Software

Experts Recommend Security Update For Magento E-commerce Sites

Posted on by Andy Miller

Security experts are warning companies with a Magento e-commerce site to make sure that it has the latest security patch and updates in order to avoid the risk of card skimming attacks.

Magento

Magento, originally developed by Varien Inc (now owned by Adobe) is a leading open-source, enterprise-class e-commerce platform written in PHP.

Security concerns about unpatched Magento e-commerce stores have been raised in the past e.g. in 2015 and 2016, with their possible susceptibility to a cross-site scripting attack, and in 2017 Magento CE web stores possibly being susceptible to Remote Code Execution attacks (skimming) and possibly having the database and server taken over.

Latest Vulnerability

The (SQL) injection vulnerability in pre-2.3.1 Magento code means that attackers would not need to be authenticated on the site and would have a level of privilege to be able to e.g. carry out a card skimming attack and could even launch automated attacks (because authentication isn’t needed).

For example, security expert Marc-Alexandre Montpas, a researcher at security firm Sucuri, has warned that this vulnerability is potentially so dangerous because of the number of active installs, the ease of exploitation, and the effects of a successful attack.

This kind of (SQL) injection vulnerability could even enable attackers to steal an entire database and take control of the website and web server.

Which Sites Are At Risk?

According to (Adobe) Magento’s own advisory notice, this vulnerability affects sites using the open source or commercial version of the software, and the affected versions are 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.

It is still unknown exactly how many of Magento’s 300,000 customer sites are at risk from this vulnerability.

Fix

Magento has already released a new security update / patch fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution.

What Does This Mean For Your Business?

This story illustrates how important it is to make sure that all software should be kept up to date with the latest patches and fixes, particularly for example, a company e-commerce website where hackers could gain access to customer payment and other private data.

If you have a Magento e-commerce website the advice is to install patch PRODSECBUG-2198. Also, to protect against this vulnerability and others, customers should upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8. Magento recommends that customers install the patches as soon as possible.

Magento says that Cloud customers can upgrade ECE-Tools to version 2002.0.17 in order to get the vulnerability in core application patched automatically and that even though they have blocked any known ways to exploit vulnerability, they strongly recommend customers to either upgrade ECE-Tools or apply the patch through m2-hotfixes.

The full official advisory from Magento can be found here: https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update

Emails To Become More Dynamic With Google’s AMP For Email

Posted on by Andy Miller

Google has launched ‘AMP For Email’ which will make emails more dynamic and more like web page experiences as interaction can take place within the email itself rather than including links that send recipients to a web page for the interaction.

Announced For Gmail Last Year

Accelerated Mobile Pages are something that Google has been testing over many years, firstly with a view to helping publishers, and then with a view to including it in its Gmail platform. Google first announced in February 2018 that it would be bringing AMP to Gmail.

At the time, companies like Booking.com and Doodle were using the open spec version of AMP to develop new experiences in emails for their users. According to Google, other companies have also been sending out AMP emails for some time now, including Despegar, Doodle,  Ecwid, Freshworks, Nexxt, OYO Rooms, Pinterest and redBus.

In addition to Gmail, other major email services that now support AMP emails include Yahoo Mail, Outlook and Mail.ru.

Accelerated Mobile Pages 

Accelerated Mobile Pages emails work using a new mark-up and infrastructure that enables the inclusion of interactive elements within the email itself e.g. carousels, forms/questionnaires, lists, and the ability to submit an RSVP to an event or schedule an appointment.  AMP messages also include standard HTML mark-up, thereby providing a fallback for email clients that don’t support AMP.

What Can You Do With AMP?

The big advantages provided by Accelerated Mobile Pages in emails are that:

  • They no longer require you to send out static emails with links in them in order to get recipients to interact and take action.  Instead, the interactive elements and actions are included within the email itself. Recipients can, therefore, respond and interact without leaving their email client e.g. by filling out a questionnaire, browsing through a store’s inventory or responding to a comment.
  • They offer the chance to provide users with a much more engaging and dynamic web page-like experience.
  • AMP emails stay up to date whereas static emails with links go out of date.
  • Marketers can get results more quickly and may get a better response rate because many things can be presented and achieved in one step.

