Design social media posts, ads, presentations, cards, flyers and more with ‘Desygner’, a free, popular graphic design app for phone or tablet. The app has an intuitive interface and thousands of templates to choose from. Although the basic offering is free, you can switch up to a £5.99 monthly subscription if you plan to use the app regularly.
To install the app, look for ‘Desygner’ in Google Play.
Research teams at Ca’ Foscari University of Venice and Tu Wien in Austria have discovered security vulnerabilities in the TLS browser encryption defence system of 5.5% of the 10,000 HTTPS sites which could leave website visitors vulnerable to attack.
What Is TLS?
Transport Layer Security (TLS) is one of the two security protocols (the other is SSL) used in HTTPS to encrypt the data between your browser and the web servers it communicates with. The visual symbol on a browser that this secure connection is place is a green padlock symbol.
HTTPS should secure communication over the Web by providing a cryptographic protection layer that protects the confidentiality and integrity of communication and enables client/server authentication.
The Research
The recent research carried out on top ranking HTTPs sites (ranked by Amazon’s Alexa analytics company) uncovered a number of potentially exploitable TLS vulnerabilities in 5,574 hosts that could be broadly grouped into 3 risk categories:
More detail of the vulnerabilities identified include:
Green Padlock Still Showing
The vulnerabilities identified by the researchers were present even though the green padlock symbol was still showing on the browser. This indicates that the vulnerabilities are not fixed, not even noticed by the browser’s defence layer, and are not pointed out on the user side
The Causes
The vulnerabilities are thought to be caused by a combination of issues in how each site’s TLS encryption schemes have been implemented and a failure to patch any known bugs. Most of the issues are, therefore, due to external or related-domain hosts.
What Does This Mean For Your Business?
For many businesses, buying a HTTPS certificate for their website was a trusted way to help ensure security, particularly with the introduction of GDPR. This research, however, shows that even this system has holes in it, and it is particularly worrying for businesses (and as general web users) that, for example, 898 HHTPS websites were found to be fully compromisable.
The researchers have demonstrated how a relatively limited number of exploitable HTTPS vulnerabilities can be amplified by the complexity of the web ecosystem, and how the security of many so-called secure websites with encrypted connections can be severely harmed by cryptographic weaknesses, many of which are due to external or related-domain hosts.
This story also highlights the importance of keeping up to date with software patches and fixes.
Security experts are warning companies with a Magento e-commerce site to make sure that it has the latest security patch and updates in order to avoid the risk of card skimming attacks.
Magento
Magento, originally developed by Varien Inc (now owned by Adobe) is a leading open-source, enterprise-class e-commerce platform written in PHP.
Security concerns about unpatched Magento e-commerce stores have been raised in the past e.g. in 2015 and 2016, with their possible susceptibility to a cross-site scripting attack, and in 2017 Magento CE web stores possibly being susceptible to Remote Code Execution attacks (skimming) and possibly having the database and server taken over.
Latest Vulnerability
The (SQL) injection vulnerability in pre-2.3.1 Magento code means that attackers would not need to be authenticated on the site and would have a level of privilege to be able to e.g. carry out a card skimming attack and could even launch automated attacks (because authentication isn’t needed).
For example, security expert Marc-Alexandre Montpas, a researcher at security firm Sucuri, has warned that this vulnerability is potentially so dangerous because of the number of active installs, the ease of exploitation, and the effects of a successful attack.
This kind of (SQL) injection vulnerability could even enable attackers to steal an entire database and take control of the website and web server.
Which Sites Are At Risk?
According to (Adobe) Magento’s own advisory notice, this vulnerability affects sites using the open source or commercial version of the software, and the affected versions are 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.
It is still unknown exactly how many of Magento’s 300,000 customer sites are at risk from this vulnerability.
Fix
Magento has already released a new security update / patch fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution.
What Does This Mean For Your Business?
This story illustrates how important it is to make sure that all software should be kept up to date with the latest patches and fixes, particularly for example, a company e-commerce website where hackers could gain access to customer payment and other private data.
