The New York Times has reported that despite Intel issuing patches for security flaws (that were discovered last year) in its processors, security researchers are alleging that the processors still have some serious vulnerabilities.

What Flaws?

In January 2018, it was discovered that nearly all computer processors made in the last 20 years contained two flaws known as ‘Meltdown’ and ‘Spectre’. The 2 flaws could make it easier for something like a malicious program to steal data that is stored in the memory of other running programs.

Meltdown, discovered by researchers from Google’s Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, affects all Intel, ARM, and other processors that use ‘speculative execution’ to improve their performance; i.e. when a computer performs a task that may not be actually needed in order to reduce overall delays for the task (a kind of optimisation).

Meltdown could, for example, leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre, which affects Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

8 More Flaws Discovered

Then, in May 2018, 8 more security flaws in chips/processors were discovered by several different security teams.  The new ‘family’ of bugs were dubbed Spectre Next Generation (Spectre NB).

September 2018

According to reports by The New York Times, the Dutch researchers (at Vrije Universiteit Amsterdam) also reported a range of security issues about Intel’s processors to the company in September 2018 and provided Intel with a proof-of-concept code to help them to develop fixes

14 Months On – Only Some Fixes

It has been reported that after waiting 8 months to allow Intel enough time to develop fixes (of which only some have issued), and more than a year after providing Intel with a proof-of-concept code, Intel has only just announced the issue of more security updates earlier this week.

More Vulnerabilities

Unfortunately for Intel, just as they announced the issue of new security fixes last week, the researchers notified them of more unfixed flaws, and it has been alleged that Intel asked the researchers to alter the report about the flaws and to effectively stay quiet about them.

MDS

The latest unpatched flaw in Intel processors that the researchers from Amsterdam, Belgium, Germany and Austria have gone public about is a hacking technique, which is a variant of ZombieLoad or RIDL (Rogue In-Flight Data Load). The technique which exploits a flaw in Intel processors is known as microarchitectural data sampling (MDS) and it can enable hackers to carry out several different exploits e.g. running code on the victim’s computer that forces the processor to leak data.

Criticism

The news that there may still be flaws in Intel’s processors after the company appears to have had a long time to fix them has prompted some criticism of Intel online, some of it reported in the New York Times e.g. allegations  that there has been a lack of transparency about the issue from Intel, that the company has tried to downplay the problems, and allegations that Intel may not decide to do much to fix the problem until its reputation is at stake.

What Does This Mean For Your Business?

Bearing in mind that these flaws are likely to exist at the architectural level in the majority of processors, this story is bad news for businesses that have been legitimately trying to make themselves totally compliant with GDPR and as secure as possible from attack.

For the time being, in the short term, and unless processor companies try to completely re-design processors to eliminate the flaws, closing hardware flaws using software patches is the only realistic way to tackle the problem and this can be a big job for manufacturers, software companies, and other organisations that choose to take that step. It is good practice anyway for businesses to install all available patches and make sure that they are receiving updates for all systems, software and devices.

The hope is now that researchers can put enough pressure on processor manufacturers e.g. through bad publicity to make them speed up their efforts to tackle the known security flaws in their products.

The new 1.0 browser from Brave removes ads and ad trackers and pays users through a reward system for viewing the ads that Brave presents.

Brave?

Brave is a San Francisco based start-up company, founded in 2015 and led by CEO Brendan Eich, formally of Firefox.

Ad and Tracker-Free

Two of the key advantages of the new Brave browser are that it protects a user’s privacy by removing ad trackers and makes browsing a faster (download time) and less distracting experience by removing adverts.

Displays Its Own Adverts and Pays You For Viewing Them

The big difference about Brave is that it offers its own Brave Rewards system. Users who join the system only see adverts from Brave and are paid 70% of the resulting ad revenue using Brave’s own crypto-token, the Basic Attention Token (BAT).  Brave also sends the revenue you accrue back to the websites you’ve visited.

