Software

Tech Tip – How To Send Large Files For Free

Posted on by Andy Miller

If you need to send a file online, but that file is too big to send by email, there are several simple, effective and secure alternatives.  Here are some suggestions:

– Use file compression to shrink the file size anyway before sending/transferring. For example, try RAR compression instead of ZIP.  Open source 7-Zip provides effective file compression.

– Upload your file to a cloud-based storage service and share / retrieve from there.  For example, Google Drive (offers up to 15GB of free storage), Dropbox (offers 2GB of free storage space and a variety of sharing options.), Microsoft’s OneDrive (offers 5 gigabytes of free storage), MediaFire (offers 50GB of free storage + simple sharing tools).

– Use a free file transfer service e.g. WeTransfer where you can send files up to 2GB without needing to register, or use free FTP software e.g. Cyberduck, FileZilla, or Chrome’s sFTP Client extension.

Apple’s Video-Calling ‘Eavesdropping’ Bug

Posted on by Andy Miller

Apple Inc has found itself at the centre of a security alert after a bug in group-calling of its FaceTime video-calling feature has been found to allow eavesdropping of a call’s recipient to take place prior to the call being taken.

Sound, Video & Broadcasting

As well as allowing the caller to hear audio from the recipient’s phone even if the recipient has not yet picked up the call, if the recipient has pressed the power button on the side of the iPhone e.g. to silence/ignore the incoming call, the same bug was also found to have allowed callers to see video of the person they were calling before that person had picked up the call. This was because pressing the power button effectively started a broadcast from the recipient’s phone to the caller’s phone.

Data Privacy Day

Unfortunately for Apple, insult was added to injury as news of the bug was announced on Data Privacy Day, a global event that was introduced by the Council of Europe in 2007 in order to raise awareness about the importance of protecting privacy. Shortly before news of the Apple group FaceTime bug was made public, Apple’s Chief Executive, Tim Cook, had taken to Twitter to highlight the importance of privacy protection.

It Never Rains…But It Pours

To make things even worse, news of the bug was made public on the day before Apple was due to announce its reduced revenue forecast figures as part of its quarterly financial results. Apple has publicly reduced its expected revenue forecast by £3.8bn.  Apple’s chief executive put the blame for the revised lower revenue mainly on the unforeseen “magnitude of the economic deceleration, particularly in Greater China”.  He also blamed several other factors such as a battery replacement programme, problems with foreign exchange fluctuations, and the end of carrier subsidies for new phones.

Feature Disabled

In order to close the security and privacy hole that the bug created, Apple announced online that it had disabled the Group FaceTime feature at 3:16 AM on Tuesday.

Fix On The Way

Apple has announced that a fix for the bug will be available later this week as part of Apple’s iOS 12.2 update.

What Does This Mean For Your Business?

Apple has disabled the Group FaceTime feature with the promise of a fix within days, which should provide protection from any new attempts to exploit the bug. Those users who are especially concerned can also decide to disable FaceTime in the iPhone altogether via the phone’s settings.

Even though the feature has been disabled, the potential seriousness of allowing eavesdropping of private conversations and the broadcasting of video from a call recipient’s phone appears to have been a major threat to the privacy and security of some Apple phone users.  This has caused some tech commentators to express their surprise that a bug like this could be discovered in the trusted, trillion-dollar company’s products, and concern to be expressed that those users who, for whatever reason, don’t update their phones to the latest operating system, may not be protected.

Windows 7 Activation Errors A Coincidence Says Microsoft

Posted on by Andy Miller

Just after the January update on 8th January, Windows 7 users began to experience activation errors, but Microsoft put the issues down to coincidence, despite admitting that it had reverted changes made to activation servers in the update in order to fix the problem.

What Is An Activation Error?

Windows Activation Technologies are used by Microsoft to help confirm that the copy of Windows 7 that is a user is running on their computer is genuine.  For example, the activation key is a 25-character code that is located on the Certificate of Authenticity label or on the proof of license label, and validation feature of Activation Technologies is the online process where users must verify that the copy of Windows 7 they’re running on their computer is activated correctly and is genuine.

An activation error, therefore, is when a user’s system wrongly notifies them that their copy of Windows is not genuine.

Which Update?

On 8th January, there was a monthly ‘Rollup’ security update for Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1.  The update was designed to improve and fix certain issues with Windows 7 e.g. fixing a vulnerability known as ‘Speculative Store Bypass’, and adding security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

Coincidence?

According to Microsoft, the fact that users received “Windows is not genuine”, and “Your computer might be running a counterfeit copy of Windows” notification at the same time as the January updates (KB4480960 and KB4480970) were introduced was simply a coincidence. Despite describing it as such, the problems were listed a table of “known issues in this update” on Microsoft’s support pages.

