Author Archive for Andy Wilkinson

Your Latest IT News Update

Ubicoustics Overhears Everything You Do … And Understands

Researchers in the US have presented a paper based on their research that identified a real-time, activity recognition system capable of interpreting collected sounds that could well be used by home smart speakers.

<More>

New Facebook Rules For Political Ad Transparency In The UK

After the US and Brazil, the UK has become the next country to be subject to Facebook’s new rules that require those who wish to place a political advert on the social media platform to verify their identity and say who is funding the advert.

<More>

Browser Support For Early Versions of TLS To End

The makers of all popular browsers – IE, Edge, Safari, Firefox, and Chrome included – have announced plans to disable Transport Layer Security (TLS) protocol versions 1.0 and 1.1 by default.

<More>

Businesses Turning To Zero-Trust Security Model

As a widening attack surface and evolving threats mean that organisations continue to breached despite a large security spend, many businesses are now turning to the ‘zero-trust’ security model.

<More>

Microsoft Co-Founder & Billionaire Philanthropist Paul Allen Dies

Microsoft’s lesser-known co-founder, Paul Allen, who left the company in 1982, has died aged 65 from complications of non-Hodgkin’s lymphoma (lymphatic cancer), with news of his death bringing praise for his generosity as a philanthropist.

<More>

Tech Tip – Setting Print Screen Key To Screenshot On Windows 10

On Windows 10, starting with version 1809 (October 2018 Update), the ‘Snip & Sketch’ app has been re-purposed to become the new default for screenshots. You can, however, choose to set the Print Screen key on your keyboard to open the screen snipping tools. Here’s how:

<More>

Ubicoustics Overhears Everything You Do … And Understands

Researchers in the US have presented a paper based on their research that identified a real-time, activity recognition system capable of interpreting collected sounds that could well be used by home smart speakers.

Identify Other Sounds, and Issue Responses

Researchers at Carnegie Mellon University in the US claim to have discovered a way that the ubiquity of microphones in modern computing devices, and software that could use a device’s always-on built-in microphones could be used to identify all sounds in room, thereby enabling context-related responses from smart devices. For example, if a smart device such as an Amazon Echo were equipped with the technology, and could identify the sound of a tap running in the background in a home, it could issue a reminder to turn the tap off.

Ubicoustics

The research project, dubbed ‘Ubicoustics’, identified how using an AI /machine learning based sound-labeling mode, drawing on sound effects libraries, could be linked to the microphone (as the listening element) of a smart device e.g. smart-watches, computers, mobile devices, and smart speakers.

As Good As A Human

The sound-identifying, machine-learning model used in the research system was able to achieve human-level performance in recognition accuracy and false positive rejection. The reported accuracy level of 80.4%, and the misclassification level of around one sound in five sounds, means that it is comparable to a person trying to identify a sound.

As well as being comparable to other high-performance sound recognition systems, the Ubicoustics system has the added benefit of being able to recognise a much wider range of activities without site-specific training.

Applications

The researchers noted several possible applications of the system used in conjunction with smart devices e.g. sending a notification when a laundry load finished, promoting public health by detecting frequent coughs or sneezes and enabling smart-watches to prompt healthy behaviours after tracking the onset of symptoms.

Privacy Concerns

The obvious worry with a system of this kind is that it could represent an invasion of privacy and could be used to take eavesdropping to a new level i.e. meaning that we could all be living in what is essentially a bugged house.

The researchers suggest a potential privacy protection measure could be to convert all live audio data into low resolution Mel spectrograms (64 bins), thereby making speech recovery sufficiently difficult, or simply running the acoustic model locally on devices so no audio data is transmitted.

What Does This Mean For Your Business?

The ability of a smart device to be able to recognise all sounds in a room (as well as a person can) and to deliver relevant responses could be valued if used in a responsible, helpful, and not an annoying way. It doesn’t detract from the fact that, knowing that having a device with these capabilities in the home or office could represent a privacy and security risk, and has more than a whiff of ‘big brother’ about it. Indeed, the researchers recognised that people may not want sensitive, fine-grained data going to third-parties, and that operating a device with this system but without transmission of the data could provide a competitive edge in the marketplace.

