Tech Tip – Windows 10: “Print” Documents Straight To PDF
Windows 10 finally lets you “print” documents to PDF, which means that you no longer need to install a third-party app to save a web page or document for use offline. You can now simply select PDF as a printing output option. To Print to PDF in Windows 10:
- Open up your document e.g. in a text editor like Microsoft Word (this actually works from any program that lets you print, not just Word, and not just with a text document).
- Click File > Print.
- Under Printer or Destination, choose Print as a PDF.
All iPhones, iPads and Macs Affected by 2 Major Bugs
wo major security flaws which are present in nearly all modern processors / microchips mean that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.
What Security Flaws?
The 2 hardware bugs / flaws in nearly all computer processors made in the last 20 years are known as ‘Meltdown’ and ‘Spectre’. The 2 flaws could make it easier for something like a malicious program to steal data that is stored in the memory of other running programs.
Meltdown
Meltdown, discovered by researchers from Google’s Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, affects all Intel, ARM, and other processors that use ‘speculative execution’ to improve their performance (most of the modern global market). Speculative execution is when a computer performs a task that may not be actually needed in order to reduce overall delays for the task – a kind of optimisation.
Meltdown could, for example, leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.
Spectre
Spectre, which affects Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.
Apple Systems and Devices Affected
Apple is reported to have said that all Mac systems and iOS devices are affected, although the Apple Watch is not believed to be affected by it.
No Known Exploits Yet
It should be said that researchers have uncovered the existence of the flaws, and while the potential for exploitation is there, there have been no known exploits to date. In the light of the wide publicity that the existence of the flaws has received, this could change.
What’s Being Done?
Intel has announced that that it is working with AMD, ARM, other technology companies and some operating system vendors to find a fix. Intel and ARM are also planning to release patches for the flaws in upcoming software updates from them and operating system makers.
Google has said that the flaw didn’t exist in many of its products, and it has mitigated the issue in those products where it was present. Google has also said that an upcoming browser update (Chrome 64) will offer further protection when it is rolled out on 23 January.
Microsoft has released an emergency patch for all Windows 10 devices with other updates for other Windows versions scheduled for release within days. Amazon is reported to have said that its whole EC2 fleet is now protected.
Apple has issued a partial fix in macOS 10.13.2 and will continue to fix the issue in 10.3.3.
What Does This Mean For Your Business?
It is highly likely that your devices are affected by the flaws because they are hardware flaws at architectural level, more or less across the board for all devices that use processors. The best advice is to install all available patches without delay and make sure that you are receiving updates for all your systems, software and devices.
Although closing hardware flaws using software patches is a big job for manufacturers and software companies, it is the only quick answer to a large-scale problem that has been around but apparently ‘under the radar’ for a long time.
Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.
‘Ripple’ Takes Second Place To Bitcoin
As investors look for alternatives to the volatile bitcoin bubble, crypto-currency Ripple has become the second most valuable virtual cash system, followed by ethereum and litecoin.
Bitcoin Bubble Fear Means Ripple Looks Attractive
The media has been full of reports about the steep and rapid rise in the value of the blockchain-powered crypto-currency. From a value of £740 per bitcoin at the beginning of 2017, to in excess of £15,000 in December, falling (with a few bumpy troughs) to £11,000 this week, many investors, spooked by what many see as a bubble have been looking for alternatives.
It is likely to be no coincidence, therefore, that the value of crypto-currency Ripple has risen as bitcoin’s value fell to see it take second place to bitcoin at $2.34 (1.73) per XRP (the name for a single Ripple unit). Although this doesn’t seem to be a large amount, it is much higher than the $0.0065 (just over half a US cent) each unit was worth a year ago.
The crypto-currency of Ripple is now worth $142bn, second in value to bitcoin at $251.4bn, and ahead of ethereum at $100.6bn and litecoin at $13.2bn.
