Author: Andy Miller

Large Rises in Amazon’s Web Services (AWS) Revenues, Fuelled By Public Cloud Demand

Posted on by Andy Miller

A massive 45% growth in the revenue of Amazon’s Web Services (AWS) in the fourth quarter has been fuelled by big profits in Amazon’s public cloud arm.

Beats Microsoft & Google In Cloud Infrastructure

The $7.4 billion cloud revenue, which is a jump 45% compared to the previous year, means that AWS is beating competitors Microsoft and Google in the market for cloud infrastructure.  These are the services that businesses and organisations use to outsource their computing and data storage needs.

To give some idea of the scale of the jump in revenue for AWS, these figures mean that it generated more operating income during 2018 than its North American retail operations and that AWS generated the revenue through $25.65bn in sales (compared with the $141.3bn from North American retail operations).

Central To Success

The operating income for AWS in the quarter was $2.18 billion, accounted for 58% of Amazon’s overall operating income, although there was a slight decrease in AWS’s operating margin.

This means that the cloud business has become central to Amazon’s success in terms of revenue and profits.

More Cloud Regions

Amazon purchased two more new cloud computing regions online in 2018, and it says that it plans to open four new regions and 12 new availability zones within those regions by the first half of 2020.

The company widened its base of cloud customers last year, including some big-name sign-ups such as Santander, Korean Air and Amgen.

Not Fastest Growing

Even though AWS has seen significant growth in revenue, Microsoft’s cloud business is growing even faster.  For example, Azure cloud revenue grew by 76% in the latest quarter.

It is, however, perhaps to be expected that the revenue growth rate of a fast-growing company drops off as their revenue base swells e.g. AWS’s has dropped from 78% in 2015 to 42% during the third quarter of 2017.

What Does This Mean For Your Business?

Amazon is clearly a company that has grown very quickly and has diversified (far) beyond its online roots into many areas, including bricks-and-mortar stores (groceries and books), self-service stores in the US, and healthcare, as well as experimenting with innovative new ways to gain an edge in its core business e.g. drone and robot parcel deliveries.  Amazon’s Alexa virtual personal assistant technology and Echo voice-controlled devices have also proven to be very popular in the marketplace.

It hasn’t all been plain sailing though, with the company’s business practices coming under more scrutiny from UK, US, and EU regulators, as well the UK government.

In the business cloud market, AWS is showing strong growth in what is a highly profitable sector as more businesses look to outsource to the cloud, but many market analysts now predict slowing growth and higher spending for Amazon as it tries to compete and fight competitor challenges on many diverse fronts.

Windows 10 Error Messages Soon To Make More Sense

Posted on by Andy Miller

Starting with the April 2019 update, Microsoft will be adding “Learn more” links to its error code messages in a bid to enable users to see what the code means, plus the chance to fix the error on the spot.

Resolved During Installation

The “Learn More” links will be there to help if there is an error during the upgrade (or installation) of Windows 10.  As well as explaining what the error is, Microsoft will also be giving users the chance to resolve the error messages themselves within the installer and will offer suggestions on how to update any problematic applications without having to uninstall.

What’s The Problem?

If a problem is encountered during the upgrade/installation of Windows 10, users are given error messages, for example if a version of an app isn’t compatible with the latest Windows 10 OS, and users need to either update or reinstall the app.

To date, Microsoft has provided articles on how to solve Windows errors written by support staff called the ‘Knowledge Base’ (KB).  The main problems for users have been that:

  • Users don’t know what the numerical error messages in the upgrade and installation of Windows 10 mean, or what to do with those error codes.
  • Users generally don’t know how to use KBs, look for specific KBs using their numerical ID, and there are no direct links to KB articles in setup error notifications.
  • Users have also found that ‘back ‘and ‘refresh’ buttons don’t fit with the error notifications they receive.

Link To A Quick Fix

Whereas the October 2018 Update means that users were only given the options of uninstalling the app, going back, or refreshing in the case of an error, the changes in the April update (code-named 19H1) should afford user the opportunity to save time and hassle by having information about the error to hand, and being able to get quick fix on the spot.

