Archive for April 2016

Your Latest IT Newsletter

New Windows 10 for Testers Shows New Features and Improvements

Microsoft has just released its latest and biggest cumulative update of Windows 10 for PC and mobile to its insider testers in ‘Fast Ring’ i.e. those insiders who receive and immediately install new features as soon as they are approved by Microsoft.

This has enabled us to get the first reports of from those technical few who have risked the possible bugs to let the rest of us know how the latest build of Windows 10 measures up. Reports from the public technical front line indicate that build 14328 also known as the Anniversary Update (due for general release in June) are positive and highlight a number of useful features and improvements.

Most of the latest improvements are likely to benefit PC users, especially those with tablets and surface devices. Here are a few examples of some features and improvements to look forward to.

<More>

Simple Steps to Avert Cyber Attacks and Data Breaches Not being Taken Says Report

The findings of the latest Verizon Data Breach Investigations Report (DBIR) were the subject of several of the IT news websites this week (Computer Weekly and ComputerWorld UK) because they show that organisations are still not taking basic cyber crime prevention measures.

The report appears to show that cyber crimes of which the type and modus operandi are well known and widely publicised are still happening in large numbers because organisations don’t have the staff awareness or relevant training, don’t know the attack patterns for their industry, and aren’t focusing on using simple but well executed security measures.

<More>

Research Predicts Huge Growth in Local Search & Data Discovery Apps

Recently published Juniper Research predicted that the amount of revenue generated by found Local Search & Discovery apps will increase dramatically from last year’s figure of $13 billion to over $44 billion by 2020.

The predicted huge increase in app advertising and location targeting is likely to happen because of the emergence and refinement of proximal wireless technologies.

The kinds of Local Search and Search & Discovery apps and the technology highlighted by the research are e.g. the deployment of Bluetooth beacons in indoor retail settings in order to develop proximity marketing services.

<More>

Technical Tip – Passwords

With multi factor authentication and even biometrics being used to strengthen or plug the security weak spot that a simple or default password now represents, here are some basic suggestions to help you to make your passwords good and secure.

<More>

Technical Tip – Passwords

With multi factor authentication and even biometrics being used to strengthen or plug the security weak spot that a simple or default password now represents, here are some basic suggestions to help you to make your passwords good and secure.

Wherever possible:

  1. Try not to use dates, phone numbers, or things that could be easily linked to you.
  2. Try not to use common words / phrases as these can be discovered using password cracking software.
  3. Make sure that the password is memorable to you and do not write it down.
  4. Combine letters, numbers, and other characters where possible. UpperCASE and LowerCASE.
  5. Use between 8 and 16 characters as this will make it mores secure but will still allow it to be memorable.
  6. Change your password at least every 6 months.

You can always think of a Mnemonic, such as

“I had three wishes for Christmas last year at Mothers House” could become :  1H3W4Cly@MH
… Or something similar …  good luck!

Research Predicts Huge Growth in Local Search & Data Discovery Apps

Recently published Juniper Research predicted that the amount of revenue generated by found Local Search & Discovery apps will increase dramatically from last year’s figure of $13 billion to over $44 billion by 2020. The predicted huge increase in app advertising and location targeting is likely to happen because of the emergence and refinement of proximal wireless technologies.

What Does This Mean?

The kinds of Local Search and Search & Discovery apps and the technology highlighted by the research are e.g. the deployment of Bluetooth beacons in indoor retail settings in order to develop proximity marketing services.

A Bluetooth beacon installed in a shop in a shopping centre for example can broadcast signals to apps on smart devices e.g. smartphones, or web browsers that are nearby. This means that someone entering or passing close to the shop can be sent contextually relevant content and marketing messages (proximity marketing services). These can be combined for example with ‘asset tracking technology’ which uses tracking, barcodes, GPS, or RFID (that broadcasts location) to track physical assets.

This allows the retailer to use personalised offers based on their real-time stock levels. The potential marketing value of this new combination of technologies has led Juniper to predict that retailers could be spending as much as $2.4 billion annually on beacons and asset tracking in 2020.

Technology Drivers

The drivers of this predicted growth are a variety of rapidly improving technologies such as LTE-Direct (a device-to-device technology that can discover other devices and their services in close proximity), Bluetooth, Ultra-Wide Band / UWB (a radio technology for short-range, high-bandwidth communications over a large portion of the radio spectrum), and Wi-Fi FTM (Fine Timing Measurement).

