Author: Andy Miller

Tech Tip – Using OneDrive Cloud Storage on Windows 10

Posted on by Andy Miller

If you want to set up quick and easy cloud storage from your Windows PC for storing, sharing and saving files across your different devices you can use OneDrive. Here’s how to set it up:

– If you have a Microsoft account e.g. @outlook.com, @hotmail.com, @live.com email address, Xbox Live or Skype account you can use that to sign in.

– If you don’t have a Microsoft account, go to onedrive.com and click the click the ‘Sign up for free’ button – click on the Create a Microsoft account button, create a new email address and password, click ‘Next’ and follow the instructions.

– To set up OneDrive on your Windows 10 PC, open Start, Search OneDrive and click the top result.

– Using the setup experience, enter your email address, and click the Sign in button.

– Enter your Microsoft password and sign in.

– Click on ‘Next’

– Click ‘Not now’ if you’re using the free version of OneDrive.

– Click through the welcome tips, and click the Open my OneDrive folder button.

– To save your files to OneDrive, open File Explorer (Windows key + E).

– Click the OneDrive folder using the left pane.

– Drag and drop or copy and paste content into the OneDrive folder.

BA Security Fallout

Posted on by Andy Miller

A discovery of the file containing the code used in the recent hack of the British Airways website and app that affected 380,000 transactions has revealed that it only took 22 lines of JavaScript to cause the massive data breach.

Skimming

The hack that took place on 21st August and caused disruption into September is now believed to be down to the injection of a digital skimming file designed to steal financial data from the online payment forms of BA’s website and app. The small skimming file, which was discovered by a cyber-security firm RiskIQ, was used to grab data from BA’s online payment form and then send it to the hacker’s server when the customer hit the ‘submit’ button.

Targeted

The researcher concluded that this was a highly targeted attack where the malicious page in the app was built using the same components as the real website, thereby giving a very close match to the design and functionality of the real thing.

The RiskIQ researcher has described the 22 line digital skimming file implanted by the hackers as “simple but effective”.

Magecart Suspected

The finger of suspicion is now being pointed at a group of hacking operatives known as Magecart. The suspicion is based upon a close match with their modus operandi as highlighted in a recent attack on the Ticketmaster websites where Madgecart also used a similar digital skimmer hidden in a third-party element of the payment process.

More To Come

The attacks on Tacketmaster and BA are believed to be part of a larger campaign by the Magecart hacking group to target big brands, and it is thought, therefore, that more big names will be hitting the headlines soon for data breaches.

Vulnerable

According to some security commentators, the weakest link in payment processes is an obvious place for hackers to strike e.g. by putting older systems or third-party code into a payment chain.

The apparent ease of the attack, which led to the theft of names, email addresses and full credit card details, has led to obvious anger from those affected and criticism of BA by security commentators and professionals.

Big Fine Possible Under GDPR

There is now the real possibility that BA could face a massive £500 million fine (4% of global turnover based on 2017) under GDPR, and this breach is believed to be one of the first really big tests of the new law.

What Does This Mean For Your Business?

Even though the hackers in this case had gone to great lengths to closely tailor their code to the BA site and used a Secure Socket Layer (SSL) certificate, suggesting a serious level of planning and targeting, it still remains a relatively simple method of attack that has exposed vulnerabilities in the payment systems of a big company. The dependable image of BA, the fact that it is such a big brand, and the scale and scope of the theft have caused shock and anger among customers, and there will undoubtedly be substantial costs to BA’s finances and reputation.

As some security commentators have pointed out, there are ways to preventing third-party code taking data from sensitive web pages, and BA should really have been wise to this. In BA’s defence, even encryption of data used in the payment system would not have been effective because the data was intercepted before it had reached the company’s servers.
One positive thing to be taken from this case is that it has alerted more companies to the possibility of this kind of attack, thereby giving them time to build-in defences against it.

Criminals ‘Invest’ More Than Businesses

Posted on by Andy Miller

Research shows that one reason why organisations face constant, serious security threats is that cyber criminals, fuelled by a new cybercrime-based economy are spending much more on cyber attacks than organisations are spending on cyber security.

Cyber Criminals Spending and Reinvesting $Trillions!

Back in 2017, Gartner predicted that organisations would collectively be spending around $96 billion on their cyber-security. Although this is a big number, it is dwarfed by the figures relating to the proceeds of crime.

For example, last year, Cyber Security Ventures predicted that cyber-crime will cost the world $6 trillion annually by 2021, and Bromium’s independent study from April this year showed that the booming cyber-crime economy has generated $1.5 trillion in illicit profits. This figure is the equivalent to the GDP of Russia, meaning that if cyber-crime was a country, it would have the 13th highest GDP in the world!

