Author Archive for Mike Knight

Cops Get Younger, Windows Gets Older

Via a freedom of information release, the BBC has uncovered some embarrassing information about the technology used by some of our boys in blue.

With regards to the Greater Manchester Police (GMP), they discovered that around a fifth of the force are still trying to do their work whilst using the outdated Windows XP operating system.
The police spokesperson admitted to the BBC : “The remaining XP machines are still in place due to complex technical requirements from a small number of externally provided highly specialised applications.”. He later went on to say : “Work is well advanced to mitigate each of these special requirements within this calendar year, typically through the replacement or removal of the software applications in question.”
Whole Country Surveyed
The BBC queried multiple forces around the country using the freedom of information request system. However, the majority of forces didn’t play ball and were reluctant to release their information, citing security concerns as their reason.
By comparison, of those that did reveal their information, Northern Ireland’s Police Service had just 0.05% using the ageing OS, i.e. less than 1 in 200.
Better yet were the forces of Gwent, North Wales, Lancashire and Wiltshire with zero XP machines whatsoever being deployed.

Shock Met Figures

When asked, London’s Metropolitan Police Service (‘The Met’) refused to cite their numbers.
Paul Mayger (the force’s information manager) was quoted as saying: “Disclosing further information would reveal potential weaknesses and vulnerability.” who then went on to say “This would be damaging as criminals/terrorists would gain a greater understanding of the MPS’s systems, enabling them to take steps to counter them.” Not to be deterred, the BBC appealed against its refusal.
It was revealed back in June that the Met actively uses 18,000 XP machines, equating to over 50% of the total in their arsenal.
Ominously, the ICO has warned that this situation means personal information could be compromised. For example, the recent WannaCry virus meant that Microsoft had to rush out patches, even though they (technically) stopped support back in 2014.

Windows XP – An Overview

Windows XP was launched way back in 2001. (Extended) support was withdrawn in April 2014. Nonetheless it still represents a large share of all the operating systems in existence – especially overseas.

What Does This Mean For Your Business?

This illustrates the leviathan task that large public organisations face, when simply trying to keep up to date in a rapidly changing tech landscape. Large commercial enterprises face similar challenges and therefore smaller, more agile organisations can use this to their competitive advantage.
It should be noted that the roll-out of newer equipment is not necessarily being hampered by budget constraints (although this will certainly be a factor) but rather that complex and/or bespoke specialist systems/software can often make upgrading difficult.
These legacy systems requiring obsolete technology to make them function can hamper both the public and private sector alike. Adopting cloud-based solutions may provide one solution.
When choosing critical systems for a smaller company (Such as a CRM for example), one must weigh up the advantages of a system that is designed specifically for you against the
potential threat that the (specialist) provider may cease to exist and therefore upgrades, support and transferability will be difficult.
As far as security is concerned, using outdated operating systems which are no longer supported is clearly asking for trouble.
On a positive note, there will doubtless be opportunities waiting to be exploited by leveraging the Freedom of Information Act itself in terms of acquiring specialist information and data for marketing purposes.

Tech Tip – Who’s Copying You?

If you are ever concerned about people copying your web based content, then you can use proprietary services like Copyscape to protect your work.

However, there is, of course, a cost associated with that so if you’re only running perfunctory checks now and again to see where (or if) your material has been repeated, you can simply use trusty old Google.

Simply highlight a sample of several words within your text that should be unique to your own content and hit CTRL ‘C’ i.e. control C. This then copies that text to your clipboard.

Go to google and enter two separate double quotes as in “”. Then, paste your clipboard between the pair of double quotes with the CTRL ‘V’ (control V) and hit “search”.

Because entering text within a pair of double quotes asks Google to look for that text exactly , the results returned (if any) must include the text you searched for. With any luck, the return will show “0 Results” and you’ll have no cause for concern.

If (apart from occasional citations of your work) you have someone that is repeatedly and grossly plagiarising your work, you may wish to consider issuing a semi-formal ‘cease and desist’ request before taking more drastic action.

Which? Condemns Windows 10.