Engaging Customers in New Way

The Juniper Research also highlights how the commercialisation of LTE-Direct will provide new possibilities for vendors and end-users. For example proximal discovery technology such as listening devices could receive offers, news or be notified of events within the vicinity, thereby increasing the scope for proximity communications.

Potential in Other Industries

The research also sees scope for the increased use of these technologies in other industries such as agriculture. Juniper highlights how falling costs for precise positioning technology could drive growth in the precision agriculture industry to help with efficiency. Although there are opportunities for data analytics services to use location data in agriculture it is thought that companies lack the expertise to maximise its potential at the present time.

What Does This Mean For Your Business?

At present there are still many opportunities to be discovered about how and where these technologies can be deployed.

Most obviously though, if you are a retailer in / near a busy retail environment e.g. shopping centre or mall, you have the opportunity to conduct smarter, more targeted, context specific marketing and to present offers to nearby potential customers that link directly to the stock that you have available in that specific location / outlet.

Smarter marketing, tighter targeting, and the ability to get information from and communicate with customers via their mobile devices nearby or in your controlled retail setting could translate into more sales and greater awareness of your brand and services.

New Windows 10 for Testers Shows New Features and Improvements

Microsoft has just released its latest and biggest cumulative update of Windows 10 for PC and mobile to its insider testers in ‘Fast Ring’ i.e. those insiders who receive and immediately install new features as soon as they are approved by Microsoft.

This has enabled us to get the first reports of from those technical few who have risked the possible bugs to let the rest of us know how the latest build of Windows 10 measures up. Reports from the public technical front line indicate that build 14328 also known as the Anniversary Update (due for general release in June) are positive and highlight a number of useful features and improvements.

Most of the latest improvements are likely to benefit PC users, especially those with tablets and surface devices. Here are a few examples of some features and improvements to look forward to.

Windows Ink

Windows Ink is a system that allows you to use an active digital pen attached to your device that will allow you write notes on the screen in various apps e.g. Bing maps and Microsoft Edge, sketch and even annotate your screenshots. These Windows sticky notes are also integrated with Cortana (Microsoft’s talking virtual assistant).

How This Could Help Your Business

This will allow you to take another step towards freedom from relying on lots of bits of paper for notes (that can easily be lost), and offer your business a handy and effective way to transfer paper tasks to your devices. The integration with Cortana will also enhance the experience.

Cortana

The speaking personal assistant Cortana has been improved in several ways including:

  • Enabling of syncing data across all your devices (PC, tablet and phone).
  • Even when your computer is locked / on the lock screen you can still use Cortana to ask basic questions.
  • You can set reminders for photos and content.
  • The relaxing of requirements to use Cortana. This means that if you’re only just starting to use Cortana and just want to ask simple questions you don’t have to go through the initial setup or sign-in with a Microsoft account.

How This Could Help Your Business

The cross device syncing aspect means that you can be sure you’re up to date and get all the helpful reminders that you need. You can also get some helpful and practical business benefits out of features like getting notifications on your PC when your phone is low on battery, and sharing maps across all your devices when you look for directions on your device.

The Start Menu and Task Bar

The Start Menu has been updated by merging ‘most used’ and ‘all apps’ lists into one single view, and there is a rail on left with a power button and quick access to things like Settings, File Explorer, and Profile menu. The taskbar has also been updated with many new features e.g. more badges and when you click the clock button, your daily events will be displayed.

How This Could Help Your Business

New features and improvements like these could save your business time by reducing  the amount of clicking and scrolling.

Other Features / Changes of Note

Other features / changes of note include an improved Action Centre and Notifications, a better lock screen (you can remove your email address from the sign-in screen, and have media controls for music when your computer is locked), and the ability to switch quickly between desktops in ‘Virtual Desktops’.

What Does This All Mean For Your Business?

Savings in time, visual grouping and ease of use, better synchronisation across devices, pen-based systems for digital reminders and reminders from a talking virtual assistant could help with personal organising for you and your staff and help with cost savings. Both of these key benefits can ultimately contribute to speeding things up, better value creation, and sources of competitive advantage.