If you have a Magento e-commerce website the advice is to install patch PRODSECBUG-2198. Also, to protect against this vulnerability and others, customers should upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8. Magento recommends that customers install the patches as soon as possible.
Magento says that Cloud customers can upgrade ECE-Tools to version 2002.0.17 in order to get the vulnerability in core application patched automatically and that even though they have blocked any known ways to exploit vulnerability, they strongly recommend customers to either upgrade ECE-Tools or apply the patch through m2-hotfixes.
The full official advisory from Magento can be found here: https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update
After espionage chiefs from the ‘Five Eyes’ agreed last July that they would try to contain the global growth of Chinese telecom Huawei (over fears that it was spying for China), a new report from the Huawei Cybersecurity Evaluation Centre (HCSEC) says that the company is still not fixing previously identified security problems.
Summary – Bans, Detention, and Trump’s Trade War Efforts
Last summer saw US President Trump put China in his sights for a trade war, and with a climate of fear about possible Russian interference in US political affairs, you could be forgiven for thinking that it would have been relatively easy for Mr Trump to point the finger at China too, while implicating US tech giant Apple’s biggest competitor at the same time. In fact, after the ‘Five-Eyes’ (Australia, Canada, New Zealand, the U.K. and the U.S.) announced that Huawei could be spying for the Chinese state, the US, Australia and New Zealand banned Huawei Technologies Ltd from being a supplier for fifth-generation networks, and Japan banned Huawei from official contracts from December 2018.
Also, pressure was put on Deutsche Telekom, the majority owner of T-Mobile US, to stop using Huawei equipment, and Meng Wanzhou, the chief financial officer of Huawei, was detained in Vancouver at the request of U.S. authorities for allegedly violating US sanctions on Iran. China’s state-run media and some other commentators suggested (perhaps unsurprisingly) that Meng’s detention appeared to be politically or economically motivated.
Huawei Sues
Huawei has been left with no option but to sue the US government in a Texas court, and to claim the ban on the use of Huawei equipment by any US federal violates parts of the US Constitution.
Promised Transformation
Last November, in the face of mounting concerns and criticism, Huawei’s board of directors resolved to carry out a companywide transformation programme to the with a starting investment of US $2Bn, to enhance software engineering capabilities. The company also said it would work with UK operators and the NCSC to make sure that the implementation met required standards along the way.
New Report Says Old Problems Not Fixed
The new report by HCSEC claims that Huawei isn’t making any real, material progress on the problems identified in the 2018 report. HCSECs Oversight Board is still concerned about Huawei’s approach to software development, and the risk that it may pose to UK operators. The Board is also concerned about the security aspects of the Huawei equipment currently deployed in the UK.
Huawei is world’s top producer of telecoms equipment and No.3 maker of smartphones. However, BT for example, has been using Huawei systems as part of its network, but after security concerns were expressed last year, it has been removing Huawei systems from the core of the mobile network EE, which it purchased in 2016.
Loser Attitude?
Huawei has met recent criticism from the US by saying that it is simply the result of the US displaying a “loser attitude” because it can’t compete with Huawei’s success.
Spying Would Be Suicide
The chief legal officer of Huawei, Song Liuping, has pointed out that spying would be commercial “suicide” anyway for Huawei because more than 48% of its business comes from overseas markets.
Popular Products
It would be true to say that Huawei’s consumer products (i.e. phones) have proven to be very popular despite the accusations made against the company. Huawei has predicted that it could become the world’s biggest-selling smartphone vendor this year and that all three business groups – consumer, carrier and enterprise, are expected to post double-digit growth in 2019.
What Does This Mean For Your Business?
