If you need to squeeze the most out of the battery charge of your laptop or tablet, try the Battery Saver feature in Windows 10.
This feature disables unnecessary background functions such as live tile updates and email and calendar syncing. It can also auto-dim your screen brightness. Here’s how to access it:
A type of crypto-currency mining malware has been found to overload an android phone with so much constant traffic that its battery physically bulges and bends the phone cover.
Malware Causing Physical Damage
The Android phone-wrecking Trojan malware, dubbed “Loapi”, was discovered by Kaspersky researchers. In tests, after running it for several days mining the Minero crypto-currency, the android phone used in the test was overloaded with activity (trying to open about 28,000 unique URLs in 24 hours) to the point that the battery and phone cover were badly damaged and distorted by the resulting heat.
The Loapi malware is reported to have been found hiding in applications in the Android mobile operating system.
How It Works
Loapi reportedly works by hijacking a smartphone’s processor and using the computing power to mine crypto-currency.
‘Mining’ refers to the process of completing complex algorithms to get rewards of new crypto-currency units e.g. Bitcoin.
Loapi uses Javascript code execution hidden in web pages (usually via advertising campaigns) with WAP billing to subscribe the user to various services. This works in conjunction with the SMS module to send the subscription message.
What makes Loapi particularly dangerous is the amount of device-attacking techniques present in it, and the modular architecture of this Trojan which means that more functionality could be added to it at any time.
Part Of Trend For Mining Scams
It is likely, therefore, that Loapi is loaded onto an android OS when a user visits a web page website where mining software / mining code is running in the background, without the knowledge of the website owners or visitors.
For the scammer who plants the code, they can use the power of multiple computers / devices to join networks so that the combined computing power will enable them to solve mathematical problems first (before other scammers) and thereby claim / generate cash in the form of crypto-currency.
A report by ad blocking firm AdGuard in October this year showed that the devices of 500 million people may be inadvertently mining crypto-currencies as a result of visiting websites that run mining software in the background.
What Does This Mean For Your Business?
Unfortunately, many cyber criminals are now trying to leverage the processing power of computers, smartphones and other devices to generate revenue from mining crypto-currency. Mining software e.g. Coin Hive, has been found in popular websites, and crypto-currency mining scams are now being extended to target cloud-based computing services with the hope harnessing huge amounts of computing power and using multiple machines to try and generate more income.
The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses, and this new threat of actually having your phone melted by malware adds another level of risk, including that of fire.
There are some simple measures that your business can take to avoid being exploited as part of this popular scam, although it is unclear how well these will work with the newly discovered Loapi. For example, you can set your ad blocker (if you’re using one) to block one specific JavaScript URL, which could stop the miner from running without stopping you from using any of the websites that you normally visit.
Also, browser extensions are available e.g. the ‘No Coin’ extension for Chrome, Firefox and Opera (to stop Coin Hive mining code being used through your browser).
You can generally steer clear of dodgy Android apps by sticking to Google Play, by avoiding cloned apps from unknown developers within Google Play, by checking app permissions before you install them, by keeping Android apps up to date (and by deleting the ones you don’t use), and by installing an antivirus app.
Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.
Embattled Moscow-based cyber security firm, Kaspersky Lab, is appealing against a U.S. Government’s ban on its software on the grounds that it is unconstitutional, and that there is no technical evidence.
What Directive?
Back in September, The U.S. Department of Homeland Security (DHS) issued a Directive ordering civilian government agencies to remove Kaspersky software from their networks within 90 days. Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions (anti-virus software).
Concerns Over Many Years
The U.S. Directive (ban) came after concerns about possible Russian state interference in the U.S. elections, but Kaspersky have long been the subject of suspicion and concerns by western governments.
In July this year, for example, security researchers claimed to have found a way to force the anti-virus product to assist snoops in stealing data from segmented networks (not connected to the wider internet).
Back in 2015, it was also reported that the US National Security Agency and GCHQ had sought to carry out reverse engineering of Kaspersky anti-virus as far back as 2008 to discover any vulnerabilities.
Long-running fears about Kaspersky have also been fuelled by leaks from the NSA through Edward Snowdon (2013), Hal Martin (2016), and by allegations (printed in the Wall Street Journal) that a Vietnamese NSA contractor was hacked on his home computer by Russian spies via Kaspersky.
Earlier this month Barclays bank in the UK emailed its 290,000 online banking customers to say that it will no longer be offering Kaspersky Russian anti-virus because of information and news stories about possible security risks.