Simple Steps to Avert Cyber Attacks and Data Breaches Not being Taken Says Report

The findings of the latest Verizon Data Breach Investigations Report (DBIR) were the subject of several of the IT news websites this week (Computer Weekly and ComputerWorld UK) because they show that organisations are still not taking basic cyber crime prevention measures.

The report appears to show that cyber crimes of which the type and modus operandi are well known and widely publicised are still happening in large numbers because organisations don’t have the staff awareness or relevant training, don’t know the attack patterns for their industry, and aren’t focusing on using simple but well executed security measures.

The Report’s conclusions are drawn from an analysis of 2,260 breaches and in excess of 100,000 incidents at 67 organisations in 82 different countries and as such are believed to provide a reliable snapshot of the state of organisational cyber security.

The Usual Suspects

Examples of the kinds of well known data breaches and incidents that are still being allowed to happen too frequently are human error, phishing attacks, web app breaches (908 confirmed data breaches), and malware such as ransomware.

According to the Verizon DBIR, human error accounts for most security incidents experienced by organisations. 26% of these errors involve sending sensitive information to the wrong person. Others include losing / being the victim of theft of laptops and smartphones, disposing of company information incorrectly, and making mistakes when configuring IT systems.

The use of passwords is now a widely acknowledged problem area (hence the rise of biometric systems) and the report shows that nearly two-thirds of data breaches come from using weak, default or stolen passwords.

The report shows that phishing attacks are getting more successful. For example 30% of phishing messages were opened this year compared to 23% last year, with the surprisingly high figure of 12% of those people carrying on to click on the attachment or link in the email.

Multi-Point Phishing Attacks On The Rise

The report highlights a hybrid, multi-point phishing style attack that is gaining in popularity.

This involves the initial phishing email that contains the link to the malicious attachment or website. Once the victim has clicked on the link and downloaded the malware, more malware can then be used to steal details or data, or to lock (encrypt) important files as part of a ransomware attack. Stolen credentials from the victim can then be used for logging into other sites e.g. online shops or banking sites.

High Speed Attacks That Go Unnoticed

The report showed that the speed and stealth of cyber criminals is taking organisations by surprise. For example 93% of cases attackers only took a few minutes to compromise systems and 84% of the cases the victims didn’t find out they had been breached for weeks. Many organisations even had to be informed by a third party that the breach had taken place.

Mobile and IoT Attacks Not Common Yet

Despite predictions over the last year by many security commentators, the lack of significant real-world data on mobile attacks or attacks via the Internet of Things (IoT) appears to indicate no huge surge in crime in these areas.

What Does This Mean For Your Business?

The report shows that it is important for businesses to take the threat of data breaches and cyber crime seriously and to, at the very least, set up simple systems and methods to tackle the basic known threats. This could include:

  • Making sure that staff receive the relevant awareness raising messages and training to ensure compliance, best practices, and to help avoid costly human errors.
  • Making sure that default passwords aren’t used, passwords are made strong and /or are changed frequently and / or making 2 factor authentication compulsory.
  • Keeping up with patching and updates for all computers, even the old ones that don’t get used often. Make sure that third-party CMS plug-ins are patched too.
  • Helping to defend against phishing by making sure that your email filtering works well, segmenting your network, and using layered authentication rather than static passwords when moving around networks.

Your Latest IT Newsletter

Anger as Websites Deleted by 123-Reg in Error

One of the clearest examples of why it is important to have an effective backup system and a disaster recovery plan in place came to light this week when it was reported that web hosting company 123-reg deleted an unspecified number of websites in error.

Judging by reports so far it seems fair to assume that the majority of deletions are likely to have been customers’ current websites.

<More>

Viral Deleted Company Story Was A Publicity Stunt / Experiment

Look up the name Marco Marsala in Google and you’ll see just how many of the major media channels last week picked up on the story of the apparently hapless web hosting company owner who accidentally managed to delete his own and his customers’ websites by typing the code “rm -rf”: into his computer.

It’s only now that we know the whole story was made up by Mr Marsala that it does seem so incredible and unlikely.

<more>

Google Wake-up Call for Unaware or Lazy Web Admins

A recent study by Google and the University of California, Berkeley researchers has not only found a surprisingly large number of compromised websites, but has found that direct contact made with webmasters during the study served as a web security ‘wake-up and take action’ call.

The research results presented at the International World Wide Web Conference found that 760,935 compromised websites had been discovered during the year-long research period to June 2015.

