Feed aggregator

FTC and Apple Sue Qualcomm for Cell Phone Standardization Skullduggery, Part 3: Determining SEP Reasonable Royalty

IEEE Micro - Fri, 03/16/2018 - 20:55
This article, the third in a multipart series, describes and comments on the relief that the courts award in cases involving standard-essential patents (SEPs)—the law that courts have established on how to determine a reasonable royalty—in particular, a royalty on reasonable and nondiscriminatory terms (RAND royalty) for a SEP.

FTC and Apple Sue Qualcomm for Cell Phone Standardization Skullduggery, Part 2: Apple’s Claims

IEEE Micro - Fri, 03/16/2018 - 20:54
This article, the second in a multipart series, discusses Apple’s complaint against Qualcomm—namely, that Qualcomm breached its contract to pay Apple a billion dollars in rebates, and engaged in anticompetitive practices injuring Apple.

The 'End-to-End Management' mentality: how to achieve GDPR compliance across the board

IT Portal from UK - Fri, 03/16/2018 - 12:45

Data regulations, and the increased sensitivity around data capture, storage and security are not a new concept but there are nuances of how this is handled and executed across the world. With the General Data Protection Regulation (GDPR) just around the corner, we will soon see the enforcement of a harmonised set of data protection requirements throughout Europe, created to strengthen data protection for individuals residing in and around the European Union (EU). 

With a matter of weeks until the GDPR falls into place, many organizations may still be wondering how to best use this time to achieve compliance. According to one recent PricewaterhouseCoopers survey, 89% of organisations affected by the impending regulations are still unprepared for the upcoming changes. One of the largest challenges facing businesses is how best to implement the appropriate behaviours and standards required. 

How can you ensure your organisation’s practices and policies will meet the required regulations?   

GDPR will act as a shining spotlight on your organisation’s approach to data and to security 

GDPR will place strict requirements on the way a business handles the personal data of EU residents – whether this is in the form of marketing records, purchase information or preferences data. For companies that collect personally identifiable data, a full review of organisational and technical processes around data will be required, with the appropriate adjustments then made to avoid financial penalties.

The ICO has provided basic guidelines on how best to secure your systems based on the level of risk you face and how much sensitive data you hold. The less segmented your information storage, or the more personal the data is that you are collecting, the more stringent and complex requirements you have to meet.   

Regulations are vague at this stage, but the headline is clear – if you do not have awareness of where your data is, how it is organised or whether it is segmented clearly, how can you ensure the safety of your data contents? 

A full end-to-end assessment of what data you have across the board and from where, (and that you have the appropriate controls in place) is key, but this is often a complex task requiring research of both internal and external data capture.   

Here are our recommendations for promoting and ensuring an end-to-end mentality in GDPR compliance: 

1. Protect your systems from unauthorised access 

Your business cannot expect to comply with GDPR without full visibility of your IT assets and what you are using to process, transmit, analyse and store data.  In addition, all the technologies involved in digital transformation— such as cloud computing, mobility and IoT — have blurred traditional network perimeters. This can make IT environments hybrid, distributed and decentralised, difficult to locate, let alone protect. 

However, complete visibility of your IT environment with a full and detailed inventory is key. The assets that you do not know about are the ones that pose the highest risk.    

With full visibility of your IT and networks, you can prioritise your efforts to secure these systems against data breaches. This can ensure you have the appropriate security and compliance controls in place. A cloud-based IT asset inventory system that automates collection and categorisation of data can enable you to gain full visibility of your IT assets in one place, allowing you to monitor and protect customer data accordingly.   

System protection is not just about IT controls and procedures but also people. For GDPR, this means making sure your teams go through security and privacy awareness training to understand fully their responsibilities in this regulation. This should ensure everyone is aware of what can and what can’t be done around GDPR, and your business must demonstrate that a continual awareness programme to this effect will remain in place. In addition, having ways to record if or when data is accessed is key – data can be vulnerable to hackers and malicious attacks, but it can equally be open to internal abuse and misuse too.    

2. Assess your third parties

A full vendor risk assessment should be undertaken ahead of the GDPR deadline to not only ensure you are aware of who is handling your data, but how your third-party suppliers will choose to store the data (if appropriate) and more importantly how they will manage the impact of a data breach. Your business will only be as GDPR compliant as any other companies you work with that handle your data. 

For example, if your third-party is late informing you of a data breach, you won’t be able to provide your notification onwards to the end-user or regulatory board in time, making your company liable and prone to a penalty. 

Once you have undertaken your assessment, you must also make time to undertake further and regular checks against your vendors and third-party suppliers. This will ensure you have full visibility of any changes to your supplier network but also to determine whether your technical controls for the protection of data are being adhered to as you move into the future. Should any failing arise, these can be addressed quickly.   

This can be a manual, intensive exercise, using emails and spreadsheets which can be slow, imprecise and labour intensive, straining IT teams. A cloud-based solution, built for scale and ease of access, will both allow you to build a custom questionnaire that meets your needs but also captures vendor assessment information in one place. In short, you must demonstrate due diligence and assess your third parties’ GDPR compliance levels as well as your own, today as well as into the future.   

3. Test your Incident response

Under GDPR, all companies must report any instance of a data breach within 72 hours of discovery. Test your incident response and data breach plans to make sure you can identify a breach quickly. Having the appropriate detection tools in place can mean the difference between a large-scale attack and preventing one.   

Threat hunting relies on a thorough knowledge and visibility of your organisation’s IT environment. Traditional approaches for detecting breach activity, including signature detection, can often allow both known and unknown variants of malware to go undiscovered and unmitigated for months, and are blind to non-malware attacks, leading to costly and damaging breaches. With a single view of vulnerabilities across the network, you can act and prioritise each threat accordingly, locating any issues and remediating accordingly. 