The Appeal
A federal appeal has now been filed by Kaspersky Lab appeal under the Administrative Procedure Act against the U.S. Directive to remove Kaspersky software from civilian government agency networks. According to Kaspersky, the DHS has acted unconstitutionally and has violated Kaspersky Lab’s right to due process by issuing Binding Operational Directive 17-01.
Kaspersky Lab argues that the issuing of the Directive was based on no technical evidence, and the company has repeatedly denied any ties to any government and has said that it would not help a government with cyber espionage.
Damage
Kaspersky Lab has publicly stated that the Directive and the wide-scale media coverage and public / business reaction to it have damaged the company’s position in the market. Sales are reported to be down, Kaspersky has announced the closing of its D.C. headquarters as a direct result of the U.S. government’s public suspicion toward its business, and the company’s founder, Eugene Kaspersky, has said that the company has also suffered damage to its reputation.
Submitting Code
As well as strenuously denying the allegations and launching an appeal, Kaspersky Lab said in October that it would submit the source code of its software and future updates for inspection by independent parties. U.S. officials.
What Does This Mean For Your Business?
For businesses using Kaspersky in the UK, it is worth remembering that although Barclays Bank have stopped using the software, and a U.S. Directive remains in place, no actual evidence of wrongdoing related to espionage / spying, or of the company colluding with the Russian state has been publicly provided.
Businesses will need to take an individual view of any possible risks, taking into account the context of a certain amount of paranoia and the recent focus in the media about Russia following allegations of interference in the US elections.
On a technical and security note, it may not be a good idea anyway to remove Kaspersky anti-virus from a computer without immediately putting a suitable alternative in place. Anti-virus forms an important part of a company / organisation’s basic cyber defences and this, and other software should be kept up to date with patches and updates to enable evolving threats to be combated as part of a wider strategy.
Google has announced that Chrome apps for Mac and Windows will no longer be available from the Chrome Web Store by early next year and that they will be replaced next year by Progressive Web Apps (PWA).
Why?
Google has had Chrome-browser supported stand-alone apps on Mac, Windows and Linux since 2013, but back in August 2016 it was announced that Google would be phasing-out these apps because only 1% of users actively used them, and most hosted apps were already implemented as regular web apps e.g. Netflix.
Google, therefore, wanted to simplify its browser and move developers to more standardized web apps, and, therefore, planned to phase out standalone Chrome apps over 2 years, starting with the limiting of newly published apps to users on Chrome OS.
This latest announcement is the beginning of the final phase of that two-year plan.
Why Chrome Apps?
Chrome apps / packaged apps are basically Google’s own web-apps that are able to run offline, in their own window, and integrate with the underlying operating system and hardware.
Google has stated that it originally launched Chrome apps to give users experiences that the web, at the time (2013) couldn’t provide e.g. working offline, sending notifications, and connecting to hardware.
The Replacement – PWAs From APIs
Google’s work to move developers to more standardised apps has led to the introduction of powerful APIs e.g. service worker and web push, to enable the building of Progressive Web Apps that work across multiple browsers. These PWAs (launched earlier this year on Android) are essentially the replacement for Google’s standalone Chrome apps and blur the line between websites and installed software. PWAs will be available on desktops from the middle of 2018. According to Google, the benefits of PWAs are that they offer:
What Does This Mean For Your Business?
It appears that the standalone Chrome apps may have been a welcome introduction back in 2013, but are now not being used because they have been replaced by regular web apps anyway. This announcement by Google shouldn’t, therefore, cause any real concern to most businesses.
Anything that can be done to simplify the use of browsers such as Chrome has to be good news.
The benefits of PWAs are also promising for developers and users, and the possibility of increased engagement and conversions are clearly of interest to businesses.
Cyber-security Company, Pan Test Partners, have warned that schools with building management systems that are linked to the Internet could face the risk of hackers turning the school heating system off – or worse.
The Problem
The problem is that many electricians and engineers may be lacking in knowledge about cyber security and / or may have linked a school’s HVAC system to Internet controls against the manufacturer’s guidelines. Also, many smart school heating systems may have vulnerabilities in them that hackers may find easy to exploit.
Tested
The researchers at Pan Test Partners tested for potential hacking risks by looking for building management system controllers made by Trend Control Systems via IoT search tool Shodan. This online tool (see https://www.shodan.io) provides a public API and enables anyone to discover which devices are connected to the Internet, where they are located and who is using them.