Nevertheless, it could also represent new opportunities for customer service, diagnostics for home and business products / services, crime detection and prevention, targeted promotions, and a whole range of other possibilities.

New Facebook Rules For Political Ad Transparency In The UK

After the US and Brazil, the UK has become the next country to be subject to Facebook’s new rules that require those who wish to place a political advert on the social media platform to verify their identity and say who is funding the advert.

Verification

The new rule in the UK means that anyone who wishes a place an advert relating to a live political issue or promoting a UK political candidate, referencing political figures, political parties, elections, legislation before Parliament and past referenda that are the subject of national debate, will need to prove their identity, and prove that they are based in the UK. This will require them to have their passport / driving licence / resident permit checked by and authorised third-party organisation. The adverts they post will also have to carry a “Paid for by” disclaimer to enable Facebook users to see who they are engaging with when viewing the ad.

Political Advert Archive Too

The “Paid for by” link next to each political advert is linked through to a publicly searchable archive / library of political adverts. The archive / library shows a range of the ad’s budget and number of people reached, and the other ads that Page is running, and previous ads from the same source.

An advert archive of this kind was first launched by Facebook in the US back in May with the plan of making any ads published after May 7th 2018 available to view for up to seven years.

Why?

The rules on political advertising are being introduced in response to interference in the last US election and the UK referendum by state-funded actors from foreign powers (Russia has been accused), who posted adverts and content on Facebook in an attempt to influence the outcomes of both.

For example, the US House Permanent Select Committee on Intelligence (HPSCI) has released evidence of thousands of adverts which ran on Facebook and Instagram leading up to the 2016 US elections. It has emerged that these adverts were purchased by the Russian-based Internet Research Agency (IRA), and ran between 2015 and 2017.

Also, in the UK, it was revealed that Facebook harvested the personal details of 87 million Facebook users without their explicit consent, and shared those details with London-based political Consulting Firm Cambridge Analytica, which is alleged to have used that data to target political messages and advertising in the last US presidential election campaign.

Also, harvested Facebook user data was shared with Aggregate IQ, a Data Company which worked with the ‘Vote Leave’ campaign in the run-up to the Brexit Referendum.

Report Fake News

The new Facebook political advert rules and the searchable archive / library mean that Facebook users will also be able to report a political ad as fake news.

Other Measures

Facebook has made it known that it is taking many other measures to combat fake news and political interference via its platform. This includes an ongoing program of taking down suspect accounts and pages (more than 500 pages and 250 accounts are reported to have been taken down in the last week), and allocating a trustworthiness score to some members to help manage misinformation issues.

Another tech giant, Microsoft, has also been seen to take steps to protect US democracy by introducing a pilot secure email service called ‘AccountGuard’ specifically for use by election candidates.

What Does This Mean For Your Business?

Facebook is likely to have lost a huge amount of trust among users due to a number of high profile issues and scandals, not least of which was its sharing of the personal data of its users with Cambridge Analytica and Aggregate IQ, and how that data was then used for political influence.

With the US mid-term elections just around the corner, and with the UK in a state of uncertainty over the consequences of the referendum vote for Brexit, preventing other states from interfering in the host country’s democratic processes is a hot topic, and something that Facebook doesn’t want to be associated with. Being seen to take positive, pro-active, pro-democratic measures such requiring much greater transparency from political advertisers on its platform could go some way to improving Facebook’s battered reputation in this area.

Facebook still has a long way to go, however, particularly since the recent massive hack, the reverberations of which could go on for a long time in the form of more cyber-crime targeted at Facebook users whose details from Facebook and other apps using the Facebook login were stolen.

Browser Support For Early Versions of TLS To End

The makers of all popular browsers – IE, Edge, Safari, Firefox, and Chrome included – have announced plans to disable Transport Layer Security (TLS) protocol versions 1.0 and 1.1 by default.

TLS

Transport Layer Security (TLS) 1.0 and 1.1 are the early versions of encryption used to secure connections to HTTPS websites. Their job is to provide confidentiality and integrity of data in transit between clients and servers.