The Ripple
Unlike bitcoin which operates outside of the reach of the banks, Ripple was set up to help banks speed up and modernise how they pay each other. 100 banks, so far, have signed up to use Ripple’s payments system. These sign-ups include big hitters like Bank of America and UBS, Japan’s big credit card companies (for payments and settlement), and some South Korean and Japanese banks (through a pilot project to handle cross-border payments).
Ripple has no real assets or revenue streams to support the rate, and the market is calculated by multiplying the number of XRP coins in existence by the current dollar exchange rate. Also, Ripple XRP coins, unlike e.g. bitcoin, aren’t ‘mined’ by the members of the network that processes the transactions, but have been pre-mined and are slowly released as the network is used.
It is believed, therefore, that the recent adoption of the currency by these banks and credit card companies, and the search for alternatives to the uncertainty of the bitcoin bubble have been the main drivers of the value of Ripple.
Ethereum and Litecoin
Ethereum, the next highest value crypto-currency after Ripple has seen an increase in value of 9,240 % year over year. Litecoin meanwhile, has also seen a rapid and steep rise in value of 5,195 % year over year (Coinbase figures).
The rise in the value of these crypto-currencies also corresponds with the fall in value of bitcoin.
Crypto-Jacking Warning
With the rise in value and popularity of crypto-currencies, experts have warned that there are likely to be more incidents of ‘crypto-jacking’, where people’s devices are taken over by people trying to mine crypto-currencies. Earlier this month, for example, the Android phone-wrecking Trojan malware, dubbed ‘Loapi’, was discovered by Kaspersky researchers. In tests, after running it for several days mining the Minero crypto-currency, the android phone used in the test was overloaded with activity (trying to open about 28,000 unique URLs in 24 hours) to the point that the battery and phone cover were badly damaged and distorted by the resulting heat.
What Does This Mean For Your Business?
The rise of crypto-currencies, such as bitcoin, to the point where it was finally being taken up by investors, businesses and governments, has been filled with high profile ups and downs e.g. a fall in its value on the Tokyo-based Mt. Gox exchange following a hack in late 2013. Predictions of the value being a risky bubble, coupled with a hack of the NiceHash digital currency marketplace’s payment system resulting in the theft of bitcoin to an estimated value of $80m have sent the value of bitcoin downwards again in December. As investors look elsewhere for safer alternatives or the next big thing, and as they become more used to the concept of crypto-currencies, Ripple ethereum and litecoin have benefitted.
Bitcoin has many attractive advantages for businesses such as the speed and ease with which transactions can take place due to the lack of central bank and traditional currency control (Ripple is actually a product of the banks).
Crypto-currencies generally mean easier, faster and more convenient cross-border and global trading, but traditional currencies tend to have the backing of assets or promises of assets of some kind. Crypto-currencies, therefore, tend to be less trusted and more volatile in the markets, and it’s likely there will be many more ups and downs with many different crypto-currencies, although bitcoin has a head start and has weathered storms before. It’s a case of watch this space.
Dodgy Apps in Google Play
Security researchers have discovered 36 fake and malicious apps for Android that can harvest your data and track your location, masquerading as security tools in the trusted Google Play Store.
Hidden
The 36 malicious apps were, on the surface, the kind of security apps that are commonly downloaded by (Android) smartphone users to protect their device and data from cyber attacks and hackers. Ironically, the apps, which had re-assuring names such as Security Defender and Security Keeper, and which performed some legitimate tasks on the surface, such as cleaning junk, saving battery, scanning, and CPU cooling, were found to be hiding malware, adware and even tracking software.
Once the apps were launched, researchers discovered that they would not appear on the device launcher’s list of applications, and the shortcuts would also not be shown on the user’s phone screen.
The malicious app makers are thought to have known that the “hide” function would not work on some devices (e.g. Google Nexus 6P, LGE LG-H525n and ZTE N958St.) because the hide was designed not to run on them. They may also have done this to avoid attracting the attention of Google Play’s inspection / checking system.
