Tech Tip – Get Microsoft Edge on Android
With the Microsoft Edge browser for Android you can Sync passwords, favourites, and exchange data between your PC and Android phone. Here’s how to set it up:
- Download the Microsoft Edge App e.g. from Google Play Store or get a download link from https://www.microsoft.com/en-us/windows/microsoft-edge-mobile
- Install the app.
- Open the app – if asked if you want to use your Microsoft account, if you want to sync with Edge on your Windows PC say ‘yes’ or choose the Continue as [your email] button.
- If you don’t have a Microsoft account, or don’t want to link it up yet, choose the Use another account option, or tap Skip for now.
- With the next step, choose whether you want to share your browsing history or not.
- Once set up, from the home page, tapping the microphone icon allows voice search, while the square with a line running through it will open the built-in QR reader.
- Look at the top right corner, star icon with three lines sticking out of its right side – tap this and it opens up a new page with several icons across the top. From left to right they are Favourites (bookmarks), Reading list, Books (a new feature), History, and Downloads.
- Tapping the X on the far right will bring you back to the Home page.
Serious Bug In Apple Mac OS Discovered
Apple is reported to be urgently working on a software update after Turkish developer Lemi Ergin publicly reported a simple but serious bug in its Mac Operating System.
MacOS High Sierra Affected
The bug was discovered in the most recent version of MacOS High Sierra. It has been reported that, by entering the username “root”, and leaving the password field blank, and hitting the enter key several times, a user is granted unrestricted access to powerful administrator rights on the computer.
Troubleshooting Feature / Serious Threat
Even though Ergin is credited with finding the bug (and has faced criticism for going public about it), it is reported to have actually been mentioned on an Apple support forum more than two weeks ago as a possible useful feature for troubleshooting rather than as a serious security threat.
What Can Be Done?
If a person were to access a computer using the flaw they could potentially read and change the files of other users on the same computer, or as superuser they could delete crucial files or install malware.
Can’t (Typically) Be Done Remotely
The fact that the enter key has to be hit several times means that a person would really need physical access to the computer in order to exploit the bug. If, however, a person has been granted remote access to the computer e.g. for tech support, the bug could technically be exploited that way.
Insider Threat?
A malicious attack or breach from within a company by a person with physical access to computers is a real possibility for businesses and organisations. For example, where ‘malicious’ insider threats are concerned, research (Egress) shows that that 24% of workers have purposely shared information with competitors or new and previous employers and other entities. Insider leaks, breaches, and other threats can undermine company efforts to comply with data protection laws and protect competitive advantage, and can leave companies open to huge financial risks, loss of customers, and damage to their brands.
Criticism
Other security experts / commentators have been quick to criticise Mr Ergin for apparently not following the responsible disclosure guidelines typically observed by security professionals i.e. notifying Apple of the flaw first, thus giving them a reasonable amount of time to fix it before going public.
Patch On The Way
It has been reported that Apple is working on a software update / fix for the bug, and in the meantime, Apple has offered users a temporary workaround.
What Does This Mean For Your Business?
If your business has Apple Macs with MacOS High Sierra, and if you are too worried to wait for the patch, the workaround allows the Root user to set a password. Instructions for the workaround can be found on the Apple support site here: https://support.apple.com/en-us/HT204012 .
Only last month Apple released a supplemental update for MacOS High Sierra which incorporated various bug fixes for Macs.
This story illustrates how new software / operating systems are often released with bugs in them, many of which are usually discovered by security researchers, but it is worrying that users have been left vulnerable in this case to fairly serious threats by what is a simple (some would say embarrassing) fault.
Small Businesses Get New OS MasterMap® Data
The government has announced that its new £40m Geospatial Commission will start its strategy of releasing more of the location data held by public bodies to help businesses and boost economic growth, by giving small businesses free access to OS MasterMap® data.
The Commission
It has been announced that the new £40m Geospatial Commission, sitting under the authority of the Cabinet Office, will release Ordnance Survey location data first to help boost business for small companies.
What Is Geospatial Data?
Geospacial data in the context of this article refers to augmenting a geographic map with other data specific to points on that map, thereby enabling the added value of observations, analysis, and planning. It was first used in 1854 by John Snow, who plotted each cholera death in London’s Soho on a map, and from the mapped points was able to isolate a specific water pump as the source of the disease, and thereby prove his theory that cholera came from contact with sewage-contaminated water rather than being airborne.