What Does This Mean For Your Business?

The current system of offering up codes that mean little to many to users who are not acquainted with the existence of the Knowledge Base or how to use it causes frustration and can waste time and therefore waste money for businesses.  This change in April appears to be a straightforward, user-friendly way of saving time and hassle by offering users the chance to more easily understand and find a fix for errors on the spot.

At present, a list of the common errors experienced during a Windows 10 upgrade and installation plus explanations of them can be found on the Microsoft Windows Support pages here: https://support.microsoft.com/en-gb/help/10587/windows-10-get-help-with-upgrade-installation-errors

Tech Tip – How To Send Large Files For Free

Posted on by Andy Miller

If you need to send a file online, but that file is too big to send by email, there are several simple, effective and secure alternatives.  Here are some suggestions:

– Use file compression to shrink the file size anyway before sending/transferring. For example, try RAR compression instead of ZIP.  Open source 7-Zip provides effective file compression.

– Upload your file to a cloud-based storage service and share / retrieve from there.  For example, Google Drive (offers up to 15GB of free storage), Dropbox (offers 2GB of free storage space and a variety of sharing options.), Microsoft’s OneDrive (offers 5 gigabytes of free storage), MediaFire (offers 50GB of free storage + simple sharing tools).

– Use a free file transfer service e.g. WeTransfer where you can send files up to 2GB without needing to register, or use free FTP software e.g. Cyberduck, FileZilla, or Chrome’s sFTP Client extension.

Apple’s Video-Calling ‘Eavesdropping’ Bug

Posted on by Andy Miller

Apple Inc has found itself at the centre of a security alert after a bug in group-calling of its FaceTime video-calling feature has been found to allow eavesdropping of a call’s recipient to take place prior to the call being taken.

Sound, Video & Broadcasting

As well as allowing the caller to hear audio from the recipient’s phone even if the recipient has not yet picked up the call, if the recipient has pressed the power button on the side of the iPhone e.g. to silence/ignore the incoming call, the same bug was also found to have allowed callers to see video of the person they were calling before that person had picked up the call. This was because pressing the power button effectively started a broadcast from the recipient’s phone to the caller’s phone.

Data Privacy Day

Unfortunately for Apple, insult was added to injury as news of the bug was announced on Data Privacy Day, a global event that was introduced by the Council of Europe in 2007 in order to raise awareness about the importance of protecting privacy. Shortly before news of the Apple group FaceTime bug was made public, Apple’s Chief Executive, Tim Cook, had taken to Twitter to highlight the importance of privacy protection.

It Never Rains…But It Pours

To make things even worse, news of the bug was made public on the day before Apple was due to announce its reduced revenue forecast figures as part of its quarterly financial results. Apple has publicly reduced its expected revenue forecast by £3.8bn.  Apple’s chief executive put the blame for the revised lower revenue mainly on the unforeseen “magnitude of the economic deceleration, particularly in Greater China”.  He also blamed several other factors such as a battery replacement programme, problems with foreign exchange fluctuations, and the end of carrier subsidies for new phones.

Feature Disabled

In order to close the security and privacy hole that the bug created, Apple announced online that it had disabled the Group FaceTime feature at 3:16 AM on Tuesday.

Fix On The Way

Apple has announced that a fix for the bug will be available later this week as part of Apple’s iOS 12.2 update.

What Does This Mean For Your Business?

Apple has disabled the Group FaceTime feature with the promise of a fix within days, which should provide protection from any new attempts to exploit the bug. Those users who are especially concerned can also decide to disable FaceTime in the iPhone altogether via the phone’s settings.

Even though the feature has been disabled, the potential seriousness of allowing eavesdropping of private conversations and the broadcasting of video from a call recipient’s phone appears to have been a major threat to the privacy and security of some Apple phone users.  This has caused some tech commentators to express their surprise that a bug like this could be discovered in the trusted, trillion-dollar company’s products, and concern to be expressed that those users who, for whatever reason, don’t update their phones to the latest operating system, may not be protected.