It appears that Microsoft has had a more than a small slew of complaints about its latest Windows incarnation, Windows 10.
Windows 10 was released in July 2015 as a free upgrade for one year and was designed to run across laptops, desktop computers, smartphones and Microsoft’s augmented reality headset HoloLens.
Which? (the consumer rights people) have been public about complaints they’ve received, plus their findings of a survey, in which over 5,500 members were polled back in June of this year.
Of those surveyed, about 300 (of the 2,500 that had upgraded to Windows 10) had gone on to install a previous version of Windows.
Which? has said that (in hundreds of complaints received) the upgrade caused various issues including files being lost, emails no longer working properly and issues with printing and wi-fi.
What could be seen as even more galling than launching faulty software, is the fact that many users had their operating systems upgraded to Windows 10 without their intent or consent.
i.e. Windows 10 was simply installed without their permission or request.
In many cases, users had to fork out to have their computer repaired. Famously, one Californian woman, Teri Goldstein, was awarded $10,000 when she sued for problems arising from the forced upgrade.
Microsoft Defends Itself.
Keen to deflect further criticism, Microsoft reminded people that it provides help both online and via phone.
A Microsoft spokesperson said “Customers have distinct options. Should a customer need help with the upgrade experience, we have numerous options including free customer support.”
“The Windows 10 upgrade is a choice designed to help people take advantage of the most secure and most productive Windows,” continued the spokesman.
However, Alex Neill from Which? said “There have also been complaints about poor customer service from Microsoft when users contacted the company about the problems they are having.
We rely heavily on our computers to carry out daily activities, so, when they stop working, it is frustrating and stressful. Many people are having issues with Windows 10, and we believe Microsoft should be doing more to fix the problem”.
Further Issues.
It doesn’t stop there; in August, a Windows update disabled millions of webcams which prompted a Microsoft engineer to admit they done a “poor job” of alerting people.
The French Data Authority caused more consternation when it proclaimed in July that Windows 10 was “gathered an excessive amount of personal data” about users.
The general consensus from some media commentators is that Windows 10, whilst far from perfect is nevertheless still better than Windows 8, which would hardly seem to be an accolade.
What Does This Mean For Your Business?
The majority of us use a Windows-based operating systems when conducting our daily work.

Microsoft appears to be increasingly belligerent when it comes to upgrading its software and as a consequence, we can perhaps justifiably feel aggrieved and threatened when the annoying nag-ware repeatedly asks us to upgrade.

It would make sense to discuss upgrade issues with your trusted IT personnel (some people prefer to downgrade) and ascertain which settings can be changed to reduce or eliminate the data collected by Microsoft. Ensure – in advance – that key operating software and devices will continue to work properly when upgrades occur and ensure you can “roll-back” to a previous version if necessary.

Yahoo Hacked – 500+ Million Users Exposed.

Yahoo is now facing a lawsuit from a New York man, Ronald Schwartz, over the 2014 data breach whereby 500 million users (at least) have been compromised. The company has been accused of gross negligence and the lawsuit is on behalf of those people affected in the United States.
Compensation (for ‘unspecified damages’) is being sought for “reckless disregard for the security of its users’ personal information that it promised to protect”.
This is a bitter blow to the company which has already had a hard time maintaining confidence in recent years despite various CEO’s being brought in to try and save the demise of the one-time paragon company.
Last week, Yahoo’s blockbuster announcement that 500 million account details were stolen in what it described as a “state sponsored attack” was met with alarm by both the public and by the US senate as well.
Marissa Mayer (The current CEO) had failed to turn the company around (despite various initiatives and acquisitions) and so the decision was made to sell the core business to web giant Verizon for $4.83 billion in July. This deal, which had not been finalised, could now be less certain given the latest bombshell, not least of which is the public outcry at Yahoo’s apparent lack of regard towards security.
There are reports that Yahoo knew about the issue well before the deal was brokered to Verizon, prompting calls for a formal investigation.
What Does This Mean For Your Business?
Whilst there are a number of issues of concern here, the salient points that can be drawn are that even blue-chip household names like Yahoo can be hacked and have your details exposed.
Moreover, it seems that (incredibly) these leviathan corporations can – and do – report their breaches well after the event, wittingly or otherwise.
This means that you may have been compromised and not know it until months (or even years) after the event which just goes to show that regularly updating passwords and maintaining a disaster recovery plan are essential, at the very least.
Maintaining an evolving security schedule/policy is essential and all staff or persons with access to your online data need to be regularly trained and updated.

Curiosity Killed the (Victorian) Cat.