Reverted The Change

Microsoft announced on 9th January that it has fixed the issue by reverting the change that was made to Microsoft Activation and Validation servers.

What Does This Mean For Your Business?

For many Windows 7 users, the change meant a day of disruption on the Tuesday of the first full week back after the Christmas and New Year break.  For many of these users however, this appears to be one more in a long line of incidents, nudges and pointers that look like they’re designed to encourage them to finally make the switch over to Microsoft’s Windows 10 and its SaaS model. Microsoft ended its mainstream support for Windows 7 on January 13th, 2015, and the extended support will only continue until January 14th, 2020, after which time Microsoft says on its website that users can “keep the good times rolling by moving to Windows 10”.

Tech Tip – Prepare For Microsoft’s ‘’Reserved Storage’

Posted on by Andy Miller

The next big update of Windows 10 (in April) will mean that Microsoft will reserve 7GB of your device’s storage in order to accommodate its future ‘quality updates’ or new versions of the OS.  Measures you can take to check that you will have enough reserved storage space or to avoid storage space problems include:

– Manually deleting unnecessary temporary files and (temporarily) moving important files e.g. photos and videos to external storage devices to make enough space for the update.

– Checking the size of the reserved storage on your system by clicking Start > Search for ‘Storage settings’ > then Click ‘Show more categories’ > Click ‘System & reserved’ > and look at the ‘Reserved storage’ size.

– Avoid buying devices with little storage capacity.

Finding out more about the ‘Reserved Storage’ here:https://blogs.technet.microsoft.com/filecab/2019/01/07/windows-10-and-reserved-storage/

Concerns Over Huawei and ZTE Equipment and Software

Posted on by Andy Miller

A statement from the Czech National Cyber and Information Security Agency (NCISA) has warned network operators that using software or hardware made by Chinese telecom equipment suppliers Huawei and ZTE could represent a security threat.

Why?

Huawei, which the world’s biggest producer of telecoms equipment, is based in China, and according to the NCISA, private companies residing in China are required by law to cooperate with intelligence services.  This could mean that the products and services of those companies could, in theory, become part of the Chinese state security systems e.g. Huawei and ZTE could be used for spying on behalf of China.

Global Suspicion & Action

According to the Wall Street Journal, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecom Huawei because of the threat that it could be spying for China.

The US, Australia and New Zealand have barred Huawei Technologies Ltd. as a supplier for fifth-generation networks, and Japan also looks set to ban government purchases of equipment from Huawei and ZTE.

The U.S. government is also reported to have been putting pressure on Deutsche Telekom, the majority owner of T-Mobile US, to stop using Huawei equipment, although the head of Germany’s Federal Office for Information Security (BSI) Arne Schoenbohm is reported to have told German news outlet Der Spiegel that proof is required to substantiate the accusations.

Detained

Meng Wanzhou, the chief financial officer of Huawei, was recently detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran. The arrest of Meng Wanzhou happened on the same night that President Trump was dining with Chinese President Xi Jinping during the G20 summit in Argentina.  China’s state-run media, and some other commentators have suggested that Meng’s detention appears to be politically or economically motivated.

Response

The response by a Huawei spokesperson to the NCISA warning has been to deny any suggestion that a national security threat is posed by Huawei to the Czech Republic, and to call for NCISA to provide proof of its claims.

What Does This Mean For Your Business?

If the ‘Five-Eyes’ are to be believed, Huawei’s products and network software could have backdoors built-in to them which could, in theory, allow covert surveillance or control, or destruction of phone networks (which are accessible via the internet).  The fear is that those acting for the Chinese state could gain access to the data stored / routed through Huawei devices, telecoms equipment and software, and could even, perhaps, monitor the conversations on mobile phones.

There does, however, appear to be a lack of clear proof for the allegations, and bearing in mind that Huawei is the world’s biggest producer of telecoms equipment, and that its products are popular (this year it overtook Apple in terms of the number of handsets it was shipping worldwide) and that UK stores are still stocking and selling its handsets, the warnings of various governments look unlikely to be heeded for now.  It is worth noting that BT uses Huawei systems as part of its network, but is now is removing Huawei systems from the core of the mobile network EE, which it purchased in 2016.

The advice as part of the recent Czech warning is that system administrators in critical information infrastructure should take ‘adequate measures’ against the threat.  This advice appears a little vague, and until conclusive proof can be produced, many people and businesses will feel that they can decide for themselves what, if any, action to take.