Research Reveals Top-Selling Car Keyless Theft Risk

Posted on by Andy Miller

Research by consumer Group Which? has revealed that hundreds of popular models of car are vulnerable to “keyless theft”.

Keyless Car Theft

Keyless car entry systems enable owners to unlock the doors of their car with the brush of a hand if the key fob is nearby. If the car has keyless start-stop, once inside the car, the keyless system allows the user to simply press a button to start and stop the engine.

These systems work by using an identity chip in the fob that constantly listens out for radio signals broadcast by the car. These radio signals can only travel short distances, usually less than five metres.

The Which? Research

The Which? research involved the analysis of data on keyless/relay attacks of tests held by the General German Automobile Club (ADAC), a roadside recovery organisation.

Top-Selling Cars At Risk

The ADAC test highlighted by Which? showed that, of the 237 keyless cars tested, all but three were susceptible to keyless theft.

The 237 keyless cars tested and found to be vulnerable to this type of attack included many of the UK’s top-selling cars such as the Ford Fiesta, Volkswagen Golf, Nissan Qashqai and Ford Focus.  Of the top-selling cars in the UK, only the Vauxhall Corsa was found to be safe, only because it isn’t available with keyless entry and ignition.

Jaguar Land Rover’s latest models of the Discovery, Range Rover, and 2018 Jaguar i-Pace, were all found to be secure.

Car Theft Figures – Rising

England and Wales police figures show that the highest number of offences of theft of (or unauthorised taking of) a motor vehicle since 1990 were reported in the year to March 2018 (106,000).  This worrying rise in the level of car theft comes despite improvements in vehicle security aided by the use of new technology.

Less Than 0.3% Stolen

Mike Hawes, head of the Society of Motor Manufacturers & Traders (SMMT), is reported as saying that, aided by technology, new cars are more secure than ever with, on average, less than 0.3% of the cars on the roads stolen.

Not The First Time Concerns Raised

This is certainly not the first time that concerns have been raised about keyless security in cars.  For example, as far back as 2011, Zurich-based researchers highlighted how radio signals emitted by a car could be boosted, thereby tricking systems into thinking the key fob was nearby.

Also, in 2014, many Range Rover thefts led to police advising owners to fit a steering wheel lock as the second line of defence, after keyless security had been breached by thieves.

There have also been reports of Police investigating cases of criminals blocking the signals from keyless devices, so that car doors never lock, and of thieves using blockers in service station car parks in order to steal items from cars.

What Does This Mean For Your Business?

For car manufacturers, there is likely to be an ongoing battle with thieves, and the need for continuous investment to ensure that car entry and ignition systems are as secure as possible. It is likely that this may even require a move into biometrics.

The SMMT has also been calling for action to stop the open sale of equipment which serves no legal purpose but that helps criminals steal cars e.g. grabbers and jammers, which can be purchased online for as little as £40.

The advice from security experts to owners of cars with keyless systems is to keep keyless entry keys away from doors and windows and in a shielded protection case.  This is because some thieves are known to be able to steal the signal to replicate an owner’s key wirelessly, from outside of their house.

Register Now Or Lose EU Research Grants Post-Brexit

Posted on by Andy Miller

The UK government is urging organisations that benefit from European Union (EU) research funding to sign-up to a UK-led replacement scheme now in order to guarantee that their Horizon 2020 project funding can continue after Brexit.

What Is Horizon 2020?

Dating back to 2014, Horizon 2020 from the EU, is the largest ever European funding programme for research and innovation with a budget of 79 billion euros and is set to run until 2020.  It is aimed at improving Europe’s global competitiveness in research and innovation.  Applications for the funding are open to registered businesses, charities, partnerships or research organisations with a legal standing across the EU. For example, higher education institutions, public bodies and charities make up many of the applicants.

What’s The Problem?