A number of infected USB sticks have been sent to  Melbourne (Victoria) households recently, prompting a warning from local police. The (unmarked) devices contained a range of malware, including rogue media-streaming services.
Whilst this occurrence took place in Australia, leaving deliberately infected USB sticks in places for unsuspecting members of the public to access is not uncommon.

The perpetrators rely on natural curiosity for this particular infection-vector to work because once connected to a computer, the hapless user can unwittingly become infected and spread malware to others.  It’s relatively easy for the infected computer to show no outwards signs of being infected, making the hack even more pernicious.
Targetting households this way with USB sticks is rare, due to the cost of the devices and relative expense in distribution compared with (say) phishing emails. Where this vector of attack is employed, businesses are the usual target due to the greater potential rewards for expenditure.
The number of people willing and/or ignorant of the risks associated with inserting unknown devices onto their computers is surprisingly high as a study conducted by the University of Illinois discovered earlier this year. In their experiment, they strategically placesd 297 USB sticks around the university campus and were shocked to discover that between 45% and 98% of the sticks would have successfully infected computers (had they actually contained malware).
This lack of care with regards to USB drives extends beyond college students as evidenced in the well-publicised case involving the attack on an Iranian nuclear plant, subsequently affecting their uranium centrifuges. It is understood that (incredibly) a powerful virus known as Stuxnet was recently left on a USB stick which was then deployed within the Iranian nuclear facility.
What Does This Mean For your Business?
The message here is simple. Be very careful when considering introducing unknown devices onto your machine or network, for oviopus reasons.
What is less obvious is that even new devices, in full packaging, from high street shops may also be a security risk. Given the “number of hands” they change through from manufacturer through various distributors until they eventually reach the high street, malware can potentially be introduced at any stage.
Whilst no specific retailer is being mentioned in this context, the advice remains the same; be very careful when introducing new or unknown devices to your network and if in doubt, ask your security expert to verify it for you.

Your Latest IT Newsletter

Are Microsoft going to repeat their aggressive ‘upgrading’ technique again (even though they u-turned yesterday). Is Google going to start analysing our souls for authentication? Is Big Data just a Big Headache?

Here’s what’s been going on …

Google … Wants to ‘Trust’ You …

Google is currently in a bid to get rid of your (un)trustworthy passwords and replace them with a ‘trust score’. At least, that’s it’s plan … and to have it rolled out on Android phones by next year.

Why Does Google Want To Get Rid Of Your Password?

There are many reasons why traditional passwords can be inappropriate as a means of security protection.
<More>

‘Nasty Trick’ … Used By Microsoft. Never!

Never a stranger to controversy, Microsoft has been in the spotlight again recently – in yet another storm about Windows 10.

The ‘nagging’ that many Windows users will currently be receiving is more persistent than ever at the moment. Not only that but the ‘sneaky trick’ that some IT people feel is underhand has to do with trying to close the ‘nagging’ pop-up box.

Usually, clicking the cross on the top right hand side of a pop-up screen is to close the pop-up. However, Microsoft now accepts this as tacit agreement to upgrade to Windows 10, rather than rejecting it.
<More>

Businesses Want Big Data Benefits … But Don’t Know How To Get Them

A recent survey by DNVGL reveals that more companies than ever (around three quarters) are investing in Big Data, yet less than a quarter of companies admitting to having a proper strategy. (Note that the figures are taken from their own recipients)

So, further to our recent article about ‘data-exhaust’, let’s look at why this could be significant for your business…
<More>

Businesses Want Big Data Benefits … But Don’t Know How To Get Them.

A recent survey by DNVGL (ref. https://www.dnvgl.com/Images/ViewPointReport_BigData2016_lowresRetEx-R_tcm8-61203.pdf) reveals that more companies than ever (around three quarters) are investing in Big Data, yet less than a quarter of companies admitting to having a proper strategy.
(Note that the figures are taken from their own recipients)
So, further to our recent article about ‘data-exhaust’, let’s look at why this could be significant for your business…
What is ‘Big Data’?
At it’s heart, ‘Big Data’ is all about empowering your company to make better, more accurate and faster choices about how best to run your sales, marketing and operations.