Budget
The announcement was made in Chancellor of the Exchequer, Philip Hammond’s latest budget.
The wider intention is that Geospatial Commission will draw on public and private sector expertise to develop a strategy for releasing more of the location data that is currently held by HM Land Registry, the Ordnance Survey, the British Geological Survey, the Valuation Office Agency, the UK Hydrographic Office and the Coal Authority.
The Commission will attempt to improve the links between and quality of the data held by the agencies and bring together and make it available to the public and private sector. The Commission will also aim to make more geospatial data available for free (without restriction), set regulations and policy for public geospatial data, hold the individual bodies to account for delivery against the geospatial strategy, and provide strategic leadership.
The first stage of the 2 year strategy is to find a way to give small businesses free access to OS MasterMap® data.
What Is OS MasterMap®?
The OS MasterMap® is the database that records every fixed feature of Great Britain larger than a few metres in one continuous digital map. The map has different layers e.g. the Greenspace Layer (showing accessible and non-accessible green-spaces in urban areas – used to improve health and environment initiatives), and the Topography layer (to help with decisions about assets, services, environmental risks, customers and operations).
How Will This Help?
Giving open access to OS MasterMap® (for small businesses first) will remove the legal barriers that currently limit the availability of other data e.g. foreign ownership of land, locations of parking spaces, house prices or business addresses. This will then give businesses access to the kind of data that is essential to understanding and tackling housing and transport challenges. More data about an area can make it easier to find land for house-building, and enable the development of services that improve vital infrastructure, and can help businesses to make better, more informed decisions about projects.
Opening up access to government-held geospatial data could, therefore, stimulate innovation in the wider economy, boost jobs and make savings, as well as transforming information delivery and citizen engagement.
Example From Housing
The UK is in the midst of a housing crisis, particularly in social housing. Decades of failure to build enough new homes means that the UK is struggling to accommodate its growing population. The relatively small number of homes that are being built are generally not suitable for first time or low-income buyers, or the rental market.
It is thought that geospatial data could be used to accurately, and remotely survey sites with information instantly available to virtually design houses bespoke to customer needs e.g. using prefabricated housing factories across the UK. The geospatial data could help quality factory built houses to be delivered right-first-time, on time and to budget.
What Does This Mean For Your Business?
Opening up the many layers of government data and linking it to highly detailed digital maps can give businesses, particularly those involved with housing and infrastructure, the knowledge and tools to innovate, save money, and find new business opportunities.
A boost for the housing market is good news for the economy, and if (as the government suggests) that the wider economy will get a boost from the work of and the investment in the new Geospatial Commission, then this is good news for all businesses.
Since small businesses account for 99.3% of all private sector businesses, and SMEs account for 60% of all private sector employment in the UK (FSB), opening up the OS MasterMap® to small businesses seems a sensible first move in the Commission’s strategy.
Government Could Use Blockchain To Verify Your Identity
A report by the educational charity and think tank ‘Reform’ has suggested that Blockchain technology could be used by the UK government as a more effective, efficient, and modern way to provide verification of the identities of citizens.
What Is Blockchain?
Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.
Blockchain technology operates using the IBM cloud and is powered by Hyperledger Fabric 1.0 of Linux Foundation. The developers of the Blockchain system say that the trust between participants is not necessary because trust is embedded in the system itself, and that access to all relevant information is available to participants.
Blockchain is the same technology behind the crypto-currency Bitcoin, and it is now being applied to multiple industries and sectors.
What’s The Issue?
The underlying issue for the government is that there are people living and working in the UK without a legal identity, thus making it difficult to monitor births, deaths, work, taxation and migration.
Also, there are many different government departments which hold different and even contradictory versions of a person’s identity to a user-stored identity.
There is also the issue that individuals don’t currently have access to their public service identity and, therefore, lack control of it, and can’t authorise who can see it.
It is thought that among other benefits, a Blockchain-based system could shift more control from the government to the user.
Problems With The Current System
The Reform report argues that the current identity assurance platform, Gov.uk Verify, is not working as well as it could because of low uptake and departments such as HM Revenue & Customs (HMRC using their own service – Government Gateway).
It has been reported that with Verify, departments often have to request and check additional data because Verify doesn’t always provide enough information, and the new system also struggles to match information with legacy systems.