This week, and not unexpectedly, all the big browser manufacturers released co-ordinated announcements that TLS 1.0, which will be 20 years old next January, and TLS 1.1 will no longer be supported by their browsers. Newer, updated versions of the security protocol will be favoured instead.

Why?

The reasons given for dropping these versions of the protocol are that:

  • They are now rarely used. For example, Microsoft announced that fewer than “one per cent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.”. Apple, more accurately puts the figure at less than 0.36% of all connections.
  • 20 years is a is a long time for a security technology to stand unmodified, and newer successor versions of TLS are more advanced, provide better performance and are more secure, e.g. TLS 1.3.
  • The finalization of TLS 1.3 by the Internet Engineering Task Force (IETF) in August 2018, means that the proportion of legacy TLS connections will drop even further, and TLS 1.2 is also required for HTTP/2, which should bring performance improvements for the web. Also, vulnerabilities in 1.0 and 1.1 versions will no longer be addressed by the IETF.
  • Old versions of TLS rely on MD5 and SHA-1, both now broken, and thought to contain other flaws.

When?

Each browser has given slightly different dates for their formal dropping of TLS 1.0 and 1.1. For Microsoft browsers it will be later this year. For Apple support for TLS 1.0 and 1.1 will end in March 2020. For Mozilla, March 2020 will also be the removal date, and for Google browser users on early release channels, the date will be January 2020.

What Does This Mean For Your Business?

It is understandable that, with these versions being very old and unmodified, and not used by many connections, and with newer, more secure and better performance versions available, now is a good time to end default support for TLS 1.0 and 1.1. We are told that the newer successor versions offer greater security and performance and less vulnerability to certain types of attack e.g. BEAST, LogJam and FREAK (Factoring RSA Export Keys). These benefits are, of course, likely to be attractive to most businesses.

News of the co-ordinated killing-off of these 2 versions of the protocol may not be such great news of course, to those who have websites that still only using TLS 1.0 or 1.1, because browsers will soon flag up those websites as insecure or state that they are unable to connect.

Businesses Turning To Zero-Trust Security Model

As a widening attack surface and evolving threats mean that organisations continue to breached despite a large security spend, many businesses are now turning to the ‘zero-trust’ security model.

What Is The Zero-Trust Security Model?

The Zero Trust security model, introduced by analyst firm Forrester Research, is an alternative architecture for IT security that doesn’t work on the traditional assumption that the perimeter is the main focus and that the inside of an organization’s network can be trusted. Zero-trust assumes that untrusted actors exist both inside and outside a company network, and that every user access request has to be authorised, using the principle of “never trust, always verify”. In this way, Zero-trust can address lateral threat movement within the network i.e. stopping insider and other threats from spreading once inside.

Breaches

Almost 70% of organisations are getting breached an average of five times a year, with 81% of breaches being simply linked to weak, default or stolen passwords. Once inside networks, attackers can camouflage their attack behind a legitimate identity like a database administrator, can go on to access and decrypt encrypted information, and be harder to spot and stop because of their apparent legitimacy.

According to some security commentators, this shows that identity, and identity-centric security measures are areas that organisations need to focus on, and this is where architecture such as zero-trust can help.

10 Cyber-Attacks Per Week

More businesses are recognising the need for a better approach to all-round security, particularly in an environment where hacking’s on the up. For example, The UK‘s National Cyber Security Centre has just announced that it has stopped 1,600 attacks over the past two years, many by hostile nation states and that there are now 10 such attacks per week. Also, the NCSC’s Active Cyber Defence (ACD) initiative reports removing 138,398 phishing sites hosted in the UK between September 2017 and August 2018.

Four Pillars of Zero-Trust Security

The zero-trust security model is, therefore, believed to be another step forward in the battle against cyber-criminals. The success of the zero-trust security model is based upon four key ‘pillars’, which are:

  1. Verifying users. This involves identity consolidation which can tackle weak / shared password issues (using single sign-on and one-time passwords), de-facto authentication everywhere, and monitoring user behaviour e.g. time and location factors.
  2. Validating devices.
  3. Limiting access of privileged users where possible.
  4. Applying machine learning to all these factors, and using this to step up the authentication processes wherever necessary. Machine learning also removes the need for manual intervention.