What Does This Mean For Your Business?

The many high profile social and email platforms and other companies that are already supporting and using AMP emails indicate that their introduction is an important communications and marketing development that is likely to raise the bar in terms of what is possible with an email and in customer expectations of emails.

AMP emails give businesses the chance to communicate with customers in a way that stands out, can provide a more engaging and interactive experience, strengthen branding, and get results more quickly.  With AMPs included with Gmail, this could translate into more effective email marketing for businesses everywhere and could particularly benefit SME marketing.

Microsoft And Adobe Team Up To Fight Salesforce

Posted on by Andy Miller

Microsoft and Adobe are teaming up to make it easier for users of Adobe’s marketing software to find and target potential customers for business goods on Microsoft’s LinkedIn, thereby fighting their common competitor Salesforce.com Inc.

What Is Salesforce?

Salesforce is a market leading American cloud-based CRM platform. The company’s 2018 revenue was $10.5 billion, most of which came from sales of the CRM platform itself although the company also makes a lot of its revenue from selling other applications that work with the platform.

Adobe

California-based multinational Adobe Inc. became most widely known for products like Photoshop, but the company has more recently turned its attention to making the software used for business marketing campaigns e.g. Adobe Experience Cloud and Advertising Cloud Creative. The recent acquisition of leading marketing automation platform Marketo by Adobe for nearly $5 billion has meant that there has been a coming-together of Adobe Experience Cloud’s content personalisation capabilities and Marketo’s lead engagement and account-based marketing. This has enabled Adobe to work better at combining data and personalisation in its products, thereby giving it some more of the pieces that it needed to challenge big marketing automation players such as Oracle and Salesforce.

Microsoft

Microsoft is known, of course, for its Window OS and Office suite, but it also has Dynamics 365 which is software that allows salespeople to track deals. One major and vital asset that it can bring together with Adobe to tackle Salesforce is the LinkedIn platform, which Microsoft acquired in 2016 for $26 billion.  This platform is used as a valuable tool by business-to-business marketers to generate new business and is a very powerful and tempting asset to have access to for any company that is seriously looking to become a major contender in the marketing automation market.

Combined

Market analysts have noted that the combined effort of Adobe and Microsoft will essentially mean that it will be much easier for users of Adobe’s marketing software to find and target teams of potential customers for business goods via LinkedIn. The integration of Adobe and Microsoft will allow them to fill in the gaps that either company had in making marketing content (via Adobe) and being able to target large numbers of B2B prospects (via Microsoft’s LinkedIn), thereby enabling them to bring a much broader offering to market against Salesforce.

What Does This Mean For Your Business?

If you’re a business-to-business marketer the synergy and broad scope offered by the joining of these two companies could provide a level of value and potential leverage that surpasses that of the current market leader, Salesforce.  The move looks set to cause a serious stir in the marketing automation market and could prove lucrative for Microsoft and Adobe, as well as providing new knowledge insights and opportunities to both companies that could shape further product developments.

$35 Billion Takeover of Worldpay Boosts Value of Euro Payments Tech Companies

Posted on by Andy Miller

The recent £35 billion takeover of Worldpay by US company FIS has boosted the share value of other European payments technology companies including Worldline, Ingenico and Wirecard.

Worldpay

Worldpay, formerly known as Streamline, was set up as a subsidiary of NatWest bank back in 1989.  It was then bought by RBS in 2002 and re-christened ‘RBS Worldpay’.  Unfortunately for RBS, EU state aid rules meant that Worldpay had to be sold for £2 billion back in 2010 to Advent International and Bain Capital, although RBS Group still retained a 20% stake in the newly independent business.

Worldpay was able to become a big player in payment processing after several moves including buying UK credit and debit processing company Cardsave, launching a mobile card processing terminal which connects to smartphones (Worldpay Zinc), and acquiring SecureNet Payment Systems from Sterling Partners.

Worldpay was listed on the London Stock Exchange until 16 January 2018 after which it was acquired by Vantiv to form Worldpay, Inc.

Worldpay processes 40+ billion payments per year across 146 countries, in 126 currencies.