The advantages of this system should be that it can lure new users to Brave in a crowded browser market with the promise of money and a better browsing experience and improved privacy and that websites can still find a way to support themselves with advertising without having to share the personal data of users with tech companies.  The hope is that, if this browser and model gains user approval on a large-scale it will eventually deter publishers from trying to profile the behaviour of their users via privacy-invading trackers.

Earnings

Users who sign-up to the Brave Rewards system can choose where to direct the BAT they’ve earned e.g. send it certain sites, tip Twitter and Reddit users or choose to convert it into currency (which is unlikely to be a large amount).

Numbers

There are some very well-established players in the Browser market which is currently dominated by Google Chrome which has more than 65% of the market (around 2+ billion installs).

In comparison, Brave says that it is used 8.7 million times each month on Windows, macOS, Android and iOS. The company has, however, reported that the number of users is growing by 10% per month.

What Does This Mean For Your Business?

Privacy is a big concern for all web-users and trying to download web pages that are full of adverts can be a frustrating and a time and power-draining experience. Businesses also need to be able to use the tools available to them to make sure that they can get the maximum ROI from their advertising spend, plus the big tech companies need to be able to offer their business customers an ad system that delivers results, hence the perceived need for trackers and profiling the behaviour of customers.  Web publishers also need to have a viable way to help support their sites and offer content to their users (without a payment gateway) and this has traditionally been through advertising on their pages, much to the frustration of website visitors.  Brave’s browser, therefore, tries to meet the needs of all these groups in one package.  The combination of improved privacy, financial incentives and better browsing experience may prove appealing to users, and publishers may take note of the Brave model and realise that there is another way of supporting their sites. It remains to be seen, however, how much share of the browser market Brave can gain and how well it fares against some powerful and entrenched competitors.

Tech giant Google is crossing over into the banking world by partnering with Citigroup to offer ‘smart checking’ accounts (bank current accounts) next year as part of its ‘Cache’ project.

Partnering, Not Self-Branding

Google is reported to be prepared to rely heavily on the knowledge of Citibank partner in the project and will not be self-branding the accounts. Google will, no doubt, be grateful for the guidance of its partner through the complicated regulatory aspects of banking.

Other Tech Companies Too

Google’s move into the finance world follows that of competitor tech giants, some of whom have experienced a bumpy ride in banking territory such as:

– Facebook developing its own cryptocurrency called Libra which has recently suffered the departure of big names from the association of organisations that was set up to run the currency – PayPal has dropped out with Mastercard, Visa, and digital payment platform and processor Strip soon to follow.

– Apple introducing its own credit card, the ‘Apple Card’ in the US in partnership with Goldman Sachs and with processing by Mastercard.  The card system operates through the Wallet app on iPhone (iPhone 6 and later), but Apple soon suffered criticism that the physical titanium card that accompanies each account would be vulnerable to damage by everyday material surfaces such as denim and leather, thereby rendering potentially impractical.

– Amazon offering credit card and business loans, with a view to boosting its own e-commerce business.

Uber Money offering credit cards, debit accounts and money tracking tools to help the company with its own taxi operations.

Why?

Like other tech companies, Google’s massive customer base and widely recognised brand mean that it can leverage this power through brand extension.  Google knows that by simply supplying more of peoples’ needs online, often by strategic alliance, it can stay competitive, and find new users and new opportunities.

Privacy & Trust Worries

Some technology commentators have, however, have expressed worries that giving tech companies access to our financial information could mean that they know too much about us, and may be tempted to share data with (or sell that data to) their advertising arm or other organisations.

Although Google has said that it will not be selling or sharing its account holders’ financial data just as it doesn’t share data from its Google Pay service with advertisers, there has been a recent report that Google may be able to gain access to personal medical data of up to 50 million Americans through its partnership with the healthcare giant Ascendant.

Research

Research has indicated that consumers are likely to trust Google with their financial affairs.  For example, a study by McKinsey & Company revealed that 58% of people (surveyed) said they would trust Google with financial products.