Benefits

Those who have implemented zero-trust security have reported many benefits. These include cost savings due to gains in incident response efficiencies and technology consolidation, and greater confidence in supporting users on mobile devices and rolling out new partner and customer experiences.

Challenge

One main challenge to the growth of the adoption of zero-trust security measures is the mistaken belief that it has to be time-consuming and takes a lot of effort to implement. Security commentators are keen to point out that, in reality, implementing a zero-trust security model is a step-by-step process.

What Does This Mean For Your Business?

It seems that the benefits of the zero-trust model are now becoming widely known by UK businesses and organisations. For example, an IDG study revealed that 71% of security-focused IT decision makers are actively pursuing a zero-trust security model, 10% are currently doing pilots, and around 8% who have implemented it fully.

It’s important to realise that the implementation needn’t be a huge hassle and expense and can be tackled step-by-step, using commercial off-the-shelf technology. This approach to security offers businesses the chance to customise their security for their specific data and assets, and strengthen their infrastructure from the ground up by enabling the identification of vulnerabilities and gaps in their current security models at the root level.

This approach can bring some much-needed benefits, not least of which is a greater feeling of trust and a confidence boost. In terms of more measurable benefits to businesses, a Forrester and Centrify study, for example, has shown that by applying best practices of zero-trust principles, organisations recorded 50% fewer breaches within just two months. These kinds of figures are making this approach to security very attractive to many businesses, particularly those who have fallen victim to costly cyber attacks.

Microsoft Co-Founder & Billionaire Philanthropist Paul Allen Dies

Microsoft’s lesser-known co-founder, Paul Allen, who left the company in 1982, has died aged 65 from complications of non-Hodgkin’s lymphoma (lymphatic cancer), with news of his death bringing praise for his generosity as a philanthropist.

School Friends To Billionaires

School friends Bill Gates and Paul Allen set up Microsoft in April 1975 in Albuquerque, New Mexico. In fact, it was Allen who was credited as coming up with the name Microsoft after the pair rejected the name of “Allen & Gates” because it sounded like a law firm or consulting company. Allen chose ‘Microsoft’ because it was an amalgamation of the words ‘microcomputer’ and ‘software’, and because the pair were originally working on making software to run on microcomputers.

The beginnings of success for Allen and Gates happened when, after re-writing software for the world’s first home computer, they bought Dos (disk operating system) from Digital Research and licensed it to Big Blue for IBM PC operating system.

After leaving Microsoft in 1982, Mr Allen set up media and communications investment firm Vulcan in 1986.

Generous

As well as being someone who enjoyed his own wealth and interest in music and the arts by hosting some memorable parties, Paul Allen was well known for his substantial generosity to some worthy causes. For example, Mr Allen donated a staggering $2bn+ to many causes including ocean health, homelessness and science. His interest in using his own resources to create a better world for all were well known.

Sports Fan

Mr Allen also had a keen interest in sport and was the owner of the Portland Trail Blazers basketball team and Seattle Seahawks football team. Mr Allen saved the Seahawks from having to relocate, and this intervention is partly credited for helping them to reach three Super Bowls, and win the NFL championship in 2013.

Several Battles With Cancer

Paul Allen had several battles with cancer, firstly in 1983 with the blood cancer Hodgkin’s disease, then in 2009 with non-Hodgkin lymphoma, and with the final return of the non-Hodgkin lymphoma this year, the complications of which caused his death.

What Does This Mean For Your Business?

The results of Paul Allen’s working life now form an essential part of all businesses as he is regarded as being one of the key founders of home computing, which led to PCs being a tool used in nearly all offices and led to the growth of whole industries. Microsoft Corporation, the company he co-founded with his school friend Bill Gates, has gone on to be a multi-national company worth around $800 billion, and third only in value behind trillion dollar tech companies Apple and Amazon.

The Microsoft Windows Operating System for desktop is by far the most popular operating system in the world, with the MS OS second only to Android in popularity for all platforms. In this sense, Paul Allen’s contribution to the world of computing and how it affects all of our lives will continue long into the future.

