the ASP.NET and .NET SDK runtimes from Ubuntu 22.04 LTS with a single “apt install” command.

Check out the full details here and watch this short video for updates:

Microsoft reverses open-source app sales ban

In what could be the latest case of Microsoft opening its marketing mouth to stumbling blocks, the company recently rattled software developers by banning the sale of open-source software in its App Store. Microsoft has since reversed that decision.

Microsoft had announced new terms for its App Store, effective July 16. The new terms state that not all pricing may attempt to profit from open source or other software that is otherwise generally available at no cost. Many software developers and re-distributors of free- and open-source software (FOSS) sell installable versions of their products at the Microsoft Store.

Redmond said the new restrictions would address the problem of “misleading listings”. Microsoft claimed that FOSS licenses allow anyone to post a version of a FOSS program written by others.

However, the developers pushed back, noting that the problem is easily solved in the same way regular stores solve it – through trademarked names. Consumers may disclose the actual sources of the Software Products from third-party re-packers with pre-existing trademark rules.

Microsoft has since accepted and removed references to open-source pricing restrictions in its store policies. The company clarified that the previous policy was intended to “help protect customers from misleading product listings”.

More information is available in the Microsoft Store Policies document.

The video game market is segmented into five segments: legacy PCs and consoles, evolving mobile devices – mostly phones but some tablets and the emerging cloud. It’s four, I’ll get to the fifth section in a minute.

Looking at these segments, Qualcomm is present mostly in the developed mobile devices. Plus, it has an interesting connection to the emerging cloud segment, as you can’t play games in the cloud unless you have a client device – at least not now. The preferred client device is a smartphone because it is almost always with you.

Now for the fifth segment: VR gaming, which is mostly surrounded by Meta’s Oculus Quest 2 which also uses Qualcomm technology.

Let’s talk about Qualcomm, gaming growth and the roadblocks that currently prevent the expansion from consoles and PCs to more mobile devices and the cloud — and video game trends.

Then we’ll close with our product of the week, which is arguably the best gaming smartphone on the market.

console gaming

It is the oldest form of mass market video game. I say “broad market” because there were video games you could play on a mainframe, but only a small number of people knew how to play them and had access to a mainframe to do so. Console gaming has many enduring advantages, but there are also some significant disadvantages.

On the benefit side, the hardware is dedicated, and all patching and updates are handled by the console manufacturer as long as that version of the console is supported. If you use approved games (which are often downloaded today), you don’t have to worry about malware, and you can be almost certain that any existing title will run well on current consoles. Hardware costs are affordable—typically less than $500 to start—and you can use a good TV screen, so you don’t need an expensive monitor.

The downside is that the game console only plays games. Chances are it doesn’t belong to you unless you’re at home because it’s a bit of a pain to take it on vacation, and it’s a good luck playing games on a console in a car or plane while in transit. This is offset by consoles like the Nintendo Switch that allow for mobile gaming but are aimed at a younger audience.

So, consoles are great for gaming, but not the flexible or portable one most want for today’s games. But gaming on TV at home is good if you have room and no one else wants to use TV while gaming.

pc gaming

The PC gaming market really took off after Windows 95, as that operating system came with the game. This segment has a distinct set of advantages and disadvantages.

Benefits include being able to play and work at the same time, and PCs come in both desktop and laptop forms, allowing for both greater hardware diversity and greater mobility than most consoles. Games that use keyboards and mice work better with PCs, but you can often also use gaming controllers if needed. You can build a custom desktop PC that, in itself, is a status symbol for other gamers, and buy your way to a strong competitive edge.

The disadvantage of PCs is that gaming rigs tend to be expensive. You can easily drop over $5,000 in a top-notch desktop gaming rig. Gaming on a laptop can result in using a smaller display and reduce battery life. A gaming laptop can cost as much as a gaming desktop when fully equipped. While we carry our PCs with us more often than most consoles, we still can’t have them with us when we want to play games. They are large, which makes them difficult to use in a plane or car.

I find laptop gaming performance too restrictive on the size I want to use frequently. I play mostly on a custom gaming desktop rig with a large Dell 49-inch display.

mobile gaming

This is where Qualcomm performs, and it is the fastest growing segment. Also it has advantages and disadvantages as well.

There are advantages with availability and flexibility. Like PC gaming, you can use a smartphone for more than just gaming, and you can multitask. The smartphone is always connected, which can lead to a better connected experience. People carry their smartphones with them so they can play anywhere and often where a PC or console isn’t viable, such as standing in a line. Titles are constantly improving over time, and the richness of mobile games can reach what you see on consoles or even some PC games.

The disadvantages are that smartphones are typically designed for connectivity, not gaming, and a non-gaming smartphone, even if it has Qualcomm’s latest and most powerful Snapdragon processor, will probably be very quick when used for gaming. Will start throttling because the phone cannot dump sufficient amount of heat being generated from it. Performance is usually traded against dynamics. The screen size is much smaller (but can be offset with a head-mounted display) and the smaller screen is also a control surface (but can become a dedicated controller with a head-mounted display).