Many commentators acknowledge that there may be political and economic motivations behind some of the measures being taken against Huawei. The point that the ‘Five-Eyes’ have been trying to highlight is that possibly, Huawei’s products and network software could have backdoors built-in to them which could, in theory, allow covert surveillance or control, or destruction of phone networks (which are accessible via the internet). The fear is that those acting for the Chinese state could gain access to the data stored/routed through Huawei devices, telecoms equipment and software, and could even, perhaps, monitor the conversations on mobile phones. No evidence of this has been made public to date.
One thing that is hard to deny, however, is the popularity of Huawei’s consumer products. The company has now become the world’s biggest producer of telecoms equipment and has overtaken US giant Apple in terms of the number of handsets that it ships worldwide. UK stores are still stocking and selling its handsets, and the warnings of various governments look unlikely, for the time being, to make any major dent in that side of its business, although more outright bans from more countries (for a company that ships nearly half of its products overseas) could soon begin to hurt.
In an attempt to be more transparent and give more control to its users, Facebook is about to roll out a new “Why am I seeing this post?” tool, which will give users insights into their newsfeed algorithm.
Algorithm Explained
The new tool essentially goes some way to explaining how the algorithm that decides what appears where in a user’s Facebook newsfeed works. The tool will give a view of the inputs used by the social network to rank stories, photos and video, and in doing so will enable users to access the actions that they may want to take if they want to change what they see in their newsfeed.
How?
The new tool, which was developed using research groups in New York, Denver, Paris and Berlin, will show users the data that connects them to a certain type of post e.g. they may be friends with the poster, or they’ve liked a person’s posts more than others, they’ve frequently commented on that type of post before, or that the post has proved to be popular with users who have the same interests.
Although the tool will enable users to see how the key aspects of the algorithm work, in the interests of convenience, simplicity, speed and security, users will not be shown all the many thousands of inputs that influence the decision.
Additional Details
Facebook is also updating its existing “Why Am I Seeing this Ad?” feature with additional details such as explaining how ads work that target customers using email lists.
Newsfeed Strategy Shift
Early last year, Facebook changed its newsfeed strategy so that posts from family and friends were given greater priority, and non-advertising content from publishers and brands was downgraded.
Bad Times
Facebook’s reputation has reached several low points in recent times in matters relating to the data security and privacy of its users, and how the company has responded to calls for it to clean up content such as hate speech, certain types of video, and political messages from other states.
Most famously, Facebook was fined £500,000 for data breaches relating to the harvesting of the personal details of 87 million Facebook users without their explicit consent, and the sharing of that personal data with London-based political Consulting Firm Cambridge Analytica, which is alleged to have used that data to target political messages and advertising in the last US presidential election campaign. Also, harvested Facebook user data was shared with Aggregate IQ, a Data Company which worked with the ‘Vote Leave’ campaign in the run-up to the Brexit Referendum.
In September last year, Facebook engineers discovered that hackers had used a vulnerability in Facebook’s “View As” feature to compromise an estimated 50 million user accounts.
Additionally, last February the governor of New York, Andrew Cuomo, ordered an investigation into reports that Facebook Inc may have been using apps on users’ smartphones to collect personal information about them.
What Does This Mean For Your Business?
After a series of high profile privacy scandals, Facebook has been making efforts to regain the trust of its users, not just out of a sense of responsibility, but to protect its brand and pave the way for the roll-out a single messaging service which combines Facebook messenger, WhatsApp and Instagram that could make Facebook even more central to users’ communications. Facebook bought Instagram as a way to retain users who were moving away from Facebook, but these users jumped straight onto WhatsApp. This new service will be a way for Facebook to join all these pieces together, make the best use of what it has, and maximise the value and appeal to users.
The new “Why am I seeing this post?” tool does sound as though it will cover both bases of giving users more control and improving transparency, and it is one of many things that Facebook has been trying to do (and to be seen to do) in order to make the headlines for the right reasons. Other measures have included announcing the introduction of new rules for political ad transparency in the UK, working with London-based fact-checking charity ‘Full Fact’ to review stories, images and videos, in an attempt to tackle misinformation, and even developing its own secure blockchain-based cryptocurrency that will enable its users to have a PayPal-like experience when purchasing advertised products, as well as providing authentication and an audit trail.