The concern, highlighted by The Department for Business, Energy and Industrial Strategy (BEIS), is that when the UK leaves the EU (possibly without a deal), in order to ensure no disruption in the receipt of funding that organisations are currently receiving from the EU’s Horizon 2020 project, they will need to sign up to a UK-led replacement programme that guarantees continuity in a no-deal Brexit scenario.  According to BEIS figures, therefore, the 2,700 public and private sector organisations that are receiving Horizon 2020 funding from the EU but have not yet signed up to the replacement programme could be at risk of disruption in funding and delays to future grants if they don’t sign up asap.

Guaranteed

Although the Science and Innovation Minister, Chris Skidmore, has guaranteed that UK organisations and businesses who already receive EU science and research funding will continue to do so, even if there’s no-deal Brexit at the end of March, he is urging businesses to register their details on a simple online portal for Horizon 2020 grants in future.

Online Portal – Doesn’t Take Long

The BEIS is, therefore, encouraging the remaining 2,700 businesses to join the current 5,500 registrations to date, to sign-up on the online portal. Reports suggest that it only takes around ten minutes per grant for the data to be inputted. The new portal can be found here:  https://www.ukri.org/funding/how-to-apply/

What Does This Mean For Your Business?

If you are a business or an organisation that receives Horizon 2020, and if you haven’t already done so, the advice is to sign-up via the government’s online portal (run by UKRI) to the UK-led replacement programme in order to avoid disruption to funding.  The BEIS has said, for example, that If an organisation leaves it until 5th March, ahead of a no-deal Brexit on 29 March 2019, they could be risking delays to future Horizon 2020 funding.

Millions of Taxpayers’ Voiceprints Added to Controversial HMRC Biometric Database

Posted on by Andy Miller

The fact that the voiceprints of more than 2 million people have been added to HMRC’s Voice ID scheme since June 2018, to add to the 5 million plus other voiceprints already collected, has led to complaints and challenges to the lawfulness of the system by privacy campaigners.

What HMRC Biometric Database System?

Back in January 2017, HMRC introduced a system whereby customers calling the tax credits and Self-Assessment helpline could enrol for voice identification (Voice ID) as a means of speeding up the security steps. The system uses 100 different characteristics to recognise the voice of an individual and can create a voiceprint that is unique to that individual.

When customers call HMRC for the first time, they are asked to repeat a vocal passphrase up to five times before speaking to a human adviser.  The recorded passphrase is stored in an HMRC database and can be used as a means of verification/authentication in future calls.

Got Voices By The Back Door Said Big Brother Watch

It has been reported that in the 18 months following the introduction of the system, HMRC acquired 5.1 million people’s voiceprints this way.

Back in June 2018, privacy campaigning group ‘Big Brother Watch’ reported that its own investigation had revealed that HMRC had (allegedly) taken 5.1 million taxpayers’ biometric voiceprints without their consent.

Big Brother Watch alleged that the automated system offered callers no choice but to do as instructed and create a biometric voice ID for a Government database.  The only way to avoid creating the voice ID on calling, as identified by Big Brother Watch, was to say “no” three times to the automated questions, whereupon the system still resolved to offer a voice ID next time.

Big Brother Watch were concerned that GDPR prohibits the processing of biometric data for the purpose of uniquely identifying a person, unless the there is a lawful basis under Article 6, and that because voiceprints are sensitive data but are not strictly necessary for dealing with tax issues, HMRC should request the explicit consent of each taxpayer to enrol them in the scheme (Article 9 of GDPR).

This led to Big Brother Watch registering a formal complaint with the ICO, the result of which is still to be announced.

Changes

Big Brother Watch’s complaint may have been the prompt for changes to the Voice ID system. In September 2018, HMRC permanent secretary John Thompson said that HMRC felt it had been acting lawfully, by relying on the implicit consent of users.  Mr Thompson acknowledged, however, that the original messages that were played to callers had not explicitly stated it was possible, or how, to opt out of the voice ID system, and that, in the light of this, the message had been updated (in July 2018) to make this clear.

Mass Deletions?