In a test, it was revealed that it took less than 10 seconds to find more than 1,000 examples of a 2003 model of a school heating system known to be vulnerable when connected to the Internet. The visibility of a known vulnerable system via a public website is a clear example that the risk of school heating systems being controlled remotely by hackers is real.
Not Just Schools
The same / similar heating systems may also be used in buildings used by retailers, government offices, businesses and even military bases, thereby highlighting a much wider potential risk.
Incentive
Security commentators have pointed out that there would be very little incentive for hackers to access school systems because many hacks are carried out for financial gain.
The risks could, however, increase in future as more devices and systems become part of the IoT.
What Does This Mean For Your Business?
It is possible that some businesses may be in buildings where the heating systems are exposed to a hacking risk. Risks could be reduced if companies used skilled IT workers who are aware of the potential risks and if systems are checked properly after installation.
To make heating systems really secure they should also be configured behind a firewall or virtual private network, and they should have the latest firmware and other security updates.
It is also important to note that some responsibility rests with the manufacturers of heating and other smart building systems to design security features into them because even if a device is not directly connected to the internet, there may be an indirect way to access it.
This story also highlights the wider challenge of tackling security for IoT devices and products. There have been many occasions in recent years when concerns about the security / privacy vulnerabilities in IoT / smart products have been publicly expressed and reported. The truth is that the extent of the current vulnerabilities are unknown because the devices are so widely distributed globally, and many organisations tend not to include them in risk assessments for devices, code, data, and infrastructure. Home / domestic users have no real way of ascertaining the risks that smart / IoT devices pose, probably until it’s too late.
It has also been noted that not only is it difficult for businesses, including manufacturers of smart products, to ascertain whether all their hardware, software, and service partners are maintaining effective IoT security, but there is also still no universal, certifiable standard for IoT security.
For businesses, it’s a case of conducting an audit and risk assessment for known IoT devices that are used in the business. One basic security measure is to make sure that any default username and passwords in these devices are changed as soon as possible. For home users of smart products (who don’t run checks and audits), it appears that others (as in the case of the German Federal Network Agency) need to step in on their behalf and force the manufacturers to take security risks seriously.
If you want to make sure that you don’t start running out of space on your device, Windows 10 includes the Storage sense tool to monitor and free up space on your device automatically.
Storage Sense can empty the recycle bin every 30 days, and automatically cleaning up any temporary files from on your drives. Here’s how to activate it:
Southend-on-Sea Borough Council is reported to have signed an agreement with tech company Cisco to deploy its ‘Kinetic for Cities’ platform in order to share the benefits of new digital technologies with its businesses and citizens, thereby making it a ‘Smart City’.
What Is ‘Kinetic For Cities’?
According to the Cisco blog, the Cisco Kinetic for Cities platform is a unified IoT platform strategy and a cloud-based platform that helps customers extract, compute and move data from connected things to IoT applications to deliver better outcomes and services. In essence, using sensors, digital management platforms, and analytics programs for all aspects of a city (including solutions for lighting, parking, crowd, environment and others), businesses and citizens can benefit from the effects of urban innovation, sector-specific solutions, city engagement that the technology provides.
Technology Hub
Through the use of the new platform, it is hoped that Southend can become a technology hub, and this can help it to grow and evolve, in line with the rest of the UK and with competition globally. It is also hoped that use of the digital platform could bring smarter, connected experiences for people who live in, work in, or visit the town.
Already Working In Other Cities
Cisco’s Kinetic for Cities platform is already being deployed in other cities such as Manchester (UK) where it is being used to project explore smart transport and CO2 emissions, in Jaipur (India) where it is helping to improve public safety.
How Will It Be Used In Southend?
At the current time, Southend Council looks likely to use the Kinetic for Cities platform for initiatives such as pilots relating to community safety e.g. building an intelligence hub with IP-based public safety systems for use with CCTV and advanced video analytics.
Also, there are plans to use the platform to help with traffic and parking management, easing of congestion, using the IoT to help monitor improve air quality, and to help manage energy better and bring down consumption, thereby reducing costs and helping the environment.
What Does This Mean For Your Business?
It has taken a long time for many of the potential benefits of the IoT to be realised, or for the IoT to be deployed in a more meaningful and beneficial way than in smart household gadgets. Using technology for the benefit of a whole town / city in this way represents a new kind of rapid regeneration which has the potential to benefit many more citizens and businesses than individual physical projects. Improving a whole town, and how efficiently it functions and how effectively it serves those who work and visit it in terms of experiences and opportunities can only be of benefit to locally based businesses, and can create an environment where businesses are better equipped to compete nationally and globally.