Under GDPR you are responsible for checking that any third party is following your data practices. You must also have the appropriate channels in place to communicate the right information to your data owners and security officers where appropriate and be able to implement your breach notification requirements as soon as possible.   

4. Ensure you remain compliant 

Companies have to take into account the size of their EU presence, the type of data they collect and the scope of their business operations; depending on these factors, reaching full compliance can take a few months or several years so a forward-facing attitude is key, particularly with GDPR only a matter of weeks away.   

For any new applications, it is important to build a security and privacy mindset into these immediately. Ask yourself about the data you will collect in the future, the risks associated and how best to implement the technical and security controls in place to prevent accidents. For existing applications, there is still time to bring these up to speed. Ongoing assessments are key to remain compliant as well as a thorough understanding of what you own and where.   

Some of the guidance around GDPR requirements is vague. In general, this should encourage you to implement due diligence and promote future security by design by building these steps into your overall approach to data. For existing applications, you still have time to bring these up to speed and to add additional controls to meet the GDPR compliance requirements. However, the outstanding message is clear – GDPR is very close, and if you don’t comply you risk facing financial and operational consequences.    

Darron Gibbard, Managing Director, EMEA North at Qualys 

Image Credit: Docstockmedia / Shutterstock

Five lessons for startup CEOs from someone living it right now

IT Portal from UK - Fri, 03/16/2018 - 12:15

Starting a new business is exciting, stressful, liberating, terrifying, and yet always comes with a sense of fulfilment. There is no question that there is little in life quite as extremely satisfying and rewarding. I know this because that’s exactly how I felt three years ago when I started TruBe and still feel the same now. We have gone from an idea on a pad to becoming London’s leading personal fitness app. The three years have gone incredibly quickly and despite being a significant period of time, in business terms, we’re very much still a start-up. The ‘bit’ before you launch a business, when others tell you it is too early, when you begin to question whether you are truly ready for such responsibility, feels a lifetime ago, but I’m very much in the thick of it. The reasons to launch a start-up are far-reaching and diverse, much like the nature of the hundreds of start-ups I’ve met since I began this journey. For me, it was dream opportunity to connect people and improve the fitness of busy Londoners. Something dear to my heart. Something I think is important and also somewhere I saw an opportunity.      

While it is understandable that starting a new business can be an overwhelming task, entrepreneurs should not be scared by taking on the challenge. It is a chance to embrace change and make their mark on society through hard work and sheer determination.   

While talking to a group of young female entrepreneurs recently, it struck me how worried they were about failing, putting a lot of pressure on themselves to do everything perfectly. We need to re-work this mindset. Yes, we all want to run a successful business, but I think the fear of the unknown is stopping many entrepreneurs, especially women, reaching their true potential and achieving their goals. We must teach ourselves to embrace the unknown and see it as an opportunity to thrive. The unknown, that leap of faith is not something to fear, it something to embrace. When we let go of our inhibitions regarding what we expect from our professional life, I truly believe we, as entrepreneurs will thrive.    

Looking at the success rates of new startups in the UK, I can see that the facts are not always on our entrepreneurs’ side. The  Office of National Statistics,  reports that startup failure rate in the UK has increased to 11.6% in 2016 compared to 10.5% in 2015. This should not put entrepreneurs off, in fact it should drive them to succeed and push to do better. Throughout the last three years, I have learnt a lot of lessons and I hope that sharing my insights here will help other budding entrepreneurs have the confidence to start their own business. I am also still learning. I am, as per my earlier comment – still a start-up CEO. I’m feeling, seeing, living and facing the same challenges as many people who will (hopefully!) read this. So, these lessons are ones I’ve learned, but also ones I’m still understanding! 

Lesson #1: Learn how to adapt 

I grew up travelling a lot, this has taught me how to adapt quickly to the environment around me and to be strong and face any challenges I encounter. I can’t stress enough the importance of this quality. The business world is constantly changing, and we need to keep up with that. At TruBe, we always look for new ways to improve our service. We don’t always wait to see a change a react to it, we try to lead the way and shape those changes.   

Lesson #2: Know your market 

If you asked any business owner, they will tell you that the key to a successful business is creating a product that is unique and adds value to the market, I do agree with that. However, I think that listening to customer feedback is as important as the product itself. Customer feedback will not only help you adjust your offer to their needs but will make it easy for you to understand the market and your competitors.   

Lesson #3: Build a long-term vision 

What is your long-term vision for the company? What are your values and objectives? Building a company with strong values and having a clear vision to its future is crucial to the sustainability of your business. Turn your vision into a plan and a set of guidelines. This will help you lead your team and will set a clear map for them to follow. 

Lesson #4: Hire the right people   

I believe that having the right team is the most important factor in building a successful business. Choose people who are willing to learn from their mistakes and adapt to change.  Make sure they have the skills you need and share your value and passion for the business you are about to start.   

Lesson #5: Learn from your mistakes 

Making a mistake once is fine, there is no need for you to panic over it.  Whatever the mistake was and no matter how small it is, you should always study it, know why it happened in the first place. Was there anything you could have done to avoid it? Figure this out and then move on. I take inspiration from women such as Alexandra Shulman, the longest serving editor in the history of British Vogue. Here is a family woman that kept her head down, worked hard, and inspired a whole industry with consistent creativity and outstanding business skill.   

If I were to give one advice to young entrepreneurs, it would be to learn how to embrace your fears and see it as an opportunity. Use your experience to your advantage. Try to teach yourself how to always look at the bigger picture, understand why you did what you did at the time and why. It’s simple, but the best method to ensure you always stay ahead of the game is remember that you are your greatest critic!  