First Suggested Last Year
The idea of using Blockchain to help with identity verification was first publicly voiced by the government last August in relation to passports. The fact that nearly 20,000 British passports were either lost or stolen in 2016, and the resulting identity theft, coupled with the delays caused by inefficient passport checks led the government to think about the advantages of Blockchain.
With Blockchain passports, for example, personal information could be encrypted and stored digitally on a smartphone accessible via fingerprint scanning. This could allow fast access through the border if verified alongside biometric information. A Blockhain passport of this kind could also reduce the risk of identity fraud and the information being lost or stolen.
What Does This Mean For Your Business?
From the government’s point of view, a Blockchain app built across government departments, and acting as a layer on top of current databases, could be a more effective, efficient and secure way to verify the identities of citizens, make sure all databases have the same information and are automatically updated, and give us more control over who can see our identity details and in what form.
For governments, businesses, and organisations around the world, Blockchain is providing many exciting new opportunities. Dubai, for example, has committed to putting all of its documents on Blockchain in the next few years and has founded a public-private initiative called the Global Blockchain Council to foster the development and use of Blockchain technology in and between local government teams, local businesses and international start-ups.
As well as finding uses in the financial, legal and public sectors, recent real-world examples of how Blockchain is being used include:
- Using the data on a Blockchain ledger to record the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates. The ‘incorruptible’ aspect of the Blockchain data gives a clear record of care and responsibility along the whole supply chain.
- Using an IBM-based Blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
- Shipping Company Maersk using a Blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
- Start-up company ‘Electron’ building a Blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.
- Australian start-up Zimrii developing a Blockchain-based service that allows independent musicians to sell downloads to fans, distribute the proceeds between collaborators, and allow interaction with managers.
Blockchain clearly has huge untapped potential for all kinds of businesses and could represent a major opportunity to improve services, and effectively tackle visibility, transparency and efficiency issues.
Bitcoin Value Tops $10,000
The crypto-currency Bitcoin has now reached a record high of $10,000 (£7,462) after only trading at $1,000 at the start of the year, with some experts saying it’s got further to climb.
What Is Bitcoin?
Bitcoin is a digital web-based currency that operates without the need for central banks and uses highly secure encryption (a crypto-currency) to regulate the currency units and to verify transfers of funds. Bitcoin, which was first produced in 2009, uses the ‘Blockchain’ technology. Blockchain is an open and programmable technology that can be used to record transactions for virtually anything of value that can be converted to code and is often referred to as a kind of ‘incorruptible ledger’.
There are approximately 15 million Bitcoins in existence with a value that is estimated to have surpassed $167bn. In order to receive a Bitcoin, a user must have a Bitcoin address i.e. a ‘purse’ (of which there is no central register).
Surge In Value
Bitcoin may have experienced a surge in value over this year as a whole but the rise has been by no means smooth. The crypto-currency first managed to reach a value of $1,000 in late 2013, and after a volatile general rise found itself valued at $1,000 again at the beginning of this year.
The surge in the last part of this year has been attributed to many to factors such as:
- An announcement this month that CME Group, a US-based derivatives marketplace operator, plans to launch a Bitcoin futures product in the very near future.
- The suspension of the Segwit2x project. The project aimed to create the SegWit2x Blockchain (the underlying code of Bitcoin), and a new currency referred to as B2X. The idea was to alter the underlying code to enable more transactions, but in practice software bugs and a lack of popularity that risked splitting the community has meant that SegWit2x has been shelved for now.
- A growing awareness of Bitcoin and its benefits, and of the general rise in its value over time boosting confidence in the crypto-currency and its value.
Bumps In The Road
Bitcoin has experienced many high profile bumps in the road on its rise in value. These include a decision by China to stop exchanges from trading in the crypto-currency earlier this year.
Crypto-Currencies Generally More Popular
The success of Bitcoin has helped to boost the popularity of virtual currencies generally. One example is Ethereum which was worth $10 at the beginning of the year and is now worth $480.
Crime Link
Bitcoin is often the currency that ransomware scammers request their victims to pay with because of the anonymity that it offers. Some currency commentators have even suggested that the recent surge in the value of Bitcoin is partly because European banks may be buying Bitcoin to pay off ransomware as a short-term way to deal with cyber-security.
What Does This Mean For Your Business?
The rise of crypto-currencies, such as Bitcoin, to the point where it was finally being taken up by investors, businesses and governments, has been filled with high profile ups and downs e.g. a fall in its value on the Tokyo-based Mt. Gox exchange following a hack in late 2013.
