Browsers Slowed By Adverts and Analytics
Research by developer Patrick Hulce has shown that around 60% of the loading time in a browser is caused by JavaScript code that is used to place adverts or analyse what users do.
Analysed Pages
The researchers analysed data from desktop and mobile versions of a million sites, including many popular ones, and sampled programs written in JavaScript, which is the code that is popularly used not only by developers to make sites interactive, but also by Google to help place ads on pages and analyse user activity.
Two-Thirds of a Second Loading Time Added
The analysis revealed that if ad-placing and analytics JavaScript code are used together on a page this can add more than two-thirds of a second to loading times.
WordAds Script
The JavaScript code that was found to add the most time to page downloads was the WordAds script that’s used in WordPress blogs. This was found to add a staggering 2.5-second delay to the arrival of a page.
Other Causes
The research did acknowledge that there are other popular causes of slow loading pages including network delays, large file sizes for some content, and even ad-blocking programs which increase script execution time.
Problems Caused By Slow-Loading Pages
Slow-loading pages can cause problems such as frustration to (and loss of) visitors from web pages, and pages being penalised by Google’s search rankings for desktop and mobile search results.
Google sends out Google speed updates for mobile search rankings of the slowest of sites on the Internet. The updates are directed to those who have verified properties in Google Search Console and are aimed at reducing the search rankings of really slow mobile pages. The updates give site admins recommendations about how to measure and fix slow-loading page problems. In October 2018 for example, Google announced that it had begun (since July 2018) incorporating a new Speed update algorithm in the mobile search results as a search ranking factor.
Run A Test
It has long been known that JavaScript can add extra time to page downloads. If you’d like to check whether your pages are being slowed down by JavaScript you can, for example, go to https://www.webpagetest.org/ or Google’s https://developers.google.com/speed/pagespeed/insights/.
What Does This Mean For Your Business?
Slow-loading web pages can frustrate users and lose your business customers, as well as damaging the position of your web pages in Google search results. Web pages that load quickly are known to have longer average session times, lower bounce rates, and higher viewability, and Google suggests that a good target time in which a page should load is under 2 seconds.
Test tools such as webpagetest.org are good ways to see how your pages currently perform. Ways to improve slowness caused by JavaScript include only loading the JavaScript needed for the current page / prioritizing what a user will need and lazy-loading the rest with code-splitting and optimizing JavaScript. If, for example, you have a WordPress website, you can use plugins to help reduce your page load time.
Crypto-currency Mining Apps Discovered in Microsoft Store
Security researchers at Symantec claim to have discovered eight apps in the Microsoft Store which, if downloaded, can use the victim’s computer to mine crypto-currency.
Only There For A Short Time Last Year
The suspect apps are reported to have only been on the Microsoft Store for a short time between April and December 2018, but it is thought that they still managed to achieve significant download numbers, as indicated by nearly 1,900 ratings posted for the apps.
Which Apps?
The suspect apps, in this case, are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search apps. These apps have now been removed from the Microsoft Store,
What Is Crypto-currency Mining?
‘Crypto-currency mining’ involves installing ‘mining script’ code such as Coin Hive into multiple web pages without the knowledge of the web page visitor or often the website owner. Multiple computers then join their networks so that the combined computing power can enable mathematical problems to be solved. Whichever scammer is first to solve these problems is then able to claim/generate cash in the form of crypto-currency, hence mining for crypto-currency.
Crypto-currency mining software tends to be written in JavaScript and sends any coins mined by the browser to the owner of the web site. If you visit a website where it is being used (embedded in the web page), you may notice that power consumption and CPU usage on your browser will increase, and your computer will start to lag and become unresponsive. These slowing, lagging symptoms will end when you leave the web page.
Mining For Monero
In the case of the eight suspect apps, they had been loaded with a script that had been designed to mine the ‘Monero’ crypto-currency. Monero, which was created in April 2014 is a decentralised cryptocurrency that uses an obfuscated public ledger. This means that anybody can broadcast or send transactions, but no one outside can tell the source.