Daria Kantor, CEO of Trube 

Image Credit: SFIO CRACHO / Shutterstock

Android "now as secure as iOS" claims Google chief

IT Portal from UK - Fri, 03/16/2018 - 11:45

Eliminating malicious apps and keeping its mobile OS protected against a myriad of growing threats has been a challenging task for Google's Android team over the past year. 

The company has released its Android security report for 2017 to shed further light on the improvements its made to the platform to protect over two billion Android devices last year. 

In May, Google announced Google Play Protect to bring its suite of Android security services to the forefront of users' devices.  By utilising machine learning alongside a variety of different tactics, the service helped shield users from Potentially Harmful Apps (PHAs) by automatically reviewing more than 50 billion apps everyday. 

Play Protect also scans user devices once a day to check for PHAs and this feature helped remove almost 39m PHAs last year.  In October, Google even enabled offline scanning in Play Protect which was able to prevent an additional 10m PHA installs.

The Android team also worked to improve the security update process to ensure that the version of Android running on user devices is both up-to-date and secure.  Last year, 30 per cent more devices received security patches than in 2016 and no critical security vulnerabilities that affected Android were disclosed without an update or mitigation available forusers. 

New security features were also added to Android Oreo which made it safer to download apps, dropped insecure network protocols and provided more control over identifiers.  The overlay API was also updated to prevent apps from blocking the entire screen to prevent users from dismissing them which is a common tactic employed by ransomware. 

Google has done a great deal to increase its bug bounty programs and $1.28m was paid out to researchers that participated in the Android Security Rewards program.  The company also introduced the Google Play Security Rewards program with a bonus bounty to developers that discovered and disclosed certain critical vulnerabilities found in apps on the Google Play Store. 

Android has made great strides in further securing its platform without having to forego its more open nature when compared to Apple's iOS. 

Image Credit:  Alok Sharma / Pexels

IBM launches major new business AI platform

IT Portal from UK - Fri, 03/16/2018 - 11:16

IBM has launched its latest new initiative to encourage businesses to adopt AI with the release of a super-smart new machine learning platform.

Ahead of its IBM THINK event next week, the company has revealed the launch of its new Cloud Private for Data platform, which it hopes can encourage more businesses to integrate AI solutions and gain an advantage over their competitors.

The new platform is powered by a superfast in-memory database that IBM says can take in an analyse one million events per second, giving businesses a deeper insight into their data than ever before.

For example, the service could be used to analyse data generated from large-scale IoT or mobile devices deployments, or provide insights from huge numbers of ecommerce customers for an online retailer.

The new offering is available now on the IBM Cloud Private platform, but will be available on other clouds soon in the future. IBM says it can be deployed in minutes, due to being rolled out on the Kubernetes open-source container software, allowing it to forms a truly integrated environment for data science and application development.

“Whether they are aware of it or not, every company is on a journey to AI as the ultimate driver of business transformation,” said Rob Thomas, general manager, IBM Analytics. 

“But for them to get there, they need to put in place an information architecture for collecting, managing and analysing their data. With today’s announcements, we are bringing the AI destination closer and giving access to powerful machine learning and data science technologies that turn data into game-changing insight.”

IBM has also launched a dedicated support team that it hopes will also encourage businesses to embrace the new technologies. Its Data Science Elite Team will be available to customers using the new platform, and includes data scientists and machine learning engineers among team.

Microsoft launches major new bug bounty program

IT Portal from UK - Fri, 03/16/2018 - 11:15

In order to discover future “speculative execution” CPU vulnerabilities similar to Meltdown and Spectre, Microsoft is launching a new bug bounty program that will run till the end of this year. 

The company is offering up to $250,000 for bugs similar to the Meltdown and Spectre CPU flaws which were discovered by Google's Project Zero in June of last year.  The new program will help encourage the discovery of additional flaws that could also prove to be vulnerable to exploitation by hackers. 

Security group manager at Microsoft, Phillip Misner explained the company's reasoning behind launching an entirely new bug bounty program for these types of vulnerabilities, saying: 

“Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.” 

This is not Microsoft's only bug bounty program and the company will also pay out up to $250,000 for any serious Hyper-V flaws discovered in Windows 10. 

Intel also plans to address these types of vulnerabilities by redesigning its next-generation of Xeon processors to include new hardware protections.  The chipmaker's 8th generation of Intel Core processors will also include these same protections when they ship in the second half of 2018. 

Meltdown and Spectre took the security world by surprise and Microsoft, Intel and other companies are working to ensure that a similar shake up does not occur in the future. 

Image Credit: Gil C / Shutterstock

Insights on the biggest dark web threats to businesses

IT Portal from UK - Fri, 03/16/2018 - 11:00

While cybersecurity firm RepKnight was founded back in 2011, the company recently broke onto the scene after uncovering which celebrities had fallen victim to the recent Instagram hack — something the social media behemoth itself was keen to keep quiet. RepKnight, however, was able to find the email addresses and phone numbers of some of the biggest A list stars like Emma Watson and David Beckham being openly posted for sale for $10 on the dark web.

Celebrities aside, RepKnight’s day job is to help businesses detect when their data has been posted on the dark web. I spoke to one of the company’s cybersecurity analysts about what the biggest cybersecurity threats are.

Here’s what he had to say.

1. So Patrick, how would you define the dark web?

The dark web is a part of the world wide web that can’t be indexed by conventional search engines like Google or Bing. And if it’s not indexed you’ll never find it using those same conventional search engines. You’ll often find that the dark web is a marketplace for many illegal items like firearms and drugs, and is being used by cybercriminals who are either buying or selling these illicit items.

2. You mention firearms and drugs, but what exactly does the dark web have to do with ordinary businesses?

Well, while two thirds of the dark web is made up of the sale of guns, drugs and other illegal products, one third of the dark web actually consists of something much more valuable to criminals — corporate data. The most common data we’re finding on the dark web in relation to businesses includes dumps of personal information like employee email addresses, leaked emails, client contact details and corporate login credentials.