Facebook boss Mark Zuckerberg has also recently written an opinion piece in the Washington Post offering proposals to address the issues of harmful content, election protection, privacy and data protection, and data portability in his own platform and the wider social media and Internet environment.
Next week will see the introduction of automatic compensation, without having to ask, for customers of BT, Sky, TalkTalk, Virgin Media and Zen Internet who experience delayed repairs, installations or missed engineer appointments.
More To Follow
PlusNet has also committed to the scheme but hasn’t provided a timescale while Hyperopic and Vodafone will begin automatic compensation later this year, and EE is likely to start paying compensation automatically in 2020.
Finally Agreed Last December
Initially announced by Ofcom back in November 2017 following a review and intervention in the broadband market, the voluntary agreement, which will only apply if a fault takes longer than two days to fix, was reached between Openreach and the five UK service providers last December.
The Scale of Broadband Problems
Ofcom figures show that there are a staggering 7.2 million cases of broadband or landline customers suffering delayed repairs, installations or missed appointments per year and before this scheme only 1 in 7 customers received compensation. Those few who did receive the compensation had to ask for it rather than it being automatically paid, as is the big change with the new agreement.
How Much?
The new agreement (which was reached after more than 6 months of negotiations and which is subject to a 12-month review of Cancelled Provisions) should mean that £8 compensation per-day can be paid, with £25 compensation if an engineer does not arrive on schedule or cancels within 24 hours, and an offer of £5-per-day can be made for new services not starting on time.
Customers whose providers are not in the scheme can choose to switch to a new provider if they are unhappy with their current service.
Fastest Way?
Ofcom’s answer to the questions about why there are no formal regulations for automatic compensation and why this is still a voluntary agreement is that it has proved to be the quickest way to get a commitment from the largest companies and to get some kind of scheme up and running for 95% of households.
Openreach – Given Own Quality Standards
Openreach (who many blame for the origin of many broadband problems because of their responsibility for the physical infrastructure in the UK over many years) has been set its own set of tough Quality of Service (QoS) standards by Ofcom. However, Openreach’s position of not paying out for force-majeure events, and Ofcom expecting retail ISPs to cover those costs themselves has led to some ISPs perhaps feeling that they will still end up paying for Openreach’s failures.
What Does This Mean For Your Business?
For businesses, a fast and reliable broadband connection is vital to operate and compete effectively in today’s marketplace. Problems with broadband services can be very costly and frustrating for businesses, and many businesses feel that they shouldn’t have to fight for compensation on top of the problems caused by poor broadband services and that current levels of compensation are too low, and don’t come close to reflecting the harm caused. Automatic compensation at higher levels is, therefore, welcome news, but many businesses may still think that the amounts on offer are unlikely to cover the disruption and problems caused after several days of broadband problems.
The new automatic compensation scheme will still be good news for small businesses because one-third of small and medium-sized enterprises (SMEs) choose residential landline and broadband services, and around half (49%) of SMEs don’t know if they’re entitled to compensation when service falls short (Ofcom figures).
It is also reassuring to know that the main providers are on board with the scheme and that Ofcom plans to monitor its implementation, review it after one year, and step in if it’s not working well enough for customers.
The ‘Noted’ app is a fully-integrated audio recording and note-taking app that can help you to keep track of meetings, interviews, lectures and more. The app records audio, while also allowing you to type out notes which have rich text and image support. These notes are automatically time-stamped with easily searchable “time tags”, and the recordings + accompanying notes can be synced through iCloud, organized into notebooks, and quickly searched through.
The basic Noted app free tier has core functionality and allows you to save five recordings. Premium plans e.g. Noted+ allow for more recordings + offer other features such as removing unwanted background noise and enhancing recordings for clearer playback and exporting notes to PDF.
The Noted app is available for Mac, iPhone/iPad, and now the Apple watch so you can capture spontaneous conversations.