Although some of these profits have been simply acquired, laundered, and spent, much has been ‘reinvested’ by cyber criminals. This means that there is potentially a great deal more being spent by cyber-criminals on cyber-attacks than is being spent by organisations on cyber security.

Revenues Exceed Those of Companies

In fact, cyber-crime revenues have been found to often exceed those of (mainly SME-sized) legitimate companies, although they can reach the levels of large, multi-national organisations of over $1 billion.

Greater Spending Forecast

Some commentators have forecast hope in the form of much greater security spending by organisations in the not-too-distant future. For example, research company Gartner has noted that, with the average cost of a data breach at $3.86 million (Ponemon Institute figures), and with the recent string of highly publicised data breaches, privacy concerns are becoming the catalyst for increased security spending for organisations. Skills shortages and GDPR are also driving demand for security services.

Gartner predicts that privacy concerns will drive at least 10% of the market demand for security services through 2019 as security and risk management are recognised as being critical part of any digital business initiative. Gartner also predicts that at least 30% of organisations will be spending on GDPR-related consulting and implementation services through 2019.

What Does This Mean For Your Business?

The huge sums being made and re-invested in their activities by cyber-criminals are evidence of a big change in the environment that poses a major threat to data security for businesses. Security commentators have noted that in a world where data has become a valuable commodity, a professional cybercrime-based economy has grown and become self-sustaining system and a platform of criminality that mirrors the platform capitalism model used by big companies. The economic relationships and agents in this criminal system can generate and maintain huge revenue streams that can be used to fund more cyber-crime and other crime such as human trafficking, drugs and terrorism.

The wealth of states is also being used to fund cyber-crime as hacking gangs carry out more state-sponsored attacks (e.g. Russia, China and North Korea) thereby threatening many parts of the UK economy. Clearly, this is a challenging time for UK businesses in terms of planning and spending on security.

90% Of Businesses Blindly Renew Software

Posted on by Andy Miller

A report by Clear Licensing (CCL) has highlighted the fact that most organisations simply renew software maintenance contracts without assessing whether those contracts deliver value.

1 In 10 Companies Check

The CCL report (which is based upon research conducted in and May this year), took into account the responses of 100 global participants, and was designed to understand current trends and identify best practices for the software maintenance market.

The key statistic that the research uncovered was that only 1 in 10 organisations involve the IT asset management function in the decision to renew software maintenance agreements. The inference from this is that software maintenance renewals appear to be blindly renewed without sufficient information to make an informed decision, and without any real assessment of the value they deliver.

In fact, the CCL report found that most software contracts are renewed by system owners or those in finance, and that typical survey respondents had no idea of support volumes, support quality or the strategic value of software maintenance renewals.

Big Spend

Organisations typically spend a large proportion of their annual IT budget on paying for existing software support and maintenance contracts in a market that is estimated to be worth $250 Billion. For example, IT buyers often pay around 20% of the licence fee per year in support and maintenance, thereby meaning that organisations will have paid for their software twice after a five-year term.

Lack of Clarity

Although a software support and maintenance contract typically involves things like bug fixes, security updates, technical assistance and access to upgrades, the CCL report notes that organisations are often confused about what they are actually entitled to and what they are actually getting for their money. For example, maintenance contracts are often perceived as insurance contracts when they are not, and organisations are often afraid and confused about whether they are legally allowed to access to security patches if they don’t have a support contract, and whether they can terminate a software maintenance contract and continue support at a later date.

What Does This Mean For Your Business?

Businesses are worried about a number of things when it comes to deciding about software maintenance and support contract renewals, such as security, stakeholder perception, and the fear of penalties and back-maintenance problems. The CCL report has also highlighted the fact that a lack of clarity about the contracts, not enough scrutiny, the wrong departments making the renewal decisions, and a lack of alternatives at renewal time are just some of the reasons why the path of least resistance is being taken and contracts that may lack value are being blindly renewed.

According to the CCL report, some ways that businesses can avoid this happening include:

  • IT Asset Managers starting with a default position of “no” when it comes to software support renewals.
  • Using ITAM tools / SAM technology providers to help validate the business value of a support contract.
  • Performing a cost / benefit analysis of a contract to help decide about renewal.
  • Applying the 80 / 20 rule. IT Asset Managers can make a big impact on freeing up annual budgets by scrutinising spend on a few well chosen contracts.
  • Getting IT Asset Managers to create decision trees to empower smart decision -making.
  • Collaboration with legal professionals to clarify legal rights around contracts.