How?
The secret mining element of the eight suspect apps worked by triggering Google Tag Manager (GTM) in their domain servers as soon as they were downloaded. The GTM, which was shared across all eight apps, enabled them to fetch a coin-mining JavaScript library, and the mining script was then able to use most of the computer’s CPU cycles to mine Monero.
GTM – Legitimate
GTM is usually a legitimate tool that is designed to enable developers to inject JavaScript dynamically into their applications. In this case, however, it had been used as a cloak to conceal the malicious purpose of the apps.
Not The First Time
This is not the first time that suspect apps have been discovered lurking in popular, legitimate app stores. Back in January, for example, security researchers discovered 36 fake and malicious apps for Android that can harvest a user’s data and track their location, masquerading as security tools in the trusted Google Play Store. The apps, which had re-assuring names such as Security Defender and Security Keeper, were found to be hiding malware, adware and even tracking software.
Also, back in November 2017, a fake version of WhatsApp, the free, cross-platform instant messaging service for smartphones, was downloaded from the Google Play store by more than one million unsuspecting people before it was discovered to be fake.
What Does This Mean For Your Business?
This is not the first time that apps which perform legitimate functions of the surface and are available from trusted sources such as Microsoft store have been found to have hidden malicious elements, in this case, mining scripts. The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses, and the increasingly sophisticated activities of crypto-jackers and other cyber-criminals, combined with a global shortage of skilled cyber-security professionals to handle detection and response have left businesses vulnerable to this kind of hidden app-based threat.
Although the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Microsoft and Google don’t always seem to be able to detect the hidden aspects of some apps.
The fact that many of us now store most of our personal and business lives on our smartphones makes reports such as these more alarming. It also undermines our confidence in (and causes potentially costly damage to) the brands that are associated with such incidents e.g. the reputation of Microsoft Store.
Some of the ways that we can try to protect ourselves and our businesses from this kind of threat include checking the publisher of an app, checking which permissions the app requests when you install it, deleting apps from your phone that you no longer use, and contacting your phone’s service provider or visit the High Street store if you think you’ve downloaded a malicious/suspect app.
Also, if you are using an ad blocker on your computer, you can set it to block a specific JavaScript URLs related to crypto-mining, and some popular browsers also have extensions that can help e.g. a browser extension called ‘No Coin’ is available for Chrome, Firefox and Opera (to stop Coin Hive mining code being used through your browser). Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current crypto-currency mining threats and scams and what to do to prevent them, are just some of the other ways that you can maintain a basic level of protection for your business.
Tech Tip – How To Send Large Files For Free
If you need to send a file online, but that file is too big to send by email, there are several simple, effective and secure alternatives. Here are some suggestions:
– Use file compression to shrink the file size anyway before sending/transferring. For example, try RAR compression instead of ZIP. Open source 7-Zip provides effective file compression.
– Upload your file to a cloud-based storage service and share / retrieve from there. For example, Google Drive (offers up to 15GB of free storage), Dropbox (offers 2GB of free storage space and a variety of sharing options.), Microsoft’s OneDrive (offers 5 gigabytes of free storage), MediaFire (offers 50GB of free storage + simple sharing tools).
– Use a free file transfer service e.g. WeTransfer where you can send files up to 2GB without needing to register, or use free FTP software e.g. Cyberduck, FileZilla, or Chrome’s sFTP Client extension.
Windows 10 Error Messages Soon To Make More Sense
Starting with the April 2019 update, Microsoft will be adding “Learn more” links to its error code messages in a bid to enable users to see what the code means, plus the chance to fix the error on the spot.
Resolved During Installation
The “Learn More” links will be there to help if there is an error during the upgrade (or installation) of Windows 10. As well as explaining what the error is, Microsoft will also be giving users the chance to resolve the error messages themselves within the installer and will offer suggestions on how to update any problematic applications without having to uninstall.