Despite its problems and bad press, in recent years, Bitcoin has shown a general decrease in volatility. 2017 has also actually seen a lot of optimism for the crypto-currency, which reached a point back in January where its worth was around the same value as that of a FTSE 100 company.
Bitcoin has many attractive advantages for businesses such as the speed and ease with which transactions can take place due to the lack of central bank and traditional currency control. Using Bitcoin also means that cross-border and global trading, and on the back of this latest milestone reached, it looks likely that the rise of Bitcoin is not over yet.
GDPR Could Increase Hackers Ransoms
A researcher has suggested that the GDPR fine structure could lead to cyber-criminals being given price points to set their ransoms at because now they know how much money they should be asking.
GDPR
The EU’s General Data Protection Regulation (GDPR) comes into force 25th May 2017. As part of the enforcement mechanism, a fine structure has been published to encourage compliance with the Regulation. The fine structure for GDPR is actually tiered depending upon the scope of the violation, but it has been published and widely publicised that lesser violations will attract fines of 2% of global turnover, and more serious violations will attract fines of up to €20 million, or 4% of their global turnover (whichever is greater).
Price Point Provided
Researcher Mikko Hypponen has made the point, therefore, that these figures could give cyber-criminals who are using ransomware, or hackers stealing data, a price point to set the ransom at because now they know how much money they should be asking.
Hypponen argues that because the criminals know what data is worth / what covering-up a data breach may be worth to some companies (probably large, well-known ones), these companies may be actually willing to pay anything less than the full amount of the fine to avoid serious damage to their reputation, loss of customers and more.
According to Hypponen, ransoms could, therefore, be set at up to 2% or 3% of the targeted organisation’s global annual turnover. This could equate to millions of dollars in some cases.
Not So Far-Fetched
Taking one recent incident as an example, Hypponen’s predictions may not appear too far-fetched. HBO network was hacked and the hackers are reported to have demanded $5.5m for the release of the stolen data. Even though this sounds like a very large sum, it is still less than 2% or 3% of the company’s 2014 annual revenue.
It is certainly possible that some companies would pay a ransom to keep a breach quiet as Uber were recently reported to have paid hackers $100,000 to delete the data from a hack that took place 2 years ago, and to keep quiet about it.
Hypponen has, therefore predicted that, after the introduction of GDPR on May 25th 2018, companies (particularly large turnover ones) will be targeted by hackers for personal information, and will be given ransom demands that are close to GDPR fine levels.
Taking Advantage of GDPR
Another prediction of how cyber-criminals may use GDPR to their advantage is by hackers / scammers stealing data with advanced ransomware and then blackmailing the victims with the threat of reporting them to the data protection commissioner. This is because ransomware can affect the availability, access, and recovery of personal data. These things, as well as passing personal data to hackers via the ransomware are technically serious breaches of GDPR by the victim company.
Ransomware
As well as hackers stealing data directly, ransomware is fast becoming the most popular way for cyber-criminals to make money, and is likely to be a greater threat after GDPR. The fact that it is automated and doesn’t require any special user rights to operate it makes it a popular choice, and an ideal way for criminals to sell data to the highest bidder (which is often the victim company).
Bitcoin Store
There are even reports that large companies / corporations and banks have been buying up stores of Bitcoin as a short-term way to deal with data breach / ransom-based cyber attacks.
What Does This Mean For Your Business?
Where GDPR is concerned (especially with the pressure of the approaching deadline) many companies are seeing it as an opportunity to address possible data security / privacy loopholes that could leave them at the mercy of cyber attackers anyway, and to expand their ability to manage the use of data.
GDPR could even be viewed as a way of developing a global standard for data protection, which could be an opportunity for businesses to offer products and services worldwide that comply with this standard.
Quite apart from GDPR, businesses and organisations of all kinds should be trying to continuously improve their cyber resilience anyway.
Ways that companies could protect themselves against hacking / ransomware threats include only giving users access to what they need and taking away admin privileges, backing up all critical files effectively and securely, and testing those backups to make sure that information can be restored in a usable form.
One way in which companies could test their response to a live ransomware Trojan in their network is to plant dummy files in the network that should never be touched by legitimate users and act as alarms.
Companies and organisations should also make sure that they have workable Business Continuity and Disaster Recovery Plans in place, and to be aware that paying hackers does not guarantee the return of stolen data, and could increase reputational damage if the public see this as a way of trying to hide a breach.