3. How do cybercriminals tend to get their hands on all this data?

Cybercriminals are always looking for new ways to steal corporate data. One of the fastest-growing threats is phishing, whereby attackers send a scam email to employees duping them into handing over sensitive information such as usernames, passwords and credit card information. Often, these emails will look like they come from a legitimate source, which then lures the victims into trusting the links they click on. It only takes one compromised high-privilege account to provide the keys to the kingdom and the back door to your databases for exfiltration. Then there’s third-party breaches. Most companies outsource their data processing in one way or another, but often don’t realise that doing so can greatly affect the security of that data. If your third-party provider suffers a breach, then your data has the potential to end up for sale on the dark web. Exactly what happened to a well-known online payment provider recently.

4. So what industries would you say are most at risk of the dark web?

Every business in every sector owns data that has the potential to make a nice profit on the dark web — which could result in a large fine for the business if that data is breached. So, I’d have to say that every industry sector is at risk. Therefore, it’s vital that companies have the right tools in place to ensure that you discover the breach before any of the bad guys or the regulators discover it. Companies should be continuously looking for their data appearing outside the firewall, and promptly rectifying any leaks — much in the same way you might have physical security such as a security guard patrolling buildings, or CCTV monitoring offices and parks.

5. Looking more broadly, what effect does the dark web have on data breach detection?

So, data breach detection in Europe is actually quite poor. In fact, a recent study from FireEye found that the average time between a data breach and discovery in Europe is a staggering 469 days. The dark web really doesn’t make data breach detection any easier because the dark web is non-indexable. That’s why organisations should focus on keeping track of their data, as well as securing their networks. But now there’s technology available that enables you to continuously monitor for your data outside the firewall, which means that if you suffer a data breach that is openly discussed, shared or published, you’ll know about it within minutes.

6. Next year, the GDPR will come into effect. What is the significance of the dark web in relation to the GDPR?

Once the GDPR comes into effect in May 2018, organisations will have just 72 hours to report a data breach once becoming aware of it. So, if your company data ends up for sale on the dark web, you need to know about it quickly so you can mitigate any punishments, which could be a hefty fine of up to €20 million or 4 per cent of your revenue. Uber, for example, failed to report a breach for an entire year. If this happened after the GDPR had come into effect, the company could have been looking at fines in excess of tens of millions of pounds.

7. So what can companies do to prevent this from happening?

It’s really important for businesses to invest in the right tools that can help them to find their data, no matter where it’s hidden. Having the ability to monitor the millions of dark web pages and the hundreds of dump sites being used by cybercriminals and then being able to filter and extract that information based on things like customer databases and employee email addresses, is a necessity for businesses. Thankfully, software like this is already on the market, which can alert you in real time when your data is being shared or discussed on the dark web. After all, the sooner you report a breach, the lesser the GDPR fine may be!

8. Is there anything else that businesses can do with its data to help them deal with data breaches better?

There are a couple of other ways to ensure that your data can be found on the dark web. The first is adding watermarks to your data. Watermarking works by adding dummy entries to your existing databases — for example CRM systems, HR databases and marketing lists — which you can use to detect your data being leaked. Another technique that you can use to identify your data is fingerprinting, where your data is analysed for unique patters that form an integral part of the dataset, such as the format of a customer reference number.

Patrick Martin, cybersecurity analyst, RepKnight
Image source: Shutterstock/Sergey Nivens

China wants to shape the global future of artificial intelligence

MIT Top Stories - Fri, 03/16/2018 - 10:34
Drawing up technical standards is an early attempt to control how AI evolves worldwide.

UK is the top location for creating AI jobs

IT Portal from UK - Fri, 03/16/2018 - 10:30

As businesses look to incorporate artificial intelligence into their organisations and products, demand for AI jobs has increased significantly with new data revealing that the UK's artificial intelligence sector is growing faster than in America, Canada and Australia. 

The world's largest job site, Indeed has recorded a threefold increase in AI jobs in Britain since 2015 and at this rate the UK is on course to be a global leader in AI technology. 

Jobs in the field of artificial intelligence generally require highly skilled workers who are able to develop and maintain complex systems and applications.  The two most sought after positions by employers were data scientists and machine learning engineers as they play a critical role in teaching machines to use and interpret data.

In the UK, AI jobs pay well above the average salary with data scientists earning £56,385 a year and machine learning engineers earning an average of £54,617 a year. 

Despite the fact that businesses are offering higher salaries, they are still having difficulties when it comes to finding talented workers to fill these positions.  Researchers at Indeed found that the amount of AI jobs available in Britain was six times higher than the number of interested candidates. 

Economist and senior fellow at Indeed, Tara Sinclair offered further details on the UK's unique position in the field of AI, saying: 

“Britain’s reputation as a tech leader has made it a natural home for the booming AI sector, and the UK’s concentration of AI jobs has risen steadily - and now outstrips that in the other major English-speaking countries. AI jobs are not for everyone, as they require highly specialised skills. So it’s essential that post-Brexit Britain retains the ability to attract the global talent it needs to keep its AI sector in pole position.” 

Image Credit: PHOTOCREO Michal Bednarek / Shutterstock

Why the legal sector should be investing in blockchain technology

IT Portal from UK - Fri, 03/16/2018 - 10:00

Cryptocurrency has now been around for nearly ten years, but it has only really burst into the limelight over the past year due to Bitcoin’s extreme volatility. In December 2017, Bitcoin reached highs of $20,000 per coin, but now it is trading at just under $10,000. While it’s the currency that’s been attracting all the attention, the blockchain technology that powers and documents every Bitcoin transaction has gone fairly unnoticed. Until now.