From a sales point of view, it can be harnessed to get that bit closer to your customers
A Sales Example … Caesars.
This well know gaming company has employed data analytics for a long time already and is now stepping into the future with big data analytics for better, faster decisions.
Historically, they’ve always had data about their client’s habits from their website click-paths, loyalty programmes and real-world slot machines.
However, until now they’ve had trouble in integrating all this information in real-time to gain better insights.
By using Big data thinking (integrating and analysing multiple data streams in real-time) they discovered when :

1) Someone was a new customer to its loyalty programme …
2) Had a poor run of luck in the slot machines …
3) They’ll likely never return.
By being able to test and analyse in real time, they discovered that :
1) If that new client is presented with a free meal coupon …
2) Whilst still at the slot machine …
3) They’ll be much more likely to return to the casino … to spend more money.
The key thing they discovered was in the timing that the coupon offer was made : it was critical to be offered not too soon and not too late.
Signal and Noise
The trouble is that (as the findings from the survey bear witness) most companies have little understanding of big data and as a result, the “signal gets lost among the noise”.
This is hardly surprising, when you consider the global quantity of information is apparently increasing at around 2,500,000,000,000,000,000 bytes per day. Actually – that figure was taking all the way back from a year ago around April 2015 … so it’ll be more now.
What This Means For Your Business
Clearly, we don’t need more data, just more people trained in how to process it.

Like security, Big Data analytics is only going to become more relevant and important and the tools that are emerging to help savvy business owners get ahead should at the very least be investigated.
Big data should be considered for incorporation within the company’s training manifesto, to at least appreciate the opportunities available.
One might consider the mantra … “Ignorance isn’t bliss, it’s just ignorance.”

‘Nasty Trick’ … Used By Microsoft? Never!

Never a stranger to controversy, Microsoft has been in the spotlight again recently – in yet another storm about Windows 10.
The ‘nagging’ that many Windows users will be receiving is more persistent than ever at the moment. Not only that but the ‘sneaky trick’ that some IT people feel is underhand has to do with trying to close the ‘nagging’ pop-up box.
Usually, clicking the cross on the top right hand side of a pop-up screen is to close the pop-up. However, Microsoft now accepts this as tacit agreement to upgrade to Windows 10, rather than rejecting it.
In a bid to stem the resentment this confusing new policy has caused, Microsoft has said that you can still cancel the upgrade at the point that Windows 10 is due to to be installed.
Why Has Microsoft Changed Its Policy Now?
The update has been classified as “recommended” and with interest in IT security at an all time high with business owners and general pubic alike, a significant proportion of Windows users have their settings configured to automatically accept “recommended” updates.
In short, closing the pop-up box does not cancel your automatic upgrade to Windows 10.
Some notable people in the IT industry have considered this move to be a “nasty trick”, including Brad Chacos of PC World, who went on to say “Deploying these dirty tricks only frustrates long-time Windows users who have very valid reasons to stick with operating systems they already know and love”.
Microsoft have defended their position by saying :”With the free Windows 10 upgrade offer ending on 29 July, we want to help people upgrade to the best version of Windows.

As we shared in October, Windows 10 will be offered as a ‘recommended’ update for Windows 7 and 8.1 customers whose Windows Update settings are configured to accept ‘recommended’ updates.
Customers can choose to accept or decline the Windows 10 upgrade.”
Stop-Press.
At the time of writing, Microsoft has just u-turned it’s policy here.
Due to the negative feedback and publicity, Microsoft just announced it would add another notification that provided customers with “an additional opportunity for cancelling the upgrade”.
What This Means For Your Business
It is entirely likely that having Windows 10 software automatically installed on your company’s PCs is a good thing and could even save you money in the medium and long term.
However, in any event, it would be sensible to ascertain in advance how the upgrade will impact any systems and software you specifically may be running. Indeed any older, legacy software could possibly stop working properly if there are compatibility issues so obviously it’s best to check in advance.
It will be interesting to see how aggressively Microsoft insists your company upgrades in the future … and how this could affect your licencing with other software vendors you rely on.

Google … Wants to “Trust” You.

Google is currently in a bid to get rid of your (un)trustworthy passwords and replace them with a ‘trust score’. At least, that’s it’s plan … and to have it rolled out on Android phones by next year.
Why Does Google Want To Get Rid Of Your Password?
There are many reasons why traditional passwords can be inappropriate as a means of security protection.

For starters, many people have passwords that are easy to guess (crack) based on personal information or common words. Other people invariably forget their passwords … causing them to write them down or leave them stored inappropriately, in spite of the obvious risks.