To get Noted, go to the Mac Apple Store (itunes.apple.com) and download the basic version for free. In-app upgrades can be purchased if you require more recordings and functionality. More details about an Android offering coming soon.
Facebook is reported to be developing its own blockchain-based cryptocurrency that will enable its users to have a PayPal-like experience when purchasing advertised products, as well as providing authentication and an audit trail.
What Is Blockchain?
Blockchain’s Co-Founder Nic Carey describes blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”. Blockchain is the open-source, free technology behind crypto-currencies (like Bitcoin) and is an incorruptible peer-to-peer network / a kind of ledger that allows multiple parties to transfer value in a secure and transparent way.
Facebook’s Cryptocurrency
Exact details of Facebook’s reported move into a blockchain-powered cryptocurrency of its own are scarce and varied, but some commentators believe that Facebook’s own digital ‘coins’ could be sold to users of its WhatsApp messaging platform so that they can send money to contacts. Many believe that Facebook is likely to be looking at using a stable coin network to back it. This requires operators to keep collateral in a bank so that if $1 billion in digital coins is issued, the same amount must be available in deposit or reserve.
Could Increase Revenue
The fact that its own blockchain-based currency would use distributed ledger technology (DLT) could cut out the need for central bank involvement (for payment processing), and dramatically reduce the time and fees associated with payment, clearance and settlement, thereby making big savings and large amounts of revenue. This is likely to be the reason why a report from CBNC highlighted a note to Barclays investors from Barclays internet analyst Ross Sandler which said a “Facebook Coin” could bring in as much as $19 billion in revenue to Facebook by 2021.
Enabling users to use Facebook’s own digital ‘coin’ would, for example, make it easier and faster for advertisers on its platform to pay using one click, and would reduce the number of drop-offs that the platform experiences due to the difficulty that mobile users sometimes have when trying to type in their card details.
J.P. Morgan Coin Launch
U.S. mega-bank J.P. Morgan launched its own blockchain-based digital coin, the ‘JPM Coin’ in February with an equivalent value of 1 US dollar. This currency allows the almost instant transfer and redeeming of funds between institutional accounts, thereby saving time and money while retaining security and transparency.
IBM Too
IBM has also launched a blockchain-backed stable ‘coin’ for international money transfers and has been in discussion with two big US banks with a view to issuing a stable coin for use on its World Wire network. With this coin running on blockchain it is estimated that IBM could see a huge reduction in overall transfer costs and could see 10% and 20% savings in operational liquidity management.
The overall advantages for IBM of having its own blockchain-backed stable digital coin include trust through increased transparency and immutable transaction history, simplicity from the decreased need for intermediaries thanks to a shared distributed ledger system, and the efficiency provided by near real-time remittance and easy consensus between stakeholders
Challenges
There are still many challenges in the widespread use of blockchain-based currencies and their management, including:
What Does This Mean For Your Business?
With more big names developing their own blockchain-based digital coins, banks and businesses are more likely to see for themselves the savings and the revenue that can be made from them, and this may lead to many of the major challenges being tackled, and more belief in and adoption of securely backed digital currencies. Greater uptake and investment in reducing the barriers to the wider use of such currencies could benefit the wider business community, for example making it easier and faster to buy-in and pay for goods and services, transfer funds and receive funds and payments, especially across borders.
Blockchain is already finding multiple uses beyond just currencies and is particularly useful where things like transparency of a specific delivery chain and provenance of products are needed, thanks the incorruptible nature of the technology.
The European Parliament has given its backing to new copyright rules, including the controversial Article 13, (opposed by many big tech companies) which could now change the way that Europe’s creative and digital industries work.
European Parliament Vote
The new copyright rules are encapsulated in the EU Copyright Directive which, having gone through many revisions was finally backed by 348 MEPs, with 278 voting against it. It will now be up to EU member states (likely to soon exclude the UK) to approve the EP’s decision and if so, member states will still have two years to implement it.