Blockchain is a unique way that data can be recorded. The technology is often referred to as a ‘distributed ledger’, as the data that is stored is distributed across an entire computer network. The whole purpose of blockchain is to provide a digital and fixed trail of transactions so that each purchase made using the digital currency can be verified.

The technology, which began its life as a financial tool, is now beginning to attract the attention of law firms like Hogan Lovells and Fieldfisher, which are starting to recognise its benefits for making their processes and data more secure, such as through smart contracts. But, while a few law firms are exploring the technology, there hasn’t been a great deal of adoption within the legal sector as of yet.

Why should law firms be turning their attention to blockchain?

We are living in a world where technology and data dominates, and as advantageous as this is, it does leave businesses open to attacks from hackers. The recent WannaCry attack in 2017 pushed the extent of cyber attacks into the public eye and showed just how vulnerable all businesses are, as hackers held a series of high-brow companies, such as FedEx, Honda and O2, to ransom over their own data. While the attack was stopped, it wasn’t before it inflicted a cost of $8 billion in damages to businesses across the world.

Law firms, in particular, are prime targets for cyber attacks as the data they hold, both in commercial and private transactions, is extremely valuable and sensitive. As a result, over the past six months, one in five UK law firms have experienced an attempted cyber-attack on their systems.

Blockchain could have prevented the WannaCry attack, as unlike generic storage systems, the technology never stores data on just one single lone server. Instead, blockchain stores the data across an entire computer network and also on every computer that has access to that network. So, hackers wouldn’t just have to successfully attack one server, they would have to attack each individual computer on the network at the same time to breach the network and access the data, which is both time-consuming and highly complex. This aspect of blockchain makes it an extremely secure and ideal implementation for law firms that deal with and hold a lot of valuable and sensitive information.

Alongside growing cyber attacks, the General Data Protection Regulation (GDPR) is also looming, which will require every business to ensure that all their data is processed lawfully, transparently and for a specific purpose. Once that purpose has been fulfilled and the data is no longer required, the data should then be deleted Yet, despite law firms being given two years to prepare for the regulations, only 25 per cent of UK firms admitted in November 2017 that they were ready to comply with the impending laws. With only a few months to go until GDPR comes into force, those firms that have left it to the last minute will have to work extremely hard to ensure their systems are ready to comply.

Fortunately for these firms, the solution could lie in blockchain. Two of the primary focuses of GDPR is transparency and auditability. These two requirements can be successfully adhered to by the use of blockchain, as all the information captured and recorded in the ‘ledger’ can be viewed in real-time by all users on the network, including audit officers. This would enable auditors to identify every change that has been made to the data, as the blockchain permanently records it. Firms can keep a compliant, up-to-date trail of information.

Why haven’t more firms adopted blockchain yet?

The legal sector is famed for its resistance to change, especially when faced with embracing new and emerging technologies. While a few forward-thinking firms are starting to recognise the value of innovation, the rest are still sitting back, waiting until new technology has been tried and tested to minimise the overall risk of implementing it into their operations.

At the moment, those forward-thinking firms seem to be focusing their attention on artificial intelligence (AI), not blockchain. AI has been receiving a lot of attention in the legal sector for some time now, with firms looking at how the computerised intelligence can save time on case research, as well as providing greater accuracy levels by reducing human error. Now that more firms are turning to AI, the competition to implement it first to stay ahead of rivals is hotting up, but this means it could be a while before firms turn their attention to blockchain.

It is also likely that law firms will be concentrating on more pressing matters, such as the impending GDPR regulations. In the run up to May 2018, chief technology officers (CTOs), chief executive officers (CEOs) and managing partners will be making sure that their data systems are set up to comply with the data management laws. If they’re not up to scratch, further investment will be needed to bring them to the correct standards, so law firms can avoid the large fines that they will face if they aren’t compliant with the rules. This limits funding to explore new technology, such as blockchain, so it’s likely that it will be put on the back-burner.

The legal sector has been set in its ways for centuries, and technology hasn’t exactly played a huge role in helping the industry go about its business up to now. But, the combination of growing cyber threats and new data regulations is placing law firms under pressure to increase security, and they require modern solutions to do so. Blockchain is a technology that can make law firms not only more secure, but also more compliant. However, it is up to CEOs, CTOs and partners to embrace change, take control and drive forward its adoption.

Dan Taylor, director of systems and security at Fletchers Solicitors
Image Credit: Zapp2Photo / Shutterstock

The technologies that are tackling fake news

IT Portal from UK - Fri, 03/16/2018 - 08:30

The past few years has seen fake news evolve from a niche political term to a socially ubiquitous one. Cases demonstrating that fake news has had real-world consequences continue to emerge every day which has ensured that it remains the subject of intense debate. Technologies are finally emerging that have been designed specifically to tackle fake news at all stages - from its inception, to the way it spreads, to the way that we approach the news as consumers.

Rising to prominence by way of its purported involvement in shaping the outcome of the 2016 US Presidential Election, fake news has become an increasingly pressing problem. Recent cases whereby intentionally-created fake news has successful achieved its goal of advancing a particular political or commercial agenda has incentivised continual improvement of the technology designed to spread it.

As the issue has become increasingly pressing, calls have been made by various stakeholders, namely the media, the government and the public, for it to be stopped. The perceived onus of tackling the problem has shifted around from shoulder to shoulder, with both the government and social media tech giants such as Twitter and Facebook facing most of the backlash.

Fake news is a fundamentally technological problem. From the bots that create it to the platforms that facilitate its spread, the issues at play are technological ones and therefore must be remedied with a matching solution.

One of the most common ways that fake news is spread is using bots. The concept behind bots is simple – they can be programmed to do a task repeatedly and in large volumes. This typically includes liking, sharing or commenting on posts and following people or pages in order to maximise the impressions the content makes.