What’s The Problem?
If a problem is encountered during the upgrade/installation of Windows 10, users are given error messages, for example if a version of an app isn’t compatible with the latest Windows 10 OS, and users need to either update or reinstall the app.
To date, Microsoft has provided articles on how to solve Windows errors written by support staff called the ‘Knowledge Base’ (KB). The main problems for users have been that:
- Users don’t know what the numerical error messages in the upgrade and installation of Windows 10 mean, or what to do with those error codes.
- Users generally don’t know how to use KBs, look for specific KBs using their numerical ID, and there are no direct links to KB articles in setup error notifications.
- Users have also found that ‘back ‘and ‘refresh’ buttons don’t fit with the error notifications they receive.
Link To A Quick Fix
Whereas the October 2018 Update means that users were only given the options of uninstalling the app, going back, or refreshing in the case of an error, the changes in the April update (code-named 19H1) should afford user the opportunity to save time and hassle by having information about the error to hand, and being able to get quick fix on the spot.
What Does This Mean For Your Business?
The current system of offering up codes that mean little to many to users who are not acquainted with the existence of the Knowledge Base or how to use it causes frustration and can waste time and therefore waste money for businesses. This change in April appears to be a straightforward, user-friendly way of saving time and hassle by offering users the chance to more easily understand and find a fix for errors on the spot.
At present, a list of the common errors experienced during a Windows 10 upgrade and installation plus explanations of them can be found on the Microsoft Windows Support pages here: https://support.microsoft.com/en-gb/help/10587/windows-10-get-help-with-upgrade-installation-errors
Large Rises in Amazon’s Web Services (AWS) Revenues, Fuelled By Public Cloud Demand
A massive 45% growth in the revenue of Amazon’s Web Services (AWS) in the fourth quarter has been fuelled by big profits in Amazon’s public cloud arm.
Beats Microsoft & Google In Cloud Infrastructure
The $7.4 billion cloud revenue, which is a jump 45% compared to the previous year, means that AWS is beating competitors Microsoft and Google in the market for cloud infrastructure. These are the services that businesses and organisations use to outsource their computing and data storage needs.
To give some idea of the scale of the jump in revenue for AWS, these figures mean that it generated more operating income during 2018 than its North American retail operations, and that AWS generated the revenue through $25.65bn in sales (compared with the $141.3bn from North American retail operations).
Central To Success
The operating income for AWS in the quarter was $2.18 billion, accounted for 58% of Amazon’s overall operating income, although there was a slight decrease in AWS’s operating margin.
This means that the cloud business has become central to Amazon’s success in terms of revenue and profits.
More Cloud Regions
Amazon purchased two more new cloud computing regions online in 2018, and it says that it plans to open four new regions and 12 new availability zones within those regions by the first half of 2020.
The company widened its base of cloud customers last year, including some big-name sign-ups such as Santander, Korean Air and Amgen.
Not Fastest Growing
Even though AWS has seen significant growth in revenue, Microsoft’s cloud business is growing even faster. For example, Azure cloud revenue grew by 76% in the latest quarter.
It is, however, perhaps to be expected that the revenue growth rate of a fast-growing company drops off as their revenue base swells e.g. AWS’s has dropped from 78% in 2015 to 42% during the third quarter of 2017.
What Does This Mean For Your Business?
Amazon is clearly a company that has grown very quickly and has diversified (far) beyond its online roots into many areas, including bricks-and-mortar stores (groceries and books), self-service stores in the US, and healthcare, as well as experimenting with innovative new ways to gain an edge in its core business e.g. drone and robot parcel deliveries. Amazon’s Alexa virtual personal assistant technology and Echo voice-controlled devices have also proven to be very popular in the marketplace.