Largest Ever Deal

The £35 billion takeover of Worldpay by US-based FIS is the largest ever deal in the electronic payments industry and has created a consolidated company with combined revenues of over $12 billion.

Shares Boost

Following the announcement of the takeover, not only were shares in Worldpay up by 13% at one point, but the deal prompted a boost in the value of other payment technology companies. For example, Worldline share value was up 3.1%, and software company Atos, which owns half of Worldline was up 1.2%. The share values of Ingenico (based in France) and Wirecard (based in Germany) also received boosts with the takeover news.

FIS Says

FIS chairman and chief executive Gary Norcross said that the two companies would “combine forces to offer a customer-driven combination of scale, global presence and the industry’s broadest range of global financial solutions”.

What Does This Mean For Your Business?

Market analysts have noted that this acquisition is the latest move in consolidation in the financial software and payments technology sectors where key existing companies are trying to increase their scale in order to compete with new entrants to a market where scale appears to be a necessary requirement to win at payments processing. The deal should also provide new business opportunities for both FIS and Worldpay.

Some commentators have noted the obvious compatibility of the two companies, and the hope is that deal may mean that businesses will have access to a wider portfolio of services that Worldpay can now provide.

Microsoft Tests ‘Sandbox’ Safe Browsing Extension For Chrome & Firefox

Posted on by Andy Miller

Microsoft is testing an in-browser ‘sandbox’ security extension for Chrome and Firefox that lets users access untrusted pages, safely.

Windows Defender Application Guard

The new browser extension, Windows Defender Application Guard, is already part of Microsoft’s Edge browser and will be rolled out as part of the next Windows 10 update ‘April 2019’ or 19H1 in the Spring.  It is currently being tested among Windows Insiders and will be available to Windows 10 Pro or Enterprise users when it goes live.

How Do You Use It?

When installed, users see a Windows Defender Application Guard landing page when they open their Chrome or Firefox browser. When the Firefox or Chrome user tries to access an untrusted web page / non-whitelisted URL, the new extension will work by loading a special isolated Edge tab (Windows Defender Application Guard page), not a tab in Firefox or Chrome. The sandbox page can also be initiated by the user at any time by toggling a switch in the menu settings.

Enterprise-Wide

Once the extension has been established by an enterprise network administrator it can be applied on devices across an entire company and configured by network isolation or application.  The enterprise administrator defines which web sites, cloud resources, and internal networks can be trusted, and everything that is not on this list is, therefore, considered untrusted.  In this way, it can isolate enterprise-defined untrusted sites eliminating any risk of opening potentially malicious apps on a work machine and protecting the company while employees browse the Internet.  With Windows Defender Application Guard there is less need to operate a fully-fledged virtual machine.

Why?

The new extension is part of a broader move by Microsoft to provide more convenient and secure features for its Enterprise and Pro users.

Types of Devices

The Windows Defender Application Guard was designed by Microsoft to work on enterprise desktops domain-joined and managed by the organisation, enterprise mobile laptops and BYOD mobile laptops, as well as personal devices that are not domain-joined or managed by an organisation.

What Does This Mean For Your Business?

This new extension of an existing Microsoft Edge security feature to Chrome and Firefox browser users gives enterprise admins greater and wider control to protect the organisation from threats to its network and systems that may be invited by employees who happen to browse untrusted websites. The extension is also a value-adding addition to a growing suite of features that are designed to help keep and attract valued enterprise customers.

Robot Programmed to Carry Out Unbiased Job Interviews

Posted on by Andy Miller

TNG and Furhat Robotics in Sweden have developed a social, unbiased recruitment robot called “Tengai” that can be used to conduct job interviews with human candidates.

Existing Robot, Modified

The robot, ‘Furhat’, was developed several years ago by Stockholm based start-up Furhat Robotics. The Furhat robot, which looks like an internally projected human face on a white head sitting on top of a speaker (with camera and microphone built-in) is made with pre-built expressions and gestures as part of a pre-loaded OS which can be further customized to fit any character.

In conjunction with Swedish recruitment company TNG, the Furhat robot was modified by developing and adding a software HR-tech application to Furhat’s OS, and the recruitment version of Furhat has been named “Tengai”.