Social media platforms are trying to identify bots in several different ways. Facebook remain characteristically quiet about the specifics of their anti-fake news processes, but it is most likely that they use a combination of data analysis and open source to recognise patterns in how bots format their posts. By identifying similarities in presentation and timing, software can be programmed to find accounts that fit the formula and flag them for further investigation.

Biometric authentication is also being adopted incrementally by social media platforms as a way to verify that users are not actually bots. In January this year, Facebook acquired a start-up who specialise in analysing a user’s government-issued identification, such a driving license, in order to verify them as a normal user. Twitter recently proposed that they will look to verify all ‘real’ users so that bots can be removed from the platform. 

Natural Language Processing (NLP) is the technology that is being used to identify fake news after it has been created by looking at the nature and tone of the content. The technology has existed and been in steady development since the 1950s. It was originally designed to carry out automatic language translation and was later incorporated into a device that supplied patients with a medically appropriate response when asked a question verbally. 

Recognising fake news

The advancement of this technology has meant that it can now be utilised to identify fake news with impressive levels of accuracy. A computer is taught to recognise signifiers of fake news, such as tone, sentiment and style, and uses these learnings to assess stories by the likelihood that they contain inaccurate information. The system also assesses content on various other attributes available through the collection of metadata such as vendor, author, domain owner and time.

NLP processes are typically powered, and enhanced, by Artificial Intelligence. By AI-enabling this software, the computer is able to make decision on the validity of a news source informed not only by the parameters established by the programmers, but also of its own accord. By interpreting large, and often historical, data sets, the computer is able to identify patterns and trends amongst content that was successfully identified as fake. It can draw assumptions from these patterns that improve its capacity to identify fake news.

Fake news identification technology relies on a Human-In-The-Loop type of machine learning. This means that humans are involved in the process to ensure the outcome is as accurate as possible. This includes humans setting the original parameters from which the computer learns of what constitutes fake news -i.e. which news platforms are definitely not trustworthy, and which are. This can also involve the process of cross-validation of outcomes using human fact-checkers, who investigate the systems results to ensure its efficacy.

Blockchain is another technology being harnessed to combat fake news in a different way to various others. The immutable nature of blockchain means that it can provide accountability and transparency to the complex world of news and publishing. These application of blockchain to this area is currently in its infancy but there are a range of possibilities to be explored. In theory, the nature of blockchain could facilitate an audit trail from every piece of content, where it came from and where it has been shared. Further, the technology allows community verification so would allow users to authenticate content and confirm its reliability.

Fake news is a unique problem because it exists in so many parts. Its roots and the reasons for which it spreads are myriad and complex. Its consequences are so diverse that the onus of responsibility doesn’t clearly fall in one place which is partly why it has been able to proliferate so easily. Social media giants like Facebook and Twitter are reluctant to position themselves as any more than content aggregation feeds, and governments are struggling to define where the boundaries of free-speech infringement can be drawn. Technologies are finally filling the gap created by these various inadequacies.

Data interpretation and biometric authentication are working to limit the proliferation of bots by identifying suspicious accounts. Sophisticated combinations of NLP and machine-learning technologies are helping to identify the fake news that these bots create and diminish the reach that they have. Blockchain is also emerging as a viable way of holding media outlets to a level of accountability much higher than currently exists. Ultimately, it is technology that is providing the most comprehensive, credible and multi-faceted solution to a problem that is only increasing in severity.

Lyric Jain, CEO, Logically
Image Credit: Workandapix / Pixabay

Is the bright web more dangerous than the dark?

IT Portal from UK - Fri, 03/16/2018 - 08:00

Each week it seems there’s another scare story about the information that can be found for sale on the dark web. We all know that drugs, weapons, fraudulent identification cards and hacked bank details find their way there, and right at the end of last year a group of researchers discovered a 41-gigabyte file containing a staggering 1.4 billion username and password combinations for sale. However, the recent revelation that infants’ social security numbers – used by criminals to apply for government benefits or take out mortgages – are now cropping up for purchase will raise the dark web’s profile even further.

When an organisation is hacked, the dark web is often where the stolen customer data or other information ends up. On the dark web, websites are not indexed by search engines and can only be accessed if you know the site address, effectively hiding them and providing a secretive canopy beneath which criminal activity can flourish.

With its easy access to sensitive information and illegal activities, the notion of the dark web can be chilling – and the increasing public awareness of the dark web is broadly to be welcomed.

The risk, however, is that the focus on the dark web obscures a place that is potentially more dangerous and much more significant in scale. While businesses and the media fret over what’s for sale in the internet’s shadiest corners, many thousands of public-facing sites exist where data can be easily uploaded and shared, offering a vast treasure-trove of sensitive information to prospective hackers. This can be labelled the ‘bright web’, and it’s something that business need to get a better handle on.

The Netskope Threat Research Labs team carried out a research project to find areas of the internet where it’s easy to upload and share sensitive data. Most of you reading this will be aware that many of these sites exist, but it’s shocking how simple it is to do significant damage and how widespread a problem this is.


Creating a scenario that involved sharing sensitive information, the Netskope team produced a piece of data that was representative of what was stolen during the recent Equifax breach. This data contained a fictitious customer record with personal information that included name, address, phone number, email and social security number, as well as a couple of credit card numbers, which is appropriate given how often they’re sold on the dark web. This sensitive information was then packaged in three different formats – PDF, JPEG, and .pptx – for maximum possible reach.

Slide-sharing services, which are a popular way to upload and share presentations, are one of the most vulnerable gateways and part of the bright web. However, these services also make it easy to share publicly and a simple Google search can reveal unexpected and frightening results. For example, if you search for “Prezi” and “QBR” you will find all the public-facing QBR (quarterly business review) presentations that are hosted on Prezi. Take just a quick glance at a few of them and you’ll find revenue numbers, customer names and business plans – data that is sensitive and obviously not intended to be shared publicly.