Apple Apps Taken Down For Spying

Posted on by Andy Miller

The Mac App Store has taken down a number of well known security apps for the Apple Mac after it was discovered that they are being used to spy on the browsing habits of their users.

Which Apps?

It has been reported that Dr Unarchiver, Dr Cleaner, Adware Medic, Adware Doctor and App Uninstall have all been removed from the Apple-curated Mac App Store on the grounds of spying on users.

Rumbled

A researcher in Germany, identified only by their @privacyis1st twitter identity is credited with alerting the Mac App Store to the fact that the Adware Doctor app attributed to a company called Yongming Zhang (the name of a well-known Chinese serial killer) and the Trend Micro apps were linked to the same suspect IP address in China.

It has also been reported that suspicions and concerns about the apps go back some years. For example, online reports about Adware Doctor from 2016 indicate that the app was using AppleScript to perform actions in violation of Apple’s App Store Guidelines. It has also been alleged that the glowing reviews of Adware Doctor and other applications by the same developer may have been faked.

How?

It has been reported that the suspect apps were able to spy by first tricking the user into giving them macOS home directory access with virus scanning and clear cache options. When this permission was granted, the apps were able to abuse access privileges by gathering browser-history data from Chrome, Firefox and Safari. This data was then sent back to suspected malicious operators.

What Does This Mean For Your Business?

This is not the first time that there have been reports of dodgy apps lurking in legitimate stores. For example, back in January, 36 fake and malicious apps for Android that could harvest your data and track your location, masquerading as security tools were discovered in the trusted Google Play Store. All had reassuring names such as Security Defender and Security Keeper, and many performed some legitimate tasks on the surface, such as cleaning junk, saving battery, scanning, and CPU cooling, but all were found to be hiding malware, adware and tracking software.

Apple generally has a good brand reputation with regards to security so it will undoubtedly be very unhappy to have its name and the store that it curates associated in any way with any malicious apps.

This story is another reminder that, when it comes to apps, even though the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Apple (in this case) didn’t immediately spot the hidden aspects of the apps. Also, we often don’t have the time to make checks on the apps that we download, and good reviews and the ‘halo effect’ of the good name of the store that they’re in are often enough of a recommendation for us to act.

The fact that many of us now store most of our personal lives on our smart phones makes reports such as these all the more alarming, and can undermine our confidence in (and cause costly damage to) the brands that are associated with such incidents.

To minimise the risk of falling victim to suspect apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.

The bad publicity from this story may also make Apple keen to review its systems and procedures for checking the apps that are offered in the store that it curates.

Businesses Set For Augmented Reality

Posted on by Andy Miller

A report based on research by IT Consultancy Group Capgemini has predicted a big shift towards the use of virtual reality and augmented reality by businesses over the next 3 years.

Mainstream Soon

The results of a survey of 700 business executives across multiple sectors show that 46% think that VR and AR technologies will become a major part of their organisation in the next 3 years. Nearly 40% also said that VR and AR would be mainstream in just 5 years.

Based on the findings of its survey, Capgemini thinks that half of all businesses not already using AR and VR technology will start using it as they accept the value-adding and cost-saving benefits that it brings.

Good Results, So Far

The report showed that 82% of businesses already using AR and VR tech said it’s either exceeding or meeting their expectations in terms of can enhancing productivity, efficiency and safety in the workplace.
Driven

The optimism and positive predictions for AR and VR being used by businesses is not just being driven by the positive reinforcement of those who are ready using them, but also by the impressive evolution of immersive technology in a short space time of time.

Relevance?

Some companies may be struggling to see how AR and VR could be applied to their businesses now unless it makes up part of a product, but tech commentators believe that some of the most popular areas where they will be used are in offering remote real-time support to customers and in training staff.

Limitations

Two of the key challenges to the growth of the use of AR and VR by businesses in the UK are a shortage of skilled people (the UK has a tech skills gap) and a shortage of investors.

What Does This Mean For Your Business?

The results of the Capgemini survey show promise and optimism for AR and VR being used by businesses to add value and gain a competitive edge in the marketplace, in much the same way that AI is being embraced and is producing good results.
It is unfortunate that UK businesses are still facing a challenge to their use of technology for growth because of a skills gap that was exacerbated by Brexit fears. As far as this challenge goes, the UK government, the education system and businesses need to continue to find ways to work together to develop a base of digital skills in the UK and to make sure that the whole tech eco-system finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive. This can only help to boost AR and VR development in business.