<more>

How To : Clean Malware Off Your Computer

Viruses, worms, Trojans, spyware and some adware are all examples of software that can cause damage and / or cause serious security problems once they get onto your computer.

At a pinch, to get rid of malware quickly, use a program that’s specially designed to find and remove the malware. Free examples include Microsoft’s malware removal tool, Malwarebytes, AVG, PandaCloud and Bitedefender.

A review of some antivirus / anti-malware software you can buy can be found by clicking here. However, it’s probably best that you get your IT support professional to run through this properly for you, unless you are confident you know what you’re doing.

How To Clean Malware Off Your Computer

Viruses, worms, Trojans, spyware and some adware are all examples of software that can cause damage and / or cause serious security problems once they get onto your computer.

To get rid of malware quickly, use a program that’s specially designed to find and remove the malware.

Free examples include Microsoft’s malware removal tool, Malwarebytes, AVG, PandaCloud and Bitedefender.

A review of some antivirus / anti-malware software you can buy can be found by clicking here.  However, it’s probably best that you get your IT support professional to run through this properly for you, unless you are confident you know what you’re doing.

Google Compromised Website Research is Malware Wake-up Call for Unaware or Lazy Web Admins

A recent study by Google and the University of California, Berkeley researchers has not only found a surprisingly large number of compromised websites, but has found that direct contact made with webmasters during the study served as a web security ‘wake-up and take action’ call.

The research results presented at the International World Wide Web Conference found that 760,935 compromised websites had been discovered during the year-long research period to June 2015.

What Risks Are We Talking About?

According to Google’s figures, over 10 million users every week encounter harmful websites that deliver malware and scams. The kinds of risks that can compromise websites include malicious drive-by-downloads and exploits, malicious distribution domains, social engineering sites, and unwanted malware such as ad-injectors, and traditional trojans.

Webmasters Need to Be Aware AND take Action

The central idea of the research was based around the fact that although Google’s ‘Safe Browsing’ and Google Search have features that protect visitors from dangerous content e.g. by displaying browser warnings and labelling search results with ‘this site may harm your computer’, the compromised site is still a problem that needs to be fixed.

Ways need to be found therefore to ensure that webmasters are made aware of the problems with their websites, and prompted to act quickly so that the sites are no longer a risk.

Warnings Not Enough – Direct Contact Is The key

The research in essence appears to have supported what had already been suspected i.e. that the best way to tackle the problem of compromised websites was to make direct contact with the webmaster about it, and thus prompt them to act to put things right.

The researchers found that only 43% of sites flagged with a search warning alone are then cleaned up by the webmaster. The figure increases to in 54.6% if a combination of browsing interstitials, search warnings and WHOIS emails are used.

However, the researchers found that the best way to reduce the risks posed by compromised websites through prompting action by the webmaster was to make direct contact with the webmaster about it. Figures show that direct contact with webmasters increased the likelihood of remediation to over 75%.

What Does This Mean For Your Business?

Your business website could become compromised by cyber criminals if security precautions are not taken or it may even be the case that your website is compromised now and you / your webmaster is not aware of the fact or what to do to patch and purge to remedy the situation.

By signing up to Google’s Safe Browsing Alerts you / your webmaster can get useful information for protecting your users, such as information about and URLs related to unwanted software, malicious software, and social engineering.

Google’s Safe Browsing Alerts benefits from information gained by Google through its monitoring of around 40% of total active networks.

Prioritising the security aspect of your company’s IT governance, especially cyber protection is also an important step towards protecting your company and its stakeholders from cyber threats and other IT related crime.

Viral Deleted Company Story Was A Publicity Stunt / Experiment

Look up the name Marco Marsala in Google and you’ll see just how many of the major media channels last week picked up on the story of the apparently hapless web hosting company owner who accidentally managed to delete his own and his customers’ websites by typing the code “rm -rf”: into his computer.

It’s only now that we know the whole story was made up by Mr Marsala that it does seem so incredible and unlikely.

From First Reports

Mr Marsala who runs his own start-up company posted the news of what he had supposedly done on the support website called ‘Server Fault’ where he asked the server expert users if there was anything he could do reverse his mistake.