False Notifications, Fake Alerts, and Adverts
The fake apps were even found to have been designed to deliver false, often convincing, but sometimes alarming security notifications, warnings and pop-up windows to the user. For example, users would be shown pop-ups to show them that fake security issues had been resolved. Also, if the user installed another app, then it would be reported as suspicious.
Users of these fake apps could also fall victim to an aggressive barrage of advertisements with each action, because the app may have been designed for display and click fraud.
Asked To Sign – But Collecting Data
In some cases, in an abuse of privacy, the malicious apps were found to ask users to sign and agree to an end-user licence agreement (EULA) relating to the information to be gathered and used by the app. In fact, the hidden aspects of these apps were found to be able to collect large amounts of device and user information, such as Android ID, model and brand of the device, screen size, language, location, and data on the other installed apps e.g. Facebook.
Removed
It has been reported that, since the researchers alerted Google to the presence and nature of the apps in December, they have now been removed from Google Play.
Not The First Time
Unfortunately, this isn’t the first time that fake apps have been found in the Google Play Store. Last November, a fake version of WhatsApp, the free, cross-platform instant messaging service for smartphones, was downloaded from the Google Play store by more than one million unsuspecting people before it was discovered to be fake.
What Does This Mean For Your Business?
What is a little shocking about this story is that Google Play is a trusted source for apps, and it is particularly ironic that in this case that users could have downloaded the apps as a security measure to protect them, only to find that they did the opposite.
Although the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Google (in this case) didn’t spot the hidden aspects of the apps.
The fact that many of us now store most of our personal lives on our smartphones makes reports such as these all the more alarming. It also undermines our confidence in (and causes potentially costly damage to) the brands that are associated with such incidents e.g. the reputation of Google Play Store.
To minimise the risk of falling victim to damage caused by fake apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.
It may also be time for Google Play Store to review its systems and procedures for checking the apps that it offers.
Cloud Companies The Next Big Target For Ransomware
The latest Massachusetts Institute of Technology (MIT) Review has predicted that ransomware targeting cloud services will be one of the biggest cyber-crime threats of this year.
What Is Ransomware?
Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.
Huge Data Sources
One of the main reasons why the MIT puts the ransomware aimed at cloud services in the top 6 cyber threats for 2018 is because attacking a single cloud services company can give criminals access to huge amounts of data being stored and handled for multiple companies and organisations.
The MIT predictions, however, point to smaller, more vulnerable cloud providers who are more likely to pay as being a more likely target than the apparently well-protected larger CSPs such as Google, Amazon, and IBM.
Other Big Threats For 2018
Other MIT predictions for more common cyber-crime in 2018 include the targeting of electrical grids, transportation systems and other types of national critical infrastructure, cyber-physical attacks to cause disruption and extort money, and the targeting of old systems in transport modes (planes, trains and ships).
Also, another prediction for increased activity is the hijacking of more computing to mine crypto-currencies, and the resulting (potentially devastating) collateral damage if computing resources at hospitals, airports and other similar locations are targeted.
Evolution of Crime and Protection
The last 3 years have seen a rapid evolution of the threat of things like ransomware. 2016 was a huge year for ransomware attacks globally. For example, Kaspersky Labs estimated that in the 3rd quarter of 2016 a ransomware infection occurred every 30 seconds. Intel Security also reported that infections rose by more than a quarter in the first 3 months of the year.
The massive WannaCry ransomware attack of spring 2017 infected the computers of an estimated 300,000 victims in 150 countries worldwide, many of them large, well-known businesses and organisations (including 16 health service organisations in the UK), and has been a massive Internet and data security wake-up call.
Last year also saw AI used by both attackers and defenders, and MIT predicts that 2018 will see greater machine learning models, neural networks and other AI technologies used on a more regular basis by cyber attackers.
What Does This Mean For Your Business?