On the point of whether HMRC would consider deleting the 6 million voiceprint profiles of people who registered before the wording was changed to include ty opt-out option, Mr Thompson has said that HMRC will wait for the completion of the ICO’s investigation.

Backlash

Big Brother Watch has highlighted a backlash against the Voice ID system as indicated by the 162,185 people who have called HMRC to have their Voice IDs deleted.

What Does This Mean For Your Business?

Even though many businesses and organisations are switching/planning to switch to using biometric identification/verification systems in place of less secure password-based systems, it is still important to remember that these are subject to GDPR. For example, images and unique Voiceprint IDs are personal data that require explicit consent to be given, and that people have the right to opt out as well as to opt-in.

It remains to be seen whether the outcome of the ICO investigation will require mass deletions of Voice ID profiles.  Big Brother Watch states on its website that if people are not happy about the HMRC system they can complain to the HMRC directly (via the government website) or file a complaint about the HMRC system to the ICO via the ICO website (the ICO is already investigating HMRC about the matter).  HMRC has said that all the voice data is stored securely and that customers can now opt out of Voice ID or delete their records any time they want.

Too Much Time In Front of a Screen Adversely Affects Child Development Says Study

Posted on by Andy Miller

Psychologists from the University of Calgary have published a study in the JAMA journal of Paediatrics, which found that 2-5 years olds who engaged in more screen time received worse scores in developmental screening tests.

The Study

The toddlers in the study were from 2,500 Alberta homes between 2011 and 2016.  Their families or caregivers were asked to report on how much time the toddlers spent in front of screens. The toddlers were reported to be averaging 2-3 hours per day screen time, and their families/caregivers filled out standard questionnaires about the basic motor and communication skills of the toddlers.  Results were reported for the children at 24, 36 and 60 months old.

Correlation Found

The study revealed a perhaps unsurprising correlation between more screen time and lower results.  For example, greater screen time at 24 months was found to be associated with poorer performance on developmental screening tests at 36 months, and greater screen time at 36 months was found to be associated with lower scores on developmental screening tests at 60 months.

In short, the study found that those toddlers who had excessive screen time were failing to meet developmental milestones in language and communication, problem-solving, and fine and gross motor skills.

Missing Important Interactions

Lead author of the report of the study, Sheri Madigan, commented on the University of Calgary website that if children are consumed with screen time, they aren’t getting enough physical activity, and that this means they aren’t developing the motor skills they need to run, ride a bike, or throw a ball. Madigan said that positive stimulation that aids physical and cognitive development comes from interactions with caregivers and that when children are “in front of their screens, these important parent-child interactions aren’t happening, and this can delay or derail children’s development.”

What Use Are The Results?

The authors of the report, Madigan and Dr Suzanne Tough, have suggested that the findings from this study could, for example, be of use to health-care professionals who are seeking to guide parents on the appropriate screen time limits for their children.

What Does This Mean For Your Business?

As any parent of young children will know, and indeed as the authors of the report have acknowledged, technology is deeply entrenched in modern-day lives, and spending time in front of a screen is something that children do today as part of learning, playing an interacting with their peers.  The point here is that too much screen time for very young children (2 to 5) can set their personal development back in many important areas.

The authors of the report have said that parents needn’t become too concerned, because children’s brains develop over the course of childhood and beyond, so there’s time to make changes.  The authors also suggest that one way that parents can minimise damage to the development of their children from too much screen time by creating and implementing a family media plan. This can involve controlling the number of hours spent in front of screens, establishing device-free zones e.g. at the dinner table, and introducing baskets where everybody puts their devices at certain times of the day, in order to make time for the family connect and interact.

Tech Tip – Drag & Drop Tasks To Your Calendar

Posted on by Andy Miller

In Windows 10, the Tasks experience in Outlook.com (powered by ‘To-Do’) means that when looking at your inbox, you can save time and create tasks by dragging and dropping an email to your task list. You can also easily schedule items by dragging a task to your calendar. Your tasks then travel with you on the To-Do app.