Overall, smartphones are closing in on the usability and capabilities of PC and console games, but are still limited by the lack of head-mounted displays that force people to play on less capable displays than those typically used on phones. Qualcomm is leading this effort hard, funding gaming tournaments with decent rewards and toughening its flagship Snapdragon 8 and 8+ platforms to meet gamer needs.

cloud gaming

This is highlighted by services like Nvidia’s GeForce Now which provides cloud instances of high-performance gaming PCs for remote gamers.

The advantage is that you get good PC-level performance with any device you can use as a client. These services favor games designed for PCs, but can be played on set top boxes such as Nvidia’s own Shield or on a smartphone based on the controller interface. These services offer the most flexibility in terms of hardware and the lowest cost of entry for top-tier games.

The disadvantage is that they are very network dependent, which means you probably can’t access the service on a plane or cruise ship where network bandwidth is low, and latency is very high. You have to pay a monthly fee; You do not own the Service, and the Service may not contain the game you want to play.

However, it is likely that cloud gaming represents the ultimate future of gaming. We do not yet have the network infrastructure to make it effective.

we are. gaming

While there is VR gaming on a PC, the need for a PC and the limitations of having a cable connected to it have limited the popularity of that approach. Right now, the most popular VR gaming platform is Meta’s Oculus Quest 2.

The advantage is that it is portable and does not require a tether. Games, especially those tied to movement, are fun and very playable. You can play it in the car or plane, and you can watch movies on it in private, just like you would on your PC or smartphone with a head-mounted display. Like game consoles, you have dedicated controllers and the cost is less than $400 to get started.

The disadvantage is that the expectations of VR gaming are ahead of the hardware. Resolutions are lower than people expected, and game content is limited. People are often mocked for using the technology, which creates resistance to adoption. There isn’t much in the way of Cloud Games anymore and Meta is experiencing a shaky $1 billion a month and if Meta fails, there’s no one in the wings to take on Slack.

There’s also AR gaming, highlighted by games like Pokémon Go, but it’s still very limited and the promise of this type of game, as highlighted by the old HP video Roku’s Reward, has never been achieved in production.

wrapping up

Console and PC gaming continues to thrive, but the real growth appears to be in mobile gaming, considering how fast it’s growing and how relatively convenient it is. However, this is constrained by the size of the mobile screen and the need for a gaming phone to truly experience robust mobile gaming. With head-mounted displays, mobile gaming has far greater potential, but these displays are not in widespread use yet which lessens their impact.

VR gaming has immense potential and I expect gaming’s long-term future to be in the virtual space, but we won’t be there for a decade or so because we still need better human-machine interfaces to meet consumer expectations. be able to reach Something like a holodeck.

As a result, gaming is in flux. Console and PC gaming are still viable markets, but mobile gaming is growing rapidly and has the potential to overtake both by the end of the decade. For now, Qualcomm is in a good position on both mobile and VR gaming, which puts it in a good position to help define the future of gaming.

We’ll see soon how it all goes.

Technical Product of the Week

Xiaomi’s Black Shark 5 Pro Gaming Smartphone

The best gaming smartphone in the market right now is the Black Shark 5 Pro.

It uses the latest Snapdragon 8 processor, has a massive 4550mAh battery with over 1,200 charge cycles, offers a 144Hz refresh rate, has liquid cooling and a 108MP triple camera system. Its starting price of $799 makes it a good value, though personally I’d pay $100 more and get the better equipped 12GB + 256GB model.

Black Shark 5 Series Gaming Smartphone

Black Shark 5 Series Gaming Smartphone / Image Credit: Black Shark


Another difference is that it has physical game triggers making it far quicker than screen-based triggers which is important for competitive first-person shooter (FPS) games. I’ve had a Xiaomi phone before and I’ve been impressed with the quality of the firm.

This phone comes in two colors white and black. I like the black version. But what makes this device stand out is the extreme cooling, mechanical triggers, top Qualcomm processor and bigger battery to prevent processor from throttling.

Other features include a 6.7-inch OLED display, HDR 10+, 5 million to 1 contrast ratio, and a dual zone pressure-sensitive display. The Black Shark 5 Pro is a beast of a gaming phone – and my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

The next generation of the Web – Web 3 – has been touted as more secure than the current incarnation of cyberspace, but a report released Tuesday warned that may not be the case.

According to a report by Forrester, a national technology research company, Web3 can be difficult to break into at the infrastructure level, but there are other points of attack that could provide threat actors with more opportunities for mischief than those found in legacy Web. can go.

Web3 applications, including NFTs, are not only vulnerable to attack; Forrester explained that they often offer a wider attack surface than traditional applications due to the distributed nature of blockchains.

Furthermore, it said, Web3 apps are desirable targets as tokens can be worth substantial amounts of money.