In his original summary of his made up predicament Mr Marsala claimed that he had used Ansible (a free-software platform for configuring and managing computers) to automate some server operations. In the course of doing so he said he had made an error in the writing of a small piece of code – a “Bash script with a rm -rf {foo}/{bar}. He stated that not only had this meant the complete wiping of his computer including his own and his 1535 customers’ websites, but had also resulted in the deleting of the backups so that in essence he had deleted his entire company.

Expert Verdicts?

Even though we now know that the whole thing was a hoax, not only did the many expert contributors to the Server Fault support website seem to believe that what he had achieved was the irreversible deletion of his entire business, but they also reportedly:

  • Failed to notice that the code command Mr Marsala mentioned was harmless and would not be able to achieve the devastating results he described.
  • Failed to notice that the open-source Ansible platform prevents these kinds of catastrophic.

Mr Marsala who is reported to have told the Italian publication ‘Repubblica’ that the story was intended partly as an experiment to test the knowledge of the developers on the support site but was then was left unimpressed by what he saw as inaccuracies in their comments and their failure to spot the flaws in his story.

Guerrilla Marketing Success

Mr Marsala is also reported to have invented the story and to promote it in this way as part of guerrilla marketing tactic to gain publicity, ironically for his outsourced server management start-up business.

What Does This Mean For Your Business?

This story re-enforces the necessity for your business to not only take great care in the selection and monitoring of your web hosting company, but also make sure that you / your web host has an effective back up system in place for your website and critical data.

It also illustrates the importance of having a disaster recovery plan in place.

This story is also an example of how a cleverly crafted article / press release / post, some sound knowledge of an industry and the media, and some good luck can lead to plenty of very low cost publicity, irrespective of one’s personal views of the rationale.

Anger as Websites Deleted by 123-Reg in Error

One of the clearest examples of why it is important to have an effective backup system and a disaster recovery plan in place came to light this week when it was reported that web hosting company 123-reg deleted an unspecified number of websites in error.

Judging by reports so far it seems fair to assume that the majority of deletions are likely to have been customers’ current websites.

How Could This Happen?

It is common practice for web hosts to store multiple websites on one server with each customer effectively renting an amount of space on what is known as a virtual private server (VPS).

In this incident, 123-reg is reported as saying that it used software with automated scripts to ‘clean up’ the servers, but that a coding error in that software resulted in the deletion of multiple customer websites. The software was intended to detect server activity but the automatic deletions were triggered when the script wrongly showed several VPSs as running no servers.

It is thought therefore that the lack of a human approval check in this automated process was a key reason why website deletions occurred.

123-reg is part of Host Europe Group (HEG), which is reported to have described itself as Europe’s largest privately owned hosting company. 123-reg has 800,000 customers in the UK where it hosts 1.7m sites.

According to 123-reg the customers affected by their “VPS Issues” were those whose websites were hosted on 67 of its 115,000 servers across Europe. The fault occurred on the morning of Saturday 16th April and an email was sent to customers explaining what had happened the following day.

Back Up If Paid For Or Backed Up Yourself

Reports indicate that the VPS service in this case was “unmanaged” and 123-reg did not have back ups of all the affected customer websites affected, unless those customers had also specifically purchased back up.

Customers who hadn’t purchased the back up aspect had therefore been responsible for backing up their websites themselves.

However. 123-reg is now reported to be using a data recovery specialist to “manage the process of restoration” although this will be on a on a case-by-case basis and therefore is likely to take considerably longer to resolve than those customers with backups who were able to be back online the next day.

Customer Reaction

Reaction was predictably angry and swift as customers took to social media like Twitter to voice their fury and frustration about how it could possibly happen, the levels of communication that they had received from the company about it, plus the impact that it would have on their businesses.

Lost sales (goods, services and tickets), loss of potential new business and funding, as well as potential loss of the business itself were all concerns raised by customers.

What Does This Mean For Your Business?

This incident indicates how important it is for your business to make sure that you and / or the company that hosts your website has a secure backup of your website as well as other critical business data.

Making this one of the key selection criteria for your host / hosting service could therefore save you from some serious problems in the future.

The incident also highlights how important the host selection process is in the first place and to carefully choose a host whose services and capacity closely match the specific requirements and scale of your business both now and in the foreseeable future.

Another important lesson to be learned here is that as part of IT governance in today’s business environment, and as part of your responsibility to your stakeholders it is necessary to have a disaster recovery process in place.