You can see how it’s done on the Windows Blog here:

Go to https://blogs.windows.com/windowsexperience/2018/12/16/windows-10-tip-schedule-items-by-dragging-a-task-to-your-calendar/#WX3WrBWATdGxSk48.97

Naming and Shaming of Companies With Poor Cyber Security

Posted on by Andy Miller

A report from the Cyber Security Research Group and the Policy Institute at King’s College London, has suggested that the government could help combat high cyber-crime levels by naming (and shaming) companies with poor cyber-security.

Who?
The Cyber Security Research Group at King’s College London brings together experts with backgrounds in international relations, security studies, strategic studies, intelligence, public policy, informatics and computer science in order to promote better research into cyber-security.  The other research partner in this case, the Policy Institute at King’s College London is an independent research institute focusing on using evidence and expertise to tackle societal challenges.

Cyber-crime Levels

The report highlights the fact that government’s 2018 data breach survey showed that 4 in 10 businesses experienced a cyber-security breach or attack in 2017-18 should be grounds to enable the public to see what steps are being taken by companies (or not) to keep users safe online and to protect their data.

Championing The ACD Programme

The report also champions the government’s Active Cyber Defence (ACD) programme, which was developed by the National Cyber Security Centre (NCSC) for the public sector, as something that could bring benefits if rolled-out to the private sector too, and/or if at least the tools and techniques of ACD could be extended beyond the public sector.

The report points to the relative success that ACD has had in bringing about a fall in scam emails from fake government addresses, and in shutting down thousands of “phishing” sites that pose as government agencies in order to steal users’ personal information.  Symantec figures, for example, show that phishing rates have increased across most industries and organisation sizes, and in this latest report, Tim Stevens, convenor of the Cyber Security Research Group at King’s College London notes that, according to his research findings, ACD could be rolled out beyond the public sector legally, cheaply and efficiently, with few obstacles, and could help to tackle phishing. The report, therefore, urges non-public sector organisations to engage more actively with the NCSC in order to deploy ACD as a tool to better tackle cyber-crime in the UK.

According to the National Cyber Security Centre (part of GCHQ), the ACD defence programme can be used to tackle cyber attacks in a relatively automated and scalable way. Last February, when the results of the NCSC’s Active Cyber Defence programme figures were published, they showed that UK share of visible global phishing attacks dropped from 5.3% (June 2016) to 3.1% (Nov 2017), and that 121,479 phishing sites hosted in the UK had been removed, and 18,067 sites worldwide that were spoofing UK government sites had been removed as a result of the ACD programme.

What Does This Mean For Your Business?

Reputations are valuable and vitally important to businesses, as should be cyber-security defences, and making sure that strong data protection measures are in place is critical. With this in mind, the idea that there could be a public naming and shaming of companies with poor cyber-security could be one way to incentivise action to be taken to bring about improvements and contribute to the tackling of cyber-crime across the private as well as the public sector. 

The NCSC, for example, has been working with companies for some time anyway with the ACD programme to help them protect their customers.  For example, the NCSC launched a collaborative online platform where BT has been able to share its threat intelligence data with other UK ISPs, and the NCSC has offered support to BT to help strengthen its security and block malicious malware infections. 

As acknowledged, however, in the Cyber Security Research Group and the Policy Institute at King’s College London report, ACD is not a finished product but a work in progress, and it is not a single entity, amenable to simple, one-off deployment. Also, a government programme that is extended to the private sector could face suspicion as being perhaps a way of the government scanning and collecting data about private organisations.  For this reason, the CSRG and King’s College London Report recommends perhaps putting a buffer between the government’s intelligence community and third parties in the form of regulatory authorities in each sector e.g. the Charity Commission in the third sector.

In reality, effective cyber-security comes from a large number of factors working together, including education and training as well as deploying relevant technologies, but the figures from the success of the ACD programme so far, show that it, or tools based upon it, could have real value as part of a number of measures that could help reduce cyber-crime for private as well as public sector organisations.