His work in promoting, helping, and donating to good causes is also likely to have had multiple positive effects around the world too.

Tech Tip – Setting Print Screen Key To Screenshot On Windows 10

On Windows 10, starting with version 1809 (October 2018 Update), the ‘Snip & Sketch’ app has been re-purposed to become the new default for screenshots. You can, however, choose to set the Print Screen key on your keyboard to open the screen snipping tools. Here’s how:

— Open Settings.

— Click on Ease of Access.

— Click on Keyboard.

Under “Print Screen shortcut,” turn on the “Use the PrtScn button to open screen snipping” toggle switch.

Your Latest IT News Update

New Tech Laws For AI Bots & Better Passwords

It may be no surprise to hear that California, home of Silicon Valley, has become the first state to pass laws to make AI bots ‘introduce themselves’ (i.e. identify themselves as bots), and to ban weak default passwords. Other states and countries (including the UK) may follow.

<More>

Facebook Messenger May Introduce Voice Commands

It has been reported that Facebook has been testing how voice commands could be used in its Messenger platform to help users to send messages, initiate voice calls and set reminders.

<More>

Windows 10 October Roll-out Suspended Due To File Deleting Fault

The October roll-out of the update to Windows 10 as part of the SaaS model has been suspended due to reports that some customers have experienced mass file deletions.

<More>

How Business Emails Are Vulnerable

Research by digital risk management and threat intelligence firm Digital Shadows has revealed that company credentials and emails that can be easily accessed on the web are making it easier for cyber-criminals to target businesses with attacks.

<More>

Goodbye Skype Classic, Hello Blockchain-as-a-Service

Just as November will see Microsoft asking Skype users to switch from Skype Classic to version 8, tech commentators are predicting that Microsoft and other companies will be looking to start reaping the financial benefits of offering blockchain as a service (BaaS).

<More>

Tech Tip – Disable Flash in Edge to Speed Things Up

Adobe Flash may be a way to make websites more exciting and engaging, but it can contain bugs, security holes, and it can really slow things down when you’re waiting for Flash-heavy pages to load. In Windows 10 you can quickly and easily turn off Flash in the Edge browser. Here’s how

<More>

New Tech Laws For AI Bots & Better Passwords

It may be no surprise to hear that California, home of Silicon Valley, has become the first state to pass laws to make AI bots ‘introduce themselves’ (i.e. identify themselves as bots), and to ban weak default passwords. Other states and countries (including the UK) may follow.

Bot Law

With more organisations turning to bots to help them create scalable, 24-hour customer services, together with the interests of transparency at a time when AI is moving forward at a frightening pace, California has just passed a law to make bots identify themselves as such on first contact. Also, in the light of the recent US election interferences, and taking account of the fact that AI bots can be made to do whatever they are instructed to do, it is thought that the law has also been passed to prevent bots from being able to influence election votes or to incentivise sales.

Duplex

The ability of Google’s Duplex technology to make the Google Assistant AI bot sound like a human and potentially fool those it communicates with is believed to have been one of the drivers for the new law being passed. Google Duplex is an automated system that can make phone calls on your behalf and has a natural-sounding human voice instead of a robotic one. Duplex can understand complex sentences, fast speech and long remarks, and is so authentic that Google has already said that, in the interests of transparency, it will build-in the requirement to inform those receiving a call that it is from Google Assistant / Google Duplex.

Amazon, IBM, Microsoft and Cisco are also all thought to be in the market to get highly convincing and effective automated agents.

Only Bad Bots

The new bot law, which won’t officially take effect until July 2019 is only designed to outlaw bots that are made and deployed with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving.

Get Rid of Default Passwords

The other recent tech law passed in California and making the news is a law banning easy to crack but surprisingly popular default passwords, such as ‘admin’, ‘123456’ and ‘password’ in all new consumer electronics from 2020. In 2017, for example, the most commonly used passwords were reported to be 123456, password, 12345678 and qwerty (Splashdata). ‘Admin’ also made number 11 on the top 25 most popular password lists, and it is estimated that 10% of people have used at least one of the 25 worst passwords on the list, with nearly 3% of people having used the worst password, 123456.