UK BoE Governor

Back in June UK BoE Governor, Mark Carney offered tech companies and all payment providers the chance to store funds overnight in interest-bearing accounts at the central bank and appeared to be adopting an “open mind but no open door” approach to Facebook’s Libra cryptocurrency.

What Does This Mean For Your Business?

It was more or less inevitable that the reach and brand power of tech giants, who are already trusted with many personal aspects of our lives would mean that they want (and would be able) to move into the world of our personal finances too.  The move may be a win/win for both the financial partners (who can learn how to upgrade the tech of their service) and the tech giants who can find out even more about us and can become even more essential partners to us in all parts of our digital life.

The damage to trust, however, caused by Facebook’s sharing of harvested user data with Cambridge Analytica has left some people with reservations about trusting tech companies with too much of our personal data.

Microsoft’s Windows 7 Operating system, introduced in 2009 and only intended to upgrade windows in the wake of the much-disliked Windows Vista finally reaches its end of life date on 14 January 2020.  Looking back, it was an unexpected success in many ways, and looking forward, if you’re one of the 39% of Windows users still running Windows 7 (only 44% are running Windows 10), you may feel that you’ve been left with little choice but to move away from the devil you know to the not-so-big-bad Windows 10.

Big Success For Microsoft

Evolving from early codename versions such as “Blackcomb”, “Longhorn,” and then “Vienna” (in early 2006), what was finally named as Windows 7 in October 2008 proved to be an immediate success on its release in 2009.  The update-turned Operating System, which was worked upon by an estimated 1,000 developers clocked-up more than 100 million sales worldwide within the first 6 months of its release. Windows 7 was made available in 6 different editions, with the most popularly recognised being the Home Premium, Professional, and Ultimate editions.

Big Improvement

Windows 7 was considered to be a big improvement upon Windows Vista which, although achieving some impressive usage figures (still lower than XP though) came in for a lot of criticism for its high system requirements, longer boot time and compatibility problems with pre-Vista hardware and software.

Some of the key improvements that Windows 7 brought were the taskbar and a more intuitive feel, much-improved performance, and fewer annoying User Account Control popups. Some of the reasons for switching to Windows 7 back in 2009 were that it had been coded to support most pieces of software that ran on XP, it could automatically install device drivers, the Aero features provided a much better interface, it offered much better hardware support, the 64-bit version of Windows 7 could handle a bigger system memory, and the whole Operating System had a better look and feel.

End of Life = End of Support = Danger

After looking back at the successes of Windows 7 it seems a shame to have to focus on the impending ‘end of life’ on 14 January.  End of life isn’t quite as final as it sounds. Windows 7 will still run but support i.e. security patches, will no longer be available for it.

For Azure customers, the Windows Virtual Desktop does still mean that there’s the option of an extra three years of extended support as part of that package, but there may be some costs incurred in migrating to the cloud service.

Yes, ‘Extended Security Updates’ can be also purchased by customers with active Software Assurance for subscription licenses for 75% of the on-premises annual license cost, but this should only really be considered as a temporary measure to ease the transition to Windows 10, or if you’ve simply been caught out by the deadline.

Embracing the Positive

It may even be the case that in the process of worrying about the many complications and potential challenges of migrating to Windows 10 you haven’t allowed yourself to focus on the positive aspects of the OS such a faster and more dynamic environment and support for important business software like Office 365 and Windows server 2016.

Planning and Time

In order to maximise security and finally get round to taking the plunge and migrating to a new operating system, it’s worth noting that IT project deployment can be slow, some remedial work may be required in the transition, and you will need to make sure that you have identified any issues that you have in your environment.  This means that although the deadline is technically a couple of months away, there will be the interruption of the Christmas and New Year break to consider, and it may be wise to allow yourself enough time to gather all the information and to plan the project so that everything goes smoothly.