London Police Facial Recognition Trial

Posted on by Andy Miller

It has been reported that the police are conducting a trial of a facial recognition system in Soho, Piccadilly Circus and Leicester Square over two days in the run-up to Christmas in a bid to identify people among the Christmas shoppers who are wanted by the police or the courts.

Overt

Far from being used secretly, the Metropolitan Police are reported to be publicly announcing the use of the system using knee-height signs on pavements leading up to the surveillance areas, along with A4 posters on lamp posts and leaflets handed-out to members of the public by uniformed officers.

The actual surveillance using the facial recognition link-up to the police database of wanted offenders is reported to have been carried out (on Monday and Tuesday) by a green van with cameras mounted on the top. It has been also been reported that for this London trial of facial recognition, the Metropolitan Police will have been studying the crowds for 8 hours per day over the two day period, and have been specifically using a target list of 1,600 wanted people in the hope that crime and violence can be more effectively tackled.

Criticism

Criticism from privacy and freedom campaigners such as Big Brother Watch and Liberty has focused on mixed messages from police about how those who turn away from the van because they don’t want to be scanned will be treated.  For example, it has been claimed that some officers have said that this will be treated as a trigger for suspicion, whereas a Metropolitan Police press release has stated that those who decline to be scanned (as is their right) during the deployment will not be viewed as suspicious by police officers.

Concern has also been expressed by Big Brother Watch that, although the police may believe that the deployment of the system is overt and well publicised, the already prevalent signs and advertisements in the busy central London areas where it is being deployed could mean that people may not notice, thereby allowing the police to blur the line between overt and covert policing.  It has also been pointed-out by privacy groups that the deployment involves an unmarked van and plainclothes officers, which are normally associated with covert activity.

Doesn’t Work?

Big Brother Watch and Liberty are currently taking legal action against the use of live facial recognition in South Wales (the site of previous trials) and London, and ICO head Elizabeth Dunham is reported to have launched a formal investigation into how police forces use facial recognition technology (FRT) after high failure rates, misidentifications and worries about legality, bias, and privacy.

Serious questions have been raised about how effective current facial recognition systems are.  For  example, research by the University of Cardiff, which examined the use of the technology across a number of sporting and entertainment events in Cardiff for over a year, including the UEFA Champion’s League Final and the Autumn Rugby Internationals, found that for 68% of submissions made by police officers in the Identify mode, the image had too low a quality for the system to work. Also, the research found that the locate mode of the FRT system couldn’t correctly identify a person of interest for 76% of the time.

Google Not Convinced

Even Google (Cloud) has announced recently that it won’t be selling general-purpose AI-driven facial recognition technology until it is sure that any concerns over data protection and privacy have been addressed in law, and that the software is accurate.

Fooled With A Printed 3D Head!

The vulnerability of facial recognition software to errors and inaccuracy has been further exposed by a journalist, Thomas Brewster, from Forbes, who claimed that he was able to fool the facial recognition on four Android phones by using a model 3D head with his own face printed on it!

What Does This Mean For Your Business?

For the retail businesses in the physical area of the trial, anything that may deter criminal activities like theft and violence and may also catch known criminals is likely to be a good thing.

Most businesses and members of the public would probably agree that CCTV systems have a real value in helping to deter criminal activity, locating and catching perpetrators, and providing evidence for arrests and trials.  There are, however, several concerns, particularly among freedom and privacy groups, about how just how facial recognition systems are being and will be used as part of policing e.g. overt or covert, issues of consent, possible wrongful arrest due to system inaccuracies, and the widening of the scope of its purpose from the police’s stated aims.  Issues of trust where our personal data is concerned are still a problem as are worries about a ‘big brother’ situation for many people, although the police, in this case, have been clear that it is just a limited trial that has been conducted as overtly as possible with the support of literature and posters / literature to make sure the public is informed.

Rumours That ‘Microsoft 365’ Package Is On The Way

Posted on by Andy Miller

There have been rumours among some IT commentators that Microsoft may soon be offering a single subscription-based, Windows 10-style service named ‘Microsoft 365’ that offers home ‘power users’ a combo of its popular software including the operating system, MS Office, Skype, and even OneDrive.

Office 365

Currently, home Microsoft users can sign-up to Office 365 that includes everything except Windows 10.  The ‘Microsoft 365’ service would, therefore, offer them a kind of mini enterprise version of Microsoft products for a single payment.

Why?

It is thought that this kind of service could put Microsoft 365 on a par with other big-brand subscription services such as Office 365, Skype, Cortana, Bing, Surface and Microsoft Education.  It is also likely that Microsoft 365 would be a more powerful and attractive replacement for Office 365.  It could also simply bring more people deeper into the Microsoft fold which could, in turn, help feed its other apps and platforms such as Android (which has replaced the Windows Mobile OS).