It is also a shame that the UK, which wants to be a technology centre, is also at a disadvantage in terms of investors compared to places such as the US and China. Capgemini suggests that UK businesses can meet this challenge by streamlining investment to seize the long-term growth potential of AR and VR technology. Also, Capgemini’s report suggests that in order to leverage the business value of AR and VR, UK companies should adopt a centralised governance structure, as well as proofs of concept that are aligned with business strategy, and that they should work on employee change management in order to able to drive innovation in these new fields.

Tech Tip – Send Texts From Your Windows 10 PC With ‘Your Phone’ App

Posted on by Andy Miller

If you’d like to be able to send phone texts from your PC without having to unlock your phone, you can do it with the Your Phone app for Windows 10. Here’s how:

– Open the Your Phone app.

– Click on Messages.

– Click on the See Texts button.

– Click on the Send Notification button.

– On your phone, confirm the notification to allow Your Phone app to access your text messages.

– To send a new message, click the New Message button.

– Type the phone number or search for the contact you want to send a message to.

– Use the reply box at the bottom to send the text from your PC.

Google To Kill Dodgy Tech Support Ads

Posted on by Andy Miller

A rise in the number of adverts appearing in Google placed by scammers offering fake tech support has led Google to announce the rollout of a new advert verification programme.

Can’t Tell The Good From The Bad

Google’s Director of Global Product Policy, David Graff, made the announcement on the Google blog. Mr Graff said that, after seeing a rise in misleading ad experiences stemming from third-party technical support providers, Google had taken the decision to begin restricting ads in that category globally. Mr Graff also said that, because the fraudulent activity takes place off the Google platform, it has made it difficult to separate the bad actors from the legitimate providers, and this has necessitated the roll out in the coming months of a verification program to ensure that only legitimate providers of third-party tech support can use the Google platform to reach consumers.

The Scam Adverts

According to Google, last year it took down more than 3.2 billion ads that violated its advertising policies. Google has banned ads for payday loans and bail bonds services, and has introduced verification programmes to fight fraudulent ads for other services such as local locksmith services and addiction treatment centres. It now appears that the scammers have moved into the tech support category to find their victims.

How The Scam Works

According to FBI’s Internet Crime Complaint Centre (IC3), it received approximately 11,000 complaints related to tech support fraud in 2017. This kind of fraud can use several methods for the initial contact with the victim e.g. telephone, search engine adverts, pop-up messages or locked screens (accompanied by a recorded, verbal message to contact a phone number for assistance), or a warning in a phishing e-mail.

The way the fake tech support scam works using search engine adverts, which is the method that Google has highlighted is that:

  • Criminals pay to have fraudulent tech support company links and ads show higher in search results. Victims click on the links / ads, and the ads provide a phone number.
  • When the victim calls the fake tech support company, a representative criminal attempts to convince the victim to provide remote access to their device. If the device is a tablet or a smart-phone, the criminal usually try to make the victim connect the device to a desktop computer.
  • When a remote connection has been made, the criminal will claim to find expired licenses, viruses, malware or other (bogus) issues and will tell the victim that there will be a charge to remove the issue.
  • The criminal will then request payment through personal/electronic check, bank/wire transfer, debit/credit card, prepaid card, or virtual currency.

The scam has other variations which can also involve re-targeting previous victims by posing as government officials / police, offering assistance in recovering losses from a previous tech support fraud incident.

What Does This Mean For Your Business?

For those companies legitimately offering tech support services online using advertising, as well as for the many previous and potential victims, this announcement by Google will be welcomed. It is also in Google’s interest to police its own advertising platform because it provides a significant source of revenue.

We can all take precautions to stop ourselves / our businesses from falling victim to this type of scam. These precautions include:

  • Remembering that any legitimate tech support company are unlikely to initiate unsolicited contact with you / your company.
  • Installing ad-blocking software to eliminate / reduce pop-ups and malvertising (online advertising to spread malware), and making sure that all computer anti-virus, security, and malware protection is up to date.
  • Being very cautious of any support numbers that have been obtained via open source searching i.e. via sponsored links /
  • Google ads.
  • Not giving any unverified people remote access to any devices or accounts.

Is Google Getting Details of YOUR Purchases From MasterCard?

Posted on by Andy Miller

Reports of a data-sharing deal with credit company MasterCard could mean that some details of your credit card purchases could be shared with Google, and used to improve their online advertising service.

What Deal?

According to reports from Bloomberg, after four years of negotiations, Alphabet Inc.’s Google and MasterCard Inc. have brokered a “business partnership”. The deal, not surprisingly, is reported to have cost Google millions of dollars.