The fear is, of course, that weak passwords are a security risk anyway, and leaving easy default passwords in consumer electronics products and routers from service providers has been a way to give hackers easier access to the IoT. Devices that have been taken over because of poor passwords can be used to conduct cyber attacks e.g. as part of a botnet in a DDoS attack, without a user’s knowledge.

Password Law

The new law requires each device to come with a pre-programmed password that is unique to each device, and mandates any new device to contain a security feature that asks the user to generate a new means of authentication before access is granted to the device for the first time. This means that users will be forced to change the unique password to something new as soon as the device is switched on for the first time.

What Does This Mean For Your Business?

For businesses using bots to engage with customers, if the organisation has good intentions, there should not be a problem with making sure that the bot informs people that it is a bot and not a human, As AI bots become more complex and convincing, this law may become more valuable. Some critics, however, see the passing of this law as another of the many reactions and messages being sent about interference by foreign powers e.g. Russia, in US or UK affairs.

Stopping the use of default passwords in electrical devices and forcing users to change the password on first use of the item sounds like a very useful and practical law that could go some way to preventing some hackers from gaining easy access to and taking over IoT devices e.g. for use as part of a botnet in bigger attacks. It has long been known that having the same default password in IoT devices and some popular routers has been a vulnerability that, unknown to the buyers of those devices, has given cyber-criminals the upper hand. A law of this kind, therefore, must at least go some way in protecting consumers and the companies making smart electrical devices.

Facebook Messenger May Introduce Voice Commands

It has been reported that Facebook has been testing how voice commands could be used in its Messenger platform to help users to send messages, initiate voice calls and set reminders.

Internally Testing

Facebook is reported to have confirmed to tech news platform ‘TechCrunch’ that it is internally testing a prototype of voice control (which was discovered by a TechCrunch tipster) in the M assistant of Messenger.

Facebook’s new speech recognition feature goes by the name of ‘Aloha’. It is believed that Aloha will be used for Facebook and Messenger apps, as well as external hardware. The Aloha voice assistant could become part of Facebook’s planned Portal video chat screen device / smart speaker, which is currently in development.

Benefits

Enabling voice control in the Messenger platform could bring considerable benefits to users, such as being able to use Messenger ‘hands-free’ in the car, improving accessibility, and generally making it easier for people to use the Messenger platform in the home and on the go.

How Will It Work?

Initial reports indicate that Aloha will be activated in Messenger by tapping an M assistant button which will appear at the top of a message thread screen. This will enable listening for voice commands.

Need To Differentiate

Apart from the obvious, high profile, negative publicly over the Cambridge Analytica data sharing and the recent massive hack, Facebook has experienced challenges in recent times as many of its younger users have moved to Snapchat. Facebook bought Instagram in a move that many saw as a way to attract the young users that moved from Facebook, but this strategy doesn’t appear to have been highly successful.

Adding a voice assistant to Messenger could, therefore, be a way for it to tackle part of this issue, and to differentiate its Messenger option from competitors such as SMS, Snapchat, Android Messages, iMessage and other texting platforms. Facebook is also known to be experimenting with other visual features such as Facebook Stories, augmented reality filters and more in order to help engage and retain users, and differentiate its services.

What Does This Mean For Your Business?

Facebook has been relatively late to the market with a digital voice assistant, but it appears to have found a way to deploy it at a time when it may be most needed to help differentiate its services from competing services, and to generate some good publicity amid the bad.

One of the biggest challenges that Facebook has at the moment, apart from the fact that Snapchat, iMessage, WhatsApp and other services are already popular and users may be loyal, is one of trust by users. The Cambridge Analytica data sharing scandal, and the recent hack which could have more reverberations as cyber-criminals sell and use the data they stole, may mean that users may not trust Facebook to handle their speech data as responsibly as they would like. There are, for example, stories of how other digital voice assistants have listened-in on their users e.g. back in May when an Amazon Echo (Alexa) recorded a woman’s conversation and shared it with one of her husband’s employees. It remains to be seen, therefore, whether users will now be willing to trust Facebook with what is still quite a sensitive area of personal data governance, particularly where business conversations are concerned.