As Three becomes the first network provider in the UK to launch a tariff that lets its customers use unlimited streaming services without it affecting their monthly data allowance, some media commentators are concerned that more streaming services of this kind could lead to more piracy.
Streaming & Stream Ripping
Streaming is the real-time transmission of data (e.g. audio and video) over the internet to computers and mobile devices. Stream ripping is the process of using software to turn that streamed data (music and video) into files so that they can be watched / listened to offline on computers and phones. Stream ripping is possible because music and video streaming services have urls, and there are now many freely available programs to download that can stream-rip content.
What’s The Problem?
The problem is that films, video and recorded music are covered by copyright and intellectual property laws. Although many people are happy to pay to use legal streaming services in the form they are delivered such as Netflix and Spotify, stream ripping and the storage and distribution of the ripped files infringes those laws and is technically piracy.
According to research by the Intellectual Property Office (IPO) and PRS for Music, usage of stream-ripping sites increased by 141.3% between 2014 and 2016, thereby making them more popular than all other illegal music services. The same research showed that in September 2016, these sites were used 498,681 times to pirate music in the UK
Who?
According to the IPO and PRS, research 15% of UK adults are now using these illegal services, with 33% of them being in the 16-24 age bracket.
Why?
According to the research, the most popular reasons given for using stream-ripping include a belief that music was already owned by users in another format (31%), simply wanting to listen to music offline (26%) and on the move (25%), not being able to afford to buy the tracks legally (21%), and believing that music is overpriced (20%).
The Three Deal
There is no suggestion that the new Three ‘Go Binge’ service is causing or contributing to piracy. The fact is, however, that it is an unlimited streaming deal for data-heavy users averaging 6GB a month. It is conceivable that without Three imposing their own security measures, Go Binge could be used for stream ripping.
What Does This Mean For Your Business?
This story illustrates how difficult it can be in an online world to prevent publicly available content being shared for free, and how creative industries continue to suffer from not being able to find effective ways to get monetary rewards for recorded output or to make consumers comply with the law. In a share-everything-online world where users are used to content being free, copyright and intellectual laws are often either not widely known about or are ignored and circumvented in a kind of mass diffusion of responsibility due to the large numbers of people who are doing it without penalties.
The increased take-up of legal streaming services in recent years is, however, more promising but it is clear that more measures need to be taken, perhaps by companies offering streaming deals, to make sure that stream ripping is not taking place.
Google’s has awarded €706,000 ($800,000) to the UK’s Press Association (PA) so they can develop robot reporters or news-bots that can generate 30,000 articles a month
Digital News Initiative
The funding is part of Google’s €150m Digital News Initiative, a three-year program in support of European journalism using technology. The initiative is in its third and final year, and lis looking to provide funding for 7 projects in 27 countries.
Codenamed RADAR, or Reporters and Data and Robots, the Press Association project is a joint effort with Urbs Media, a UK startup specialising in automated data journalism.
Why?
On the one hand, this is an effective and less labour-intensive way to satisfy the demand for more news. Some sceptics, however, have noted that the initiative could be a handy way for tech and advertising giant Google to help websites to get more readers and thereby gain more advertising business and revenue for itself.
On its website, the PA has issued a statement about RADAR’s role in meeting the growing demand “for consistent, fact-based insights into local communities, for the benefit of established regional media outlets, as well as the growing sector of independent publishers, hyperlocal outlets and bloggers.”
Natural Language Processing Software
For the news bots to generate information and stories, natural language processing software will be used on a grand scale. The PA and Urbs Media will reportedly select a team of five journalists to identify, template, and edit data-driven stories. These journalists will apply the code to publicly available government databases to churn out stories.
Hope For The Local Press
This comes at a most opportune time where Britain’s hard-pressed and diminishing local press need to meet the demands for more and more page views, as well as filling spaces in print. PA Editor-in-Chief Pete Clifton has reportedly acknowledged the usefulness of RADAR in terms of cost-effectiveness in providing incisive local stories, and the fact that, although skilled human journalists are still vital in the process, local media would find it very difficult to produce articles in the numbers necessary with the limited number of journalists that they have.
Not Just The Press Association
Although the PA received the largest grant of UK recipients, Google also gave funding to other organisations as part of the initiative. These include Wikipedia (€385,000), City University (known for its popular journalism school (€335,113), fact-checking body ‘Full Fact’ (€300,000), owner of various computing titles ‘Dennis Publishing’ (€160,000), and Al Jazeera (€50,000).