Cyber attackers are becoming ever-more sophisticated in their attack methods, using the latest technologies, multi-layered attacks, and the use of social engineering. Ransomware is a popular tool because it is often relatively cheap to create and use, it can spread easily (like WannaCry), the attackers can remain anonymous, and it yields the main motivation for many attacks – financial gain. It stands to reason that CSPs would make an ideal target because of the huge amount of data from many companies that is stored with them.
For individual UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. With GDPR due to come into force in May, there is an even greater motivation to pay attention to data and Internet security, and there is a danger and false economy of staying with old operating systems as long as possible.
In order to provide maximum protection against prevalent and varied threats this coming year, businesses should adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles (‘vectors’) as possible.
Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.
Is Looking At Screens Causing More Short-Sightedness In Young People?
With increasing levels of short-sightedness among young people, some experts have concluded that a young life spent looking at small screens rather than in the great outdoors could be one explanation.
90% Myopic
Studies in East Asia, have shown that a staggering 90% of 18-year-olds, a group that would normally be associated with relatively good eyesight, are suffering from short-sightedness, also known as Myopia.
Also, in Western Europe, studies have shown a rise from 20% to 30% of young (mid-20s) adults being short-sighted to levels of 40% to 50% today.
Natural Sunlight A Key Preventative Factor
Spending too much time in places / situations where there is a lack of natural daylight / direct sunlight is believed by eye experts to be a contributing factor to the development of conditions such as myopia / short-sightedness. This is one of the reasons why experts are focusing (no pun intended) on children’s use of computers, smartphones or tablet computers e.g. to study at home, may go some way to explain the rise in Myopia in young people in recent years.
This has also led some experts to compare the surprisingly high levels of Myopia in East Asian countries with the existence of intensive educational approaches involving technology e.g. very intensive education, spent indoors, out of direct sunlight, studying information close up on computerised devices.
Time Outdoors Is The Key
2008 Research from Sydney Australia, the Sydney Myopia Study (SMS), a population-based study of school-aged children in Sydney, Australia showed that Time spent outdoors was strongly and inversely related to myopia levels. The Sydney-based research showed that only 3% of Chinese-heritage children living in Sydney (who spent two hours a day outdoors) were short-sighted by the age of six. This compared to nearly 30% of six-year-olds in Singapore, and helped to add fuel to the growing body of research and supporters of the idea that the risk of myopia development can be seriously reduced by simply spending more time outdoors e.g. spending two hours per day outdoors, perhaps pursuing sport and leisure activities.
Symptoms of Myopia
Some common symptoms of Myopia to look out for in children include needing to sit near the front of the class to read the board, sitting too close to the television, regular rubbing of the eyes, and suffering from headaches or tired eyes.
Other Ways To Help
Experts suggest that other broad ways to help reduce the chances of children developing Myopia include having a healthy diet, particularly one that includes omega-3 essential fatty acids, and vitamins A, C and E and nutrients, which contribute to the good health of the back of the eye. Also, over-the-counter supplements e.g. those claiming to help brain function and health are good for the eyes too.
What Does This Mean For Your Business?
For businesses where staff use devices for work for many hours of the day, providing information about the risks of looking too long and too intensely at screens could be helpful, as could arranging for some breaks / activities to be spent outdoors in the natural light e.g. perhaps in a team situation / environment and / or with incentives to improve participation.
As parents will know, once a child / young person is used to using their iPad, tablet, it is likely to be very difficult (and potentially damaging to their current social life) to remove it / ban it / reduce its use. Again, informing them of the dangers on a regular basis is important, and / or encouraging and arranging regular outdoor activities e.g. sports clubs or family pursuits / outings may be a good option.
The requirement that young people are proficient at using computerised devices to connect with their peer group and compete effectively with others at school, college, university and work means that the amount of time spent on computerised devices indoors, and consequently the high levels of Myopia development are unlikely to decline soon.