Also, if people commit to signing-up to one bundle of products / services with one company such as Microsoft, they may be less inclined to switch easily or to be attracted by rival services e.g. by Google or Apple, that do the same thing anyway.

Rumours?

The rumours that Microsoft 365 could become a reality appear to have been fuelled by job listings being posted referring to a Microsoft 365 Consumer Subscription product manager and Microsoft 365 Consumer Subscription senior product manager with roles that relate to developing a customer-focused subscription globally for Microsoft’s consumer services.

What Does This Mean For Your Business?

For Microsoft, this type of service could help it to bring users closer to the brand and encourage them to use its other apps and services, while gaining an advantage over big competitors such as Google. For home users, many of whom are actually small businesses or those who work on the business from home, this kind of single subscription bundle of useful and familiar services could represent real value and convenience.

Tech Tip – Find Out When You’re Visiting A Site That’s Been Hacked

Posted on by Andy Miller

If you use Google Chrome and you’d like to make sure that you know when you’re visiting a site that’s been hacked, and you’d like to set up a watch list for sites that you regularly visit, or those that store personal data, here’s a handy browser extension that could help.

The HackNotice extension for Google Chrome could help you to add another layer of security to your browsing.  To use it:

In Chrome, Google ‘hacknotice extension’.

Click on the link.

Click on the ‘Add to Chrome’ button (top right).

Follow the instructions.

Google Chrome’s ‘Incognito’ Mode Not So Incognito

Posted on by Andy Miller

Research by Internet Privacy Company DuckDuckGo is reported to have produced evidence that could show that even in Incognito mode, users of Google Chrome can still be tracked, and searches are still personalised accordingly.

Incognito Mode

Going incognito (private browsing mode) in Google Chrome means launching a separate ‘Incognito’ browser window by going to top right (the 3 stacked vertical dots icon), > New Incognito Window.  According to Google, by using this browser window Chrome won’t save your browsing history, cookies and site data, or information entered in forms, any files you download and bookmarks you create will be kept, but your activity isn’t hidden from websites you visit, your employer or school, or your internet service provider.

The DuckDuckGo Research

In the DuckDuckGo research, several volunteers were given controversial topics, such as gun control, vaccinations and immigration to search for using an Incognito browser window in Google Chrome. The searches were made both logged in to their Google accounts with Incognito Mode activated and logged out.

The Assumption

The assumption that many users may have is that being logged out of Google and using Incognito mode will keep searches totally private.

The Results

The reported results essentially showed that each person got different results.  This could indicate that Google is still able to still personalise searches in Incognito mode, which could mean that Google still has some access to searches which the user may believe are private.

The results may be seen to support the fact that even when signed out, and using Incognito / private browsing mode, websites can use IP addresses and browser fingerprinting to identify people.

Vanderbilt University Research In August

This latest DuckDuckGo research appears to support the findings of previous research from August by Vanderbilt University in Nashville (organised by Digital Content Next). This research found that if users sign into a website while using a private browsing window, the details of that login are still sent to Google, and Google could retroactively identify it from the username and other account data used during the session.  Also, the results of this research suggested that adverts served up by Google’s advertising can be linked to the cookies created both in and out of Incognito mode.

It must be said that Google reportedly described the findings of the Digital Content Next / Vanderbilt University research as misleading.

What Does This Mean For Your Business?

For Google, as a business that wants to sell and maximise revenue from targeted advertising, which is something that could be significantly improved with refined data and targeting technology, it is conceivable that it would want to collect detailed information from many sources, perhaps including that from Incognito searches.  The results of the DuckDuckGo research and previous research could be interpreted as showing that this is happening, and that Incognito mode may not be as secret as many users had imagined.  For advertisers using Google’s services, it is obviously in their interest that Google can offer highly targeted advertising services, but it is up to advertisers to decide whether they think Incognito mode search data should be a legitimate source of targeting data.

It is also worth noting that, in this case, DuckDuckGo is an Internet privacy company that has its own search engine to promote, which it describes as “the search engine that doesn’t track you”.  See https://duckduckgo.com/.

Tech Tip – Create A Travel Itinerary in Bing

Posted on by Andy Miller

If you’re planning a trip to an exciting destination you can now create your own travel itinerary in the Bing search engine. Here’s how:

Sign up to (Microsoft Outlook) and into Bing Maps – see https://www.bing.com/maps

Click on ‘My Places’.

Select the ‘Itineraries’ tab.

Open ‘New Itinerary’.

Select the places you want to go, add the times you had in mind, and click ‘Get Started’.

You can then go through your route and add key sites and attractions with a click, get suggestions, move additions between days, get directions, and add descriptions to the attractions.