Cloud storage services such as Dropbox, Box and Zippyshare also make it easy to upload and share data publicly. Google Drive even has an option that allows uploaded data to be indexed by search engines. This presents a hugely risky scenario where any data can be easily leaked to the masses by simply uploading it and clicking on a button.

The enterprise needs eyes

It is difficult to be certain on how widespread an issue this is. The sample size for Netskope’s research included the top services in the cloud storage and collaboration categories, in addition to a handful of slide-sharing tools in the personal cloud app category. More than 10 per cent (1,240) of cloud services available online allow the easy uploading and sharing of data by signing up without a credit card.

This may be fine for data that’s meant to be public, but the likes of business plans, customer information and anything confidential could easily get in the wrong hands if uploaded in this way. Google Drive is the only mainstream cloud storage service that enables users to bypass cloud storage security control by supporting the ability to share data publicly and have it indexed by search engines.

On average, an enterprise has more than 1,000 cloud services in use and more than 95 per cent of those are business-led, with the remaining 5 per cent being IT-led. Lines of business rely on these cloud services to move quickly, innovate and be more productive. A comprehensive cloud security strategy should include a focus on securing IT-led cloud services like Office 365, in addition to safely enabling the bright web with granular access control and Cloud DLP that can be applied to the thousands of cloud services that make up the bright web.

The media and public eye may be more on the dark web and the trade in sensitive data, but these kinds of cloud services have much greater potential to put all of our personal and sensitive information at risk. In today’s cloud and web-first world where we live and work online, and want to both collaborate freely and move more data to the cloud, it’s vital that we secure the tools we use and make sure we don’t create a bright web that’s a gift for hackers.

Bob Gilbert, VP Product Marketing and Chief Evangelist, Netskope
Image source: Shutterstock/Sergey Nivens

How applications are elevating the performance of companies in EMEA

IT Portal from UK - Fri, 03/16/2018 - 07:30

Businesses and employees alike are being faced with new and innovative technologies that are disrupting business practices - and the way people work, across Europe. Whether it is automation, AI or new business applications, these innovations are not just disrupting markets and creating even greater levels of competition but changing the very fabric of the organisation itself. This is leading us to a critical juncture where business leaders have the opportunity to reshape responsibilities, change the culture and drive innovation into the hands of the individual.

But how did we get here, and what can companies expect when they embrace new tech applications?

Only a few years ago, the digital culture of companies operated along the lines of a benevolent dictatorship, with IT being the source of all knowledge, and employees coming to IT for permission to do almost anything that had an impact on the whole organisation’s technology landscape.

This culture was defined by a lack of trust. It was assumed that employees would make the wrong technology decisions, select the wrong device and prevent integration across the enterprise. The sheer number of technology variables forced IT to push for uniform solutions, and the relationship between IT and end-users was one of command-and- control.

As technology advanced, and powerful devices that were previously limited by IT found their way into the hands of employees (for instance the introduction of the iPhone and the App Store), expectations started to change. Employees have become increasingly hungry to do more with the technology available to them, and as businesses have started to introduce business applications – defined as user-friendly apps that working professional use as part of their job – our report with Forbes Insights showed the profound impact these applications, and the culture that allows these applications to be used across the organisation, had on company performance.

A cultural transformation

Benjamin Franklin famously declared that “nothing can be said to be certain, except death and taxes”. For many organisations now, that feeling of uncertainty, and the changes that come with it, centre around their ability or readiness to digitally transform.

The IT team is now no longer the sole enabler of this transformation. It is not just about introducing the latest hardware or software, but about a shift in culture –  trusting employees to use the new technology to enable them to be creators and innovators in their own right.

Our study highlights the need to create a new digital culture within the workplace; one where CIOs create an environment that allows employees to have access to the right applications to thrive at work. Collaboration tools, for example, can enable a supply chain director in Gothenburg to collaborate with a Milan-based supplier in real time. A VP in London finds her team is making decisions faster because they use applications that automate previous manual tasks. These are the kinds of incremental work improvements that can be driven by better access to applications and underpinned by a change in culture at work.

The empowered enterprise and its workforce

The impact of empowered employees, where users can access any application they require, at any time and on any device, also translates to a more productive workforce, which ultimately improves the performance of an entire company.

Our research indicates that in EMEA, empowered employees are five times more likely to report gains in productivity. A strong correlation was also found between the availability and accessibility of applications and a number of enterprise metrics such as global capabilities, for instance the ability of a  company to expand, as well as a return on revenue. Two-thirds of EMEA empowered employees reported that applications have been very important in helping their companies build their global capabilities, compared to only one third of traditional workspace employees (those that are not empowered).

With employees finding applications so useful and critical at work, they tend to go beyond what IT can procure and source their own. Yet getting to this point, where employees can procure, install and manage the applications they need for their job, requires a fundamental change in the way the business views technology and the equilibrium between the IT department and the employees. Though giving frontline employees the freedom to make their own technology decisions breaks many of the historical chains of command, forward thinking CIOs are recognising that the impact of empowering employees with this responsibility is too large and positive to ignore.

Lufthansa Cargo is just one example of a company leveraging business applications to improve employee satisfaction. A wholly-owned subsidiary of Deutsche Lufthansa AG, Lufthansa Cargo uses an electronic flight bag (EFB) system when onboard planes, giving the company fast and easy access to aeronautical charts, airport information, route information, weather reports, and much more. The mobile devices enable the company to quickly provide employees with updates, new apps and new approaches, saving the company money.

As the world becomes more digital, many believe that the morale and commitment of the individual employee is becoming an even more important driver of the overall performance of the company.