News Bots Already Used In Some Countries
News bots are already being used by some media companies. In China, for example, Xiaomingbot generated hundreds of stories for last year’s Rio Olympics, and The Los Angeles Times’ own news bot, Quakebot, recently made headlines when it generated news of an earthquake off the coast of Santa Barbara, California.
What Does This Mean For Your Business?
This kind of initiative is another example of how many businesses are finding ways to promote and harness the power of technologies such as AI to help meet demand, particularly where services e.g. customer service, are concerned, in a cost effective, value adding way. It is also an example of how automation is beginning to be used to replace human jobs.
Research firm Gartner, for example, estimates that up to 85% of customer service centres will become virtual by 2020 e.g. by using more bots, and Facebook announced last April F8 that anyone can now make their own bot using Facebook’s application programming interface (API) known as ‘Messenger Platform’.
Also, in March this year, a report by PwC claimed that over 30% of UK jobs could be lost to automation by the year 2030. How much automation and what kind of automation individual businesses adopt will, of course, depend upon a cost / benefit analysis compared to human workers, and whether automation is appropriate and is acceptable to their customers.
After security inspections of Kuwait Airways by US officials and the implementation of new security measures for US-bound flights by Royal Jordanian, the two carriers were allowed to lift the ban on laptops.
What Ban?
Back in March, the UK and US governments introduced a ban on taking laptops and tablets on planes as cabin baggage on flights from selected Middle East and North African Countries. The stated aim was to reduce the risk of concealed bombs being taken on board passenger aircraft.
For the UK, the ban was set to cover all flights from 6 countries: Egypt, Turkey, Jordan, Saudi Arabia, Tunisia and Lebanon. This means that 14 airlines, including British Airways and Easyjet, have been affected by the ban.
For the US, the ban has covered all flights from 8 countries: Turkey, Morocco, Jordan, Egypt, the United Arab Emirates, Qatar, Saudi Arabia and Kuwait, and the ban (up until now) has affected 9 airlines.
Kuwait Airways & Royal Jordanian
The ban has been lifted for Kuwait Airways and Royal Jordanian after both carriers reportedly worked with US officials in tightening their security measures for flights from Kuwait and Jordan. Kuwait Airways flies from Kuwait to New York via Ireland, while Royal Jordanian flies to three US cities from Amman, Jordan.
More Airlines Last Week
Last week, Etihad, Turkish Airlines, Emirates, and Qatar Airways became exempt from the ban. Meanwhile, airlines in Morocco, Egypt, and Saudi Arabia have not yet announced the lifting of the ban.
Saudia
Saudia, the flagship carrier of Saudi Arabia, has announced that, as from 9th July, passengers will be able to take personal electronic devices on flights bound for the US.
Royal Air Maroc, the flagship carrier of Morocco, is reported to be confident that they too will be able to have the ban lifted on their flights out of Casablanca by the same date.
Tighter Security Announced Last Month
Last month it was reported that the US Department of Homeland Security had announced plans for stricter passenger screening and other tougher security measures for all commercial flights entering the United States. The new rules look likely to affect around 2,000 flights a day from 280 airports in 105 countries. The rules have, however, fallen short of banning laptop computers and e-readers in carry-on luggage for all.
It is believed that as well as screening laptops and other personal electronic devices, the new measures may include more vetting of travellers, more explosive-sniffing dogs, greater exchanging of terrorist watch lists, and putting more systems in place to prevent insider attacks (by airline employees).
What Does This Mean For Your Business?
Although some airlines have enjoyed a relaxing of the rules, many are still being affected by the ban. For airline businesses, the continuation of the ban and the tightening of rules for the majority could hit profits by affecting passenger numbers, could increase baggage scanning and security costs (particularly at smaller airports), and could negatively affect customer satisfaction levels.
For business travellers, the ban can mean lost time where work could be done e.g. on the laptop during flights. The ban can also mean the hassle of having to find other means of entertainment on long flights, and perhaps having to suffer more distractions from other passengers who cannot use their electronic devices e.g. children.
For many travellers, the ban can mean greater disruption as a result of increased waiting times at security, and some commentators have also pointed out that there is the potential for electronic devices stored in the baggage hold to be damaged or lost, and this could have insurance implications. Other critics have also pointed out that forcing people to put laptops in cargo holds could pose other dangers because the lithium batteries could start fires.
The recent general tightening of the rules for flights entering the US (at a particularly busy time of year) have been criticised too for not having a great enough degree of collaboration and coordination to avoid the operational disruptions and frustrating consequences that could result from them.