Talks, Listens and Transcribes

In a typical interview, the Tengai recruitment robot firstly shares information in a dialogue form about the interview and how it will be conducted.  It can then ask questions and understand what a candidate is saying, regardless of the number of words and sentences used.  During the interview Tengai record candidates’ speech, which it converts into text in real time.

The HR-tech application software that Tengai uses means that it can conduct situation and skill-based interviews in a way that is as close as possible to a human interviewer. This includes using “hum”, nodding its head, and asking follow-up questions.

Although the robot is currently only able to use the Swedish language, an English-speaking version is likely to be available by the end of 2019 / beginning of 2020.

Most Useful at The Beginning of the Process

The recruitment robot is designed to be used at the beginning of the candidate selection process where it can help by being very objective and skill-focused in order to find the competencies in candidates that are needed for the job.

Unbiased

According to TNG, one of the big advantages of the Tengai recruitment robot is that it is unbiased in its assessment of candidates.  For example, Tengai only records candidates’ speech and converts this into text in real time. The robot does not consider any other variables such as a person’s accent or the pitch of their voice, their looks or gender, and Tengai is not given any information about any candidate other than their name and email address.

Also, Tengai asks questions in the same way, in the same tone and typically in the same order for each candidate, thereby making it fairer and more objective.

Creepy or Not?

TNG conducted 80 interviews to find out about peoples’ perceptions of the robot.  TNG reports that most were surprised by how ’natural’ it felt talking to the robot, which is adept at social codes.

What Does This Mean For Your Business?

It is vital that businesses can find and recruit the best possible candidate for a role. The big advantage of this kind of robot is that it can be very effective in the first part of the candidate selection process because it is very objective and skill-focused. An in-depth assessment by an experienced recruiter can then be used later on with the candidates that the robot has shortlisted in order to get the necessary detail and personalisation, giving a complete picture of a candidate’s suitability for a position.

Using an unbiased, objective and structured robot like Tengai can mean that recruiters/employers can shift the subjectivity further along the process where it is less damaging. Also, a robot interviewer can mean that more candidates can be invited to participate in the early stages of recruitment drive, allowing for greater diversity by ensuring a better and broader selection of talents. This can give a business a better chance of finding the right person to fit the role available.

New Smart App Converts Your Sketches Into To Works Of Art In Seconds

Posted on by Andy Miller

A new smart drawing app that uses deep learning can convert simple sketches and doodles into photo-realistic landscape artworks in the style of famous artists.

GauGAN

The “GauGAN” app from Nvidia, which is a play on the name of French post-Impressionist painter Paul Gauguin, is described as a “smart paintbrush” that works through the interplay of two generative adversarial networks, a generator and a discriminator, powered by deep learning.

How Does It Work?

When running the app, users can draw a simple sketch/doodle outline of a landscape in an on-screen grid/segmentation map. Users can label each segment (e.g. with sea, sky, trees etc). Using its deep learning training on a million images, GauGAN can then fill in labelled areas with photo-realistic images to create detailed artworks.

In creating the pictures, the generator network of GauGAN creates images that it presents to the discriminator. The discriminator, which is that part that has been trained on the one million real images coaches the generator with pixel-by-pixel feedback on how to improve the realism of its synthetic images, thereby enabling GauGAN to arrive at a stunning final image.

Not Just Landscapes

GauGAN can also add features such as buildings roads and people, as well as style filters.  Some filters enable users to produce an original artwork in the style of a famous artist or change the lighting of an artwork e.g. from day to night.

Like A Colouring Book Picture…

Nvidia’s blog describes it as being “like a colouring book picture that describes where a tree is, where the sun is, where the sky is,” and then “the neural network is able to fill in all of the detail and texture, and the reflections, shadows and colours, based on what it has learned about real images”.

What Does This Mean For Your Business?

The GauGAN app is a tool that can offer time and cost-saving benefits, and new creative benefits to those who need to create virtual worlds as part of their work e.g. games developers, architects, urban planners and landscape designers.  The app offers them the chance to generate better prototype ideas and make rapid changes to synthetic scenes. This could prove to be an effective and time-saving tool when it comes to taking simple brainstormed ideas to the more detailed stage quickly.