The revolution from below

Digital transformation and the disruption of different markets is more than the simple deployment of new technologies. Business applications like collaborative software, project management suites, and process automation solutions, are becoming an integral part of an employee’s working day. We found that more than 40 per cent of EMEA employees questioned stated that applications have reduced the time they spend on manual processes - more than three times the impact being experienced in traditional workspace companies. As agility and speed to market become central to companies’ ambitions, business applications are speeding up decision-making by enhancing collaboration, putting information at employees’ fingertips and providing real-time, group communication.

Business leaders need to quickly adapt and foster an environment where innovation is embraced and new technology adoption can be effectively exploited. Those that can empower their workforce to help drive digital transformation will be on the winning side.

Duncan Greenwood, Vice President of End-User Computing, VMware EMEA
Image Credit: NakoPhotography / Shutterstock

[SECURITY] [DSA 4139-1] firefox-esr security update

Security Updates from SECLISTS - Fri, 03/16/2018 - 07:12

Posted by Moritz Muehlenhoff on Mar 16

Debian Security Advisory DSA-4139-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 15, 2018 https://www.debian.org/security/faq

Package : firefox-esr
CVE ID : CVE-2018-5125 CVE-2018-5127...

[slackware-security] curl (SSA:2018-074-01)

Security Updates from SECLISTS - Fri, 03/16/2018 - 07:08

Posted by Slackware Security Team on Mar 16

[slackware-security] curl (SSA:2018-074-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/curl-7.59.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
FTP path trickery leads to NIL byte out of bounds write
LDAP NULL pointer dereference
RTSP RTP buffer over-read...

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities

Security Updates from SECLISTS - Fri, 03/16/2018 - 07:03

Posted by Secunia Research on Mar 16


Secunia Research 2018/03/14

LibRaw Multiple Denial of Service Vulnerabilities

Table of Contents

Affected Software....................................................1...

Phishing still number one method for cyber-attacks

IT Portal from UK - Fri, 03/16/2018 - 06:30

Microsoft has just released its annual cybersecurity report and it says that phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches.

To create the report, Microsoft scanned more than 400 billion emails, 450 billion authentications and 1.2 billion devices. More than half (53 per cent) of all email threats are phishing ones. Three quarters (75 per cent) contain a malicious URL.

“As software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to successfully penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email,” Microsoft said.

“In 2017 we saw “low-hanging fruit” methods being used such as phishing — to trick users into handing over credentials and other sensitive information. In fact, phishing was the top threat vector for Office 365-based threats during the second half of 2017.”

Second biggest threat are 'leaky cloud apps'. Microsoft says just three per cent of them support HTTP protection methods, while 86 per cent of them do not encrypt data, at all.

“Other low-hanging fruit for attackers are poorly secured cloud apps. In our research, we found that 79 per cent of SaaS storage apps and 86 per cent of SaaS collaboration apps do not encrypt data both at rest and in transit.”

Ransomware is still popular, as well, mostly in Myanmar, Bangladesh and Venezuela, where the encounter rates were highest average (0.48 per cent, 0.36 per cent and 0.33 per cent, respectively).

On the other hand Japan, USA and Finland have had the lowest average monthly encounter rates, at just 0.03 per cent.

Image Credit: wk1003mike / Shutterstock

Intel redesigns chips to protect against Meltdown and Spectre

IT Portal from UK - Fri, 03/16/2018 - 06:00

Intel has just announced that its future chips will be redesigned to protect its users from the Spectre and Meltdown vulnerabilities

Announcing the news in a blog post, the company's CEO, Brian Krzanich, said the company tackled the problem from two angles.

First, all of Intel’s products launched in the past five years now have microcode updates, and Intel’s head is asking all users to update as fast as they can. Second, while Variant 1 will still be patched from through software, Variants 2 and 3 will be tackled from the hardware perspective.

“We are making changes to our hardware design to further address the other two,” he writes.

“We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3. Think of this partitioning as additional “protective walls” between applications and user privilege levels to create an obstacle for bad actors.”

The changes will start with Intel’s next-generation Intel Xeon Scalable processors, as well as the 8th Generation Intel Core processors expected to ship in the second half of 2018.

“Our work is not done,” he concludes. “This is not a singular event; it is a long-term commitment. One that we take very seriously. Customer-first urgency, transparent and timely communications, and ongoing security assurance. This is our pledge and it’s what you can count on from me, and from all of Intel.”

Image Credit: Ken Wolter / Shutterstock

Google ups security protection for Chrome Enterprise

IT Portal from UK - Fri, 03/16/2018 - 05:45

Google is adding new features to its Chrome Enterprise browser as it looks to ramp up security even further.

A total of four new partnerships with EMM providers have been announced, allowing IT managers to implement and control security policies from a single place.

Google is thus partnering with Cisco Meraki (a solution for wireless, switching, security, endpoint management, and security cameras, all managed through Meraki’s web-based dashboard interface), Citrix XenMobile (device and app management for mobile security), IBM MaaS360 (employing Watson for a cognitive approach to unified endpoint management), and ManageEngine Mobile Device Manager Plus (unified endpoint management console for configuring, managing and securing mobile devices, desktops and apps).

This way, Google addresses what it says is a growing problem. As a matter of fact, Google claims that 98 per cent of businesses were affected by malware just last year.

“Enterprise IT admins know this all too well,” the company says.

“With hardware, firmware, browsers, apps, and networks to protect, admins now face more risks than ever, while managing more devices than ever. We built our Chrome Enterprise ecosystem with this complex landscape in mind, and today we’re adding new enhancements and partnerships as we continue to make Chrome Enterprise the most secure endpoint solution for businesses in the cloud.”

Google has also announced a bunch of other stuff, like making sure Chrome OS works with legacy infrastructure, or expanding management capabilities in Chrome Browser and Chrome OS, so make sure to check out the full blog post on this link.