It hasn’t all been plain sailing though, with the company’s business practices coming under more scrutiny from UK, US, and EU regulators, as well the UK government.
In the business cloud market, AWS is showing strong growth in what is a highly profitable sector as more businesses look to outsource to the cloud, but many market analysts now predict slowing growth and higher spending for Amazon as it tries to compete and fight competitor challenges on many diverse fronts.
$180 Million Password Taken To The Grave
115,000 customers of the of Canadian digital platform Quadriga are believed to be owed C$250 million, but C$180 ($137.21 million) in cryptocurrencies have been frozen after the platform’s founder, who was the only person with the password to the platform’s stored funds, died in December 2018.
What Is Quadriga?
QuadrigaCX is a Canadian cryptocurrency exchange/platform, which allows the trading of Bitcoin, Litecoin and Ethereum. QuadrigaCX, was founded by Gerald Cotten and was Canada’s largest cryptocurrency exchange until 2019 and has 363,000 registered users.
Cold Storage
As part of QuadrigaCX’s security measures, ‘Cold Storage’ was used for most of the Bitcoins within their system. Unfortunately for Quadriga, it is this part of the system, where the bulk of their funds are stored that is ultimately protected by one main password that was known only to the late founder, Gerald Cotton.
Dead
Mr Cotton died aged 30 from complications related to Crohn’s disease while he was volunteering at an orphanage in India.
Widow Under Pressure
With so much money owed to customers, Mr Cotton’s widow, Jennifer Robertson is reported to have found herself under pressure to find the password. It has been reported that Robertson, who was not involved in Cotten’s business while he was alive and does not have business records for QuadrigaCX, has conducted repeated searches for the password.
Although Robertson has Mr Cotten’s laptop, she has (so far) been unable to access the contents because it is encrypted, and no one has the password or recovery key for it. Additional attempts to decrypt the laptop have also been unsuccessful.
It has also been reported that Robertson has consulted an expert to help recover details from Cotten’s other computer and cell phones, although the expert’s attempts have been reported to have had only ‘limited’ success to date.
QuadrigaCX has now filed for “creditor protection” in an attempt to avoid bankruptcy.
Customers Unable to Withdraw Funds
In the meantime, customers have reported online that they have been unable to withdraw their funds from the platform for months, that they have only received limited information, and that the website was also recently taken down for maintenance.
What Does This Mean For Your Business?
This story highlights some of the risks associated with cryptocurrencies, and a how a lack of regulation and a market that’s still in its relatively early stages can leave investors in unusual, worrying situations such as this one. In many other types of financial business where there is that level of funding involved, it would also be highly unlikely that a single password known only to one person would play such an important role. Some would say that it’s ironic that passwords are often considered now to be much less secure than other security tools, and yet this password-controlled system has confounded even the experts so far. What is also ironic is that the ‘cold storage’ of funds, in this case, was introduced as a security measure to protect customer funds but has ended up being so secure customers have no access to those funds.
Looking at the size of QuadrigaCX and the number of customers it has, cryptocurrencies clearly still provide a useful and valuable opportunity for trading and investment. They have, however, had a turbulent life to date, making the news for many negative reasons. For example, just for bitcoin, regulations and restrictions in some countries (e.g. China), hacks, its volatility, a negative image from its use by international criminals and from its use in scams, a lack of knowledge about how to use it, and the fact that the high price of just one bitcoin made it (even more) niche, meant that it became a commodity and a fast-buck opportunity rather than an actual, useful currency, and the over-consumption and over-inflated value of bitcoin lead to its spectacular fall in value. There have also been well-publicised falls in value for crypto-currencies like Ethereum’s ‘eher’ and Ripple’, and Tether found itself being investigated by the U.S. Department of Justice over possible manipulation of bitcoin prices at the end of 2017.
All this said, many governments and banks would still like a ‘piece of the action’ of cryptocurrencies, and many market analysts see a future for them as a part of a wider ecosystem.