The arrival of quantum computing may even render passwords obsolete altogether.
How Does The New System Work?
It’s based on a system called “trust scores” and uses combinations of inputs (voice, keyboard etc) to ensure that you are who you say you are, via a “Trust API” to be employed on mobile phones using the Android operating system.
We all have unique signatures in the ways that our phones are accessed and so this system can use a variety of checks to build your trust score.
Facial recognition, location, voice recognition, typing speed etc are a few of the more obvious choices.
It’s Not Just a Yes or No
Different services can require different levels of security and so something (seemingly) trivial like access to playing games might require a low trust score whereas a banking app would require much higher levels of ‘trust’.
Daniel Kaufman at Google’s I/O conference said “We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password? It should just be able to work.”
Daniel is in charge of Google’s Advanced Technology and Projects Group (ATAP), itself responsible for experiments within Google.
Here is a Youtube link of him speaking at the event : https://www.youtube.com/watch?v=8LO59eN9om4 which makes for compelling viewing.
A Definite Trend
There are many examples (several of which we have cited recently) where other companies are promoting other ways to access their services and data, without passwords.
Last year in April, Elon Musk’s old stomping ground – PayPal –  suggested biometric possibilities such as signature ‘tattoo technology’ embedded under your skin or passwords you could “swallow”.
Talk-Talk (itself a recent victim of a high profile security breach) has abandoned passwords for voice recognition.
Retina scans and finger print recognition may almost seem old news by comparison.
When Will This Be Rolled Out?
Google has determined that it will start testing the Trust API within a few weeks with large financial institutions. It said it hoped to have it available for all android phones – and thus kill the password – by the end of the year.
What Does This Mean For Your Business?
A lost/stolen/compromised mobile phone is a vulnerable point of potential attack that many businesses don’t consider properly when thinking about their overall security.
IT security is ever increasingly becoming a major factor in every day business operations, right up there with administration or production. Anything that can make our data more secure has to be a good thing although of course there is yet to be established the legal ramifications of due diligence and responsibility if/when systems are compromised using this new technology
Whilst this move is aimed at mobile phones due to their very nature of having more sensory inputs than (say) a laptop, it could potentially be migrated to other devices as well, should it prove successful.

Your Latest IT Newsletter

IT Contractors and Employers Face Government Tax “Disguised Employment” Clampdown

With the latest budget this week there is one piece of news for IT companies that is not going to be met with the joyous enthusiasm of an Apple product launch. In a bid to find £400 million it is reported that the Chancellor George Osborne will be turning the tax spotlight onto IT Contractors as part of what has been publicised as a wider move to close what has been seen in recent years as a tax loophole. This latest tax clampdown could in theory affect many freelancers.

The reported loophole that is about to be closed relates to those estimated 100,000 people in a variety of industries who have their salaries paid through what are known as ‘personal services companies’.

<More>

New ‘Outline’ Tool Speeds Up Google Docs Navigation

A recent IT World article has highlighted how the introduction of a new tool by Google could make life easier for those trying to navigate their way through a lengthy document in Google docs on the Web with a tablet and on Android.

One of the challenges for those of us who use Google’s online collaborative word processor ‘Google Docs’ is that navigation through documents, particularly lengthy ones, can be a slow process if its just a case of only being able to scroll through to find a specific section. The new ‘Outline’ tool from Google is designed to speed things up displaying a pane on the left hand side of the page that shows the features and headers of the document and allows you to jump quickly between each of the sections.

<More>

Concerns Over The Passing of New ‘Hacking on Demand’ Law

A recent article in Computer Weekly has highlighted how the Investigatory Powers Bill could see IT companies being forced by law to use hacking on demand to help the UK government with aspects surveillance or face serious criminal charges!
Most people in the UK would find it difficult to deny that we as a country face many different kinds of threats at home and worldwide. What is causing some surprise however is the extent, scope and potential impact of a new UK law that could grant the UK government unprecedented powers over IT Companies and their customers.

The Investigatory Powers Bill also known by its critics as “Snoopers’ Charter” is a new law that is has been introduced by the Home Secretary Theresa May. The government say that the legislation which will grant them an unprecedented amount of Internet surveillance powers will help them to fight terrorism, organised crime and paedophilia.

<More>