The GauGAN app may also prove to be an interesting new, experimental tool for artists and graphic designers.

Chatbot Supports Students

Posted on by Andy Miller

Lancaster University has announced that it has launched a chatbot “companion” for students which allows them to ask almost any question about their university experience, from student life, and welfare, to academic studies and more.

Ask L.U.

The chatbot service, called ‘Ask L.U.’, was built on Amazon Web Services (voice) and delivers a voice interface that interacts with users.

The chatbot companion was designed and built by Lancaster University’s Information Systems Services (ISS) and enhances the existing iLancaster mobile app with a range of student-focused voice services.

The chatbot project also includes special facilities for disabled students, developed in conjunction with the University’s Disability Service.

Asked Students

In order to make the chatbot as relevant as possible to students, the University’s developers surveyed Lancaster University students to gauge which questions they were most likely to ask. From this information, they were able to compile a list of more than 300 queries that could be divided into categories such as learning & teaching and campus activities & social.  All of these could then be put to Ask L.U.

Access

The chatbot can be accessed via the iLancaster App on mobile phones and tablets, or by asking “Alexa, Ask L.U.” on any Amazon Echo device.  Amazon Cognito is used to authenticate user data via the Echo providing a completely personalised experience.

Whole Suite of AWS Used

The Chatbot project uses the whole suite of AWS services, including AWS Cloudwatch, AWS Virtual Private Cloud and AWS ElasticSearch.  The natural speech is provided by Amazon Lex and Amazon Alexa.

Fast and Convenient

The chatbot companion is intended to enable students to get information in a fast, easy and convenient way, and delivering information via voice activation fits in well with the packed academic and social lives of students.

Chatbots

Chatbots are now used by many organisations, in conjunction with AI, to help deal with common enquiries, to save costs and resources, to free-up time for human staff to work on other aspects of the business, and to enable businesses to offer 24-hour customer service.

There has been criticism of bots where transparency is lacking and where they may possibly lead users to believe that they are talking to a human.  This is why the state of California passed laws to make AI bots ‘introduce themselves’ (i.e. identify themselves as bots).

What Does This Mean For Your Business?

Many of us are now used to encountering chatbots on websites and voice-activated digital assistants, and this innovative new chatbot from Lancaster University shows how these new technologies can be put together in a value-adding and easy to access way, and in a way that is compatible with its target market.  It may also enable the university to save time and money, and free up valuable resources, and offer 24/7 help to student users.

Bearing in mind that it has been made at a University, it is also a good way of showcasing the technology skills of the university, and the voice activation aspect means that it has been built with an eye on the future.

This kind of chatbot could also have applications in many other businesses, organisations, venues, events, and experiences, and could help improve and support services where there are large numbers of users whose experiences could be enhanced by being able to get on-the-spot spoken answers to popular questions.

New, Free Windows 10 Microsoft Office App Launched

Posted on by Andy Miller

Microsoft has announced the launch of its new “Office” app for Windows 10 which is an update to the former My Office app, will come preinstalled on Windows 10 machines and will provide access to an online version of Office for those who don’t have a subscription for Office 365.

Simply “Office”

The new, free app simply named “Office” can be used with ‘almost’ any version of Microsoft Office means that those who do have a 365 subscription and have Microsoft’s apps installed on their device can open Office from the Office app, and those who don’t have a subscription will be automatically directed to the online version.  Like Google Drive, this online version features the user’s recent documents on the home screen, which is in keeping with the idea that users should be able to find what they want quickly. Users can also share files with each other and can find content relevant to them but created by colleagues within their organisation.

Features

The new app includes helpful features such as tutorials and tricks for Microsoft’s apps and services, and users can see every Office app available to them by clicking on “Explore all your apps”.

Office also allows customisation so that businesses can brand it. Users also have access to third-party apps and Microsoft Search.

When and How?

Microsoft says that the Office app will become available to users on a rolling basis over the next few weeks and that it will be installed automatically as an update to the MyOffice app, which comes pre-installed as part of Windows.