It has been reported that this alliance between the two companies may have given Google access to data that would allow it to get a much clearer view of retail spending by enabling the tracking of whether the Google ads run online actually led to a sale at a physical store in the U.S.

How Could This Work?

Some commentators have envisaged that the way the deal could work for Google is that, if an (anonymous) Google account clicks an advert, and goes on to purchase the product offline within 30 days, Google could include that potentially useful information in a summary to the advertiser in question. In other words, Google gets to offer its advertisers another layer of information about the effectiveness of their advertising.

What Do Google and MasterCard Say?

According to Bloomberg, Google has said this is a beta product that was only launched last year, and has double-blind encryption technology built-in to it anyway, thereby stopping Google or MasterCard from viewing their respective users’ personally identifiable information. A spokeswoman for Google is also reported to have said that there is no revenue sharing agreement with its partners.

MasterCard is reported to have said that it offers its own media measurement services to retailers, but that it relies upon the merchant supplying their own advertising campaign details and spending data for the duration of any campaign. MasterCard is reported to have said that it only supplies merchants and their designated service providers with trends that are based on aggregated and anonymised data e.g. average ticket size and sales volumes.

Both Google and MasterCard have said that any data used as part of this alliance is anonymised.

What Does This Mean For Your Business?

In an omni-channel retail environment, it would make some sense that retailers / advertisers would like to extend the scope of how they can measure their advertising and its ultimate effectiveness. For Google, it’s important to find another way to use its power, data assets, and financial might to find another way to add value, another point of differentiation, and an extra competitive advantage to its online advertising services.

To consumers, however, the thought of any of the credit / private purchasing details shared with another private company without their initial express consent may be somewhat alarming. Even with assurances of anonymised data being used, many people’s trust may not extend that far, and may have been damaged by continuous news stories about data breaches at big companies, and the revelations about the Facebook / Cambridge Analytica data sharing scandal. Google was also recently discovered to be recording the locations of its users via their mobile devices, even when they have requested not to be tracked by turning their “Location History” off.

Even though Google has said that Google users can opt-out with their Web and App Activity controls, at any time, you can’t opt-out of your credit card company receiving information from them if you still owe them money.

All-in-all, on the face of it, you could be forgiven for thinking that this looks like a good deal for Google and MasterCard, a good deal for Google’s merchant advertisers, a potentially bad deal for consumers, and hopefully not a good deal for cyber-criminals.

Microsoft Introduces AI Automated Audio and Video File Transcription

Posted on by Andy Miller

Microsoft’s new AI tool in OneDrive and SharePoint automatically transcribes the contents of video, audio, and image files, thereby making it much faster and easier to find specific topics and references made in those files.

No More Lengthy Transcribing

The growth of digital content, particularly in rich file types such as image, video, and audio files has made things particularly challenging when trying to search through them to find specific references, details, topics or quotes.

Up until now, it’s been a case of physically watching and listening, and transcribing the file into to text to get what you want.

Also, if you need to track down lost screenshots, snapshots and receipts, or if you have to categorise images by keywording them, or if you’re trying to search for images relating to a certain subject, this too has been a time-consuming challenge, up until now.

Search Through Audio or Video By What’s Said

The new AI-based automatic transcription system that’s been added to OneDrive and SharePoint means that users can now search through audio or video by what’s said in the file, and users can quickly find images by conducting searches using keywords based on the content.

How Does It Work?

According to a post on the Microsoft website by Omar Shahine, Partner Director of Program Management for OneDrive and SharePoint, AI can be used to extract the content from an audio or video file, and provide a full transcript which is shown in a viewer, which supports over 320 different file types.

Where automatic photo transcripts are concerned, native, secure AI is used to determine where photos were taken, recognize objects, and extract text in photos and images.

What Does This Mean For Your Business?

With the web, email, text / comms and chat apps now being regularly used as part of businesses, and with digital files and rich format files being favoured, used / displayed, swapped / shared and stored, and with the rise of collaborative online working, this new feature could prove very useful to users of OneDrive and SharePoint.

The many benefits it could bring include saved costs and time in searching and having to physically transcribe, helping to leverage existing content and improve productivity, improving accessibility, and making make life a lot easier for anyone who regularly transcribes audio files e.g. content writers, journalists and anyone involved with archiving and categorising different media types. It’s only a matter of time until other technology will be bolted-on to features like this e.g. facial recognition.

Also, for Microsoft this is a feature that can help it to compete in the collaborative working platform market.