The openness of Web3, which is considered one of its main advantages, can also be a disadvantage. Martha Bennett, Vice President and Principal Analyst, Forrester, said, “The code that runs on a public blockchain is easily accessible by anyone with the necessary technical skills, from anywhere in the world – no need to enter corporate security to achieve this. Not there.” He is also a co-author of the report.

“Source code is generally readily available, because the focus is not on running closed source ‘smart contracts’. The Web3 ethos is, after all, ‘open code,'” she told TechNewsWorld.

unwanted complication

David Ricard, CTO of North America at Cipher, a division of Prosegur, a multinational security company, explained that Web3 is based on distributed control of data and identity by its users.

“This broadens the attack surface for individuals who may be unwilling or simply unable to handle the management of their own data and identities, bringing technical complexity to an area that is ‘above anything’ in use.” ‘easy’,” he told TechNewsWorld.

“Scrolling through personal, text messaging, email and social media and shopping apps is a real challenge for them,” he said.

He said the idea of ​​making Web3 code transparent and publicly available is unlikely to gain real traction. “There is a lot of money at stake between capital investors and users of blockchain financial systems and NFTs,” he said.

He further added that making the code transparent and public can also broaden the attack surface in a clear way. “Safe coding practices that predict how someone might abuse a system for nefarious gains are generally not practiced,” he explained. “It is not easy to predict how people might use the system for purposes other than those intended.”

“Most of the financial losses associated with blockchain and NFTs do not exploit immutable objects themselves, but rather manipulate them by exploiting applications that can affect them,” he said.

Furthermore, while legacy systems may be outdated, they may also be robust. “What’s new is also the most vulnerable,” said Matt Chiodi, chief trust officer at Cerby, creator of a platform to manage Shadow IT in San Francisco.

“While time is not always a friend of security, it allows an application to become battle tested,” he told TechNewsWorld. “Web 3 is no different. It’s new and not much tested. Legacy applications have a time advantage. Web3 doesn’t.”

NFT becoming popular target

Even if the code is visible and accessible, the report said, attackers will find weak points. This makes it clear that while attacks on smart contracts and cryptocurrency wallets are confined to the Wild West of decentralized finance, increasingly, NFT projects have become a favorite target.

“Why go for more difficult hacks if there are easier ways to get what you want?” asked Bennett. “Like any other venue where value is traded, [NFT] Markets and communication tools attract people who want to steal or otherwise break the rules.”

“For anything to do with Web3, speed is of the essence, and many of the people involved do not have the necessary expertise to assess a potential security issue,” she said. “Sometimes, startups don’t even advertise for a security chief until something bad happens.”

One of the biggest breaches of the NFT marketplace occurred in June at OpenC, which exposed nearly 1.8 million email addresses. “There was an inside threat involved in that particular case, but the applications that handle the transactions can be quite vulnerable,” Ricard said.

“There may be hundreds of thousands of ways this can be abused, which coders have to try to account for, yet a hacker only needs to discover a vector, once for a breach to occur. ,” They said.

Hangout for Scammers

Forrester also pointed out that social media network Discord has become a major weak point in NFTs and other public blockchain projects. Successful phishing attacks on Discord are at the root of many, if not most, NFT thefts, it continued.

It clarified that attacks are usually targeted at community managers and administrators. Once an administrator account is successfully taken over, attackers have the opportunity to steal extensively, as users rely on messages from community administrators.

Bennett noted that Discord was primarily designed as a communication platform for gamers, not for holding and exchanging value, and that it has mechanisms to mitigate risk. “But these mechanisms can only help if they are implemented, and it is clear that often, they are not,” she said.

“Furthermore,” she said, “Discord attracts a similar share of phishing attacks and scam messages, being the preferred communication mechanism for token projects.”

Ricard said the Discord communities provide a rich source of information for scammers, as well as investors. “The harvesting of participants’ contact information leads to phishing,” he said. “Hacks in digital wallets are not uncommon.”

“The Discord bot has been hacked, so threatening actors can post fake mining offers, resulting in the theft of cryptocurrencies,” he said.

Better security than legacy web?

Forrester’s report notes that in a fast-moving Web 3 world, it’s tempting to ignore security in favor of innovating quickly, but public safety issues can easily derail a major launch or product team. to analyze and mitigate critical security flaws.

Firms can identify risks and protect both the decentralized and centralized components of their Web3 applications by engaging their security teams not only in the software development lifecycle but throughout the product lifecycle.

“Web3 needs to shift its focus to the left, which means getting as much security as possible for developers and making prevention the ultimate goal,” Chiodi said. “Without this focus, Web3 would be indistinguishable from Web2. It would be a shame given its tremendous potential, especially around decentralized identity.”

“Web3’s distributed approach provides a variety of security capabilities, but the fundamental problems remain the same,” said Mark Bower, vice president of product at Anjuna, a confidential computing company in Palo Alto, Calif.

“If an attacker gains credentials, root-level privileges or access to keys — especially private keys that run throughout the ecosystem,” he told TechNewsWorld, “then it’s game over, as if this one in a centralized platform.”