Article 11 and Article 13
Most of the opposition and argument around the EU Copyright Directive relate to article 11 and 13.
Article 11 states that search engines and news aggregate platforms should pay to use links from news websites.
Article 13 applies to services that have been available in the EU for more than three years or have an annual turnover of more than £8.8m. Article 13 shifts the burden of responsibility so that big tech companies rather than users will have to bear the responsibility for ANY content that is posted on their platforms that doesn’t have a copyright licence e.g. television programmes, movies, and music, and may even cover YouTube, Dailymotion, Soundcloud and more. So far, the main worry has been about music but this new change in the law has widened the scope. The new directive says that tech companies will need to make “best efforts” to get permission from the copyright holder, make sure that material specified by rights holders is not made available, and act quickly to remove any infringing material.
Objections
The main objections that have been voiced about the Directive, and particularly these two sections are that:
Redresses Balance
EU lawmakers say that the Directive was intended to protect the livelihoods of those artists, musicians and others whose work is copyrighted so they can get paid because that work has been shared widely in the past without its creators being properly paid.
Exemptions
Exemptions to the directive include:
What Does This Mean For Your Business?
For ordinary web users, this new change in European laws means that they can upload videos and music to platforms like YouTube without being held liable for copyright. For journalist and creatives, this law change also looks on the surface to be good news because it means that they may be properly remunerated by big companies, thereby redressing the power balance.
For businesses that have an online platform and/or need to share links and content, this law change could increase costs, increase risks (vulnerability to fines etc), and could make things a lot more complicated e.g. with the need to add filters and checks to any content and link sharing.
A Freedom of Information request has revealed that with a little under a week to go to the deadline for registration, more than 1 million UK VAT-Registered Companies have still not signed up to HMRC’s Making Tax Digital (MTD) programme.
MTD
HMRC’s MTD was announced back in 2015 and requires VAT registered UK companies to keep digital records and file quarterly reports with the taxman. The first phase of the programme, MTD for VAT, is rolling out on 1st April, with the first digital quarterly VAT returns due to be submitted by 7th August.
MTD offers businesses the chance to move to an easier, more convenient, full cloud accounting solution rather than their own (often spreadsheet-based) legacy systems. For HMRC, having everything digitalised should allow them to save costs, time and resources, improve accuracy, and get revenue more quickly. HMRC says that the MTD programme should “make it easier for individuals and businesses to get their tax right and keep on top of their affairs.”
Other Taxes – Not Digital Submission Until 2020
The UK announced in July 2017 that more time would be needed before an MTD-style programme could be mandated for taxes other than VAT until at least April 2020.
Also, the government announced earlier this year that because it is focusing on support for businesses in the transition to MTD it will not be mandating Making Tax Digital for any new taxes or businesses in 2020.
FoI Request
The FoI request that revealed how many businesses still hadn’t registered for MTD was submitted by Float, a cashflow forecasting software company. The information in response to the FoI request showed that as of 18th March 2109 only 55,520 businesses were registered with the scheme. HMRC has since said that 70,000 business have now registered, which means that companies are registering at a rate of around 3,000 per day.
Criticism
HMRC has been criticised for not contacting many companies about the changes. For example, it was revealed that as recently as last November, only 40% of companies had heard about the new programme.
What Does This Mean For Your Business?
2018 to 2019 has been a challenging year for businesses with the preparations and introduction first of GDPR, followed by the uncertainty surrounding Brexit overshadowing many other issues. It may be true to say that many businesses are reactive and are busy just keeping on top of business most of the time and in a situation like this where the communication from HMRC about MTD has been poor, it’s not surprising that many businesses have still not registered. It may also be fair to say that many accountancy firms haven’t been as proactive as they could have been in informing their customers about MTD and its deadlines.
The introduction of MTD will undoubtedly require work and time in getting figures into a new and unfamiliar digital platform, but if it makes it easier for companies to stay on top of their tax affairs into the future, this will be a good thing, not least for the exchequer.