What To Do Now

The deadline to end of support/end of life for Windows 7 is just around the corner, but the stats show that, if you’ve not yet done your homework and planned your move of Windows 7, you’re not alone.  Ideally, a slow and measured approach to an upgrade of this kind and scale would allow enough time for planning and for the smoothest of transitions. Unfortunately, we no longer have the luxury of time and although there are some possible OS alternatives to Windows 10, these could bring their own challenges and risks that you may not yet have considered.

For most businesses then, there is a realisation that the threat of no more support means that continuing to run Windows 7 presents a real risk to the business e.g. from every new hacking and malware attack that comes along after January. If you choose to upgrade to Windows 10 on your existing computers, you will need to take into account factors such as the age and specification of those computers, and there are likely to be costs involved in upgrading existing computers.  You may also be considering, depending on the size/nature of your business and your IT budget, buying new computers with Windows 10 installed, and in addition to the cost implications you may also be wondering how and whether you can use any business existing systems or migrate any important existing data and programs to this platform.

One thing is clear: if you’re still running Windows 7, the time to act is now.

Billed as “the browser and search engine for business”, Microsoft’s new Chromium-powered version of Edge (and now more serious competitor to Google’s Chrome) is set to be released in January with new business-focused capabilities.

Chromium Source

Back in December 2018, Microsoft announced that it was adopting the Chromium open source project, which is the web rendering engine that powers Google Chrome.  This forms the basis for the new, upgraded version of Edge which many see as a serious attempt by Microsoft to make it more relevant, particularly to larger business customers, and compete more seriously with Google’s Chrome.

January 2020

The new business-focused version of Edge has only been released as ‘Beta version 79’ (the final Beta before it becomes a general “Release Candidate”), with the general release of the download of the stable version for Windows and macOS scheduled for 15 January 2020.

More Productive At Work

One of the key challenges that Microsoft says it’s trying to address with the improved version of Edge is difficulty in finding and accessing corporate information that is known to exist on company intranets.  With this in mind, Microsoft says that it has added “new experiences” to Microsoft Search in Bing such as enabling users to type in the address bar to search for people on the company Intranet, using natural language, such as by their title, team name and office location.

Also, users will be able to:

• Search for office location and find answers that show floor plans for directions.
• Get definitions for company acronyms.
• Use a broad set of question and answers to find internal company information.

What Else?

Other business-focused features that the new version of Edge will offer are:

• Expansion of Microsoft Graph connectors which expands the reach of Microsoft Search for 365 customers by adding over 100 connectors including Salesforce.com, ServiceNow, and Box. This will mean that business users can find more using Microsoft Search.
• The ability to easily access Search in Bing on a mobile phone so that workers can search for company information on the go.
• SmartScreen and Tracking prevention to protect users from phishing schemes, malicious software and new types of malware (crypto-jacking).
• A new InPrivate mode for Microsoft Edge and Bing (for searching and browsing) to help improve privacy and security
• A ‘Collections’ feature for Microsoft Edge to help users to collect web content, organise research and export that content into Word and Excel for analysis and collaborative working.

Extras For IT Professionals

The new version of Edge will also include some new features for IT professionals including the expansion of the Microsoft FastTrack deployment program to deploy the new Microsoft Edge in Q1 2020, the expansion of the App Assure program to cover Microsoft Edge in Q1 2020, and a new security baseline for the new Microsoft Edge.

What Does This Mean For Your Business?

The migration to Chromium last year was a clear sign that Microsoft was looking to make Edge browser a much more serious competitor to Google’s Chrome.  Microsoft has identified some key challenges that businesses (with Intranets and programs like Salesforce) have with accessing important company information through a browser search.  Microsoft has, therefore, incorporated some very business-focused, productivity-boosting solutions in this version of Edge that can help office and mobile/remote workers.  Focusing on the needs of business-users could help Microsoft maintain its position at the top of the business OS market as well as giving its Edge browser a long-overdue boost.