You can search for “Office” in the search bar of the Windows start menu to open the app. The new app can also be downloaded from the Microsoft Store if needed.

Users can sign in to the app with their work, school, or free personal Microsoft Account to get started.

The Office app should work with any Office 365 subscription, Office 2019, Office 2016, and Office Online (the free web-based version of Office).

What Does This Mean For Your Business?

Launching this Office app is a way of Microsoft being able to publicise, raise awareness about, and get more people using its free online versions of Office.

The app, which also allows Microsoft to compete with its rival Google Drive, should be quite appealing to business users thanks to features such as the ability to customise and brand it, the fact that it allows access third-party apps using AAD through the Office app, and the Microsoft Search feature that works across the organisation in addition to the user’s own apps and documents.

Having a free Office app that’s available without the need for an Office 365 subscription will also help address the problem of a mistaken assumption from many people that Office simply comes as part of Windows.

New York’s Governor Orders Investigation Into Facebook Over App Concerns

Posted on by Andy Miller

The Governor of New York, Andrew Cuomo, has ordered an investigation into reports that Facebook Inc may be using apps on users’ smartphones to collect personal information about them.

Alerted By Wall Street Journal

The Wall Street Journal prompted the Governor to order New York’s Department of State and Department of Financial Services (DFS) to investigate Facebook when the paper reported that Facebook may have more access than it should to data from certain apps, sometimes even when a person isn’t even signed in to Facebook.

Health Data

It has been reported that the kind of data that some apps allegedly share with Facebook includes health-related information such as weight, blood pressure and ovulation status.

The alleged sharing of this kind of sensitive and personal data, whether or not a person is logged-in Facebook, prompted Governor Cuomo to call such practice an “outrageous abuse of privacy.”

Defence

Facebook’s defence against these allegations, which appears to have prompted a short-lived but noticeable fall in Facebook’s share value, was to point out that WSJ’s report focused on how other apps use people’s data to create ads.

Facebook added that it requires other app developers to be clear with their users about the information they are sharing with Facebook and that it prohibits app developers from sending sensitive data to Facebook.

The social media giant also stressed that it tries to detect and remove any data that should not be shared with it.

Lawsuits Pending

This appears to be just one of several legal fronts where Facebook will need to defend itself.  For example, Facebook is still facing a U.S. Federal Trade Commission investigation into the alleged inappropriate sharing of information belonging to 87 million Facebook users with now-defunct political consulting firm Cambridge Analytica.

Apple Also Accused By Governor Over FaceTime Bug

New York’s Governor Cuomo and New York Attorney General Letitia James have also announced an investigation into Apple Inc’s alleged failure to warn customers about a bug in its FaceTime app that could inadvertently allow eavesdropping as iPhones users were able to listen to conversations of others who have not yet accepted a video call.

DFS Involvement

The Department of Financial Services (DFS), which is one of the two agencies that have been ordered to investigate this latest Facebook app sharing matter has only recently begun to get more involved in digital matters, particularly by producing the country’s first cybersecurity rules governing state-regulated financial institutions such as banks, insurers and credit monitors.

Some commentators have expressed concern, however, about the DFS saying last month that DFS life insurers could use social media posts in underwriting their policies, on the condition that they did not discriminate based on race, colour, national origin, sexual orientation or other protected classes.

What Does This Mean For Your Business?

You could be forgiven for thinking that after the scandal over Facebook’s unauthorised sharing of the personal details of 87 million users with Cambridge Analytica, that Facebook may have learned its lesson about the sharing of personal data and may have tried harder to uncover and plug any loopholes that could allow this to happen. The tech giant still has several lawsuits and regulatory inquiries over privacy issues pending, and this latest revelation about the sharing very personal health information certainly won’t help its cause. Clearly, as the involvement of the FDS shows, there needs to be more oversight of (and investigation into) apps that share their data with Facebook, and possibly the need for more legislation and regulation of the smart app / smart tech ecosystem.

There are ways to stop Facebook from sharing your data with other apps via your phone settings and by disabling Facebook’s data sharing platform.  You can find instructions here: https://www.techbout.com/stop-facebook-from-sharing-your-personal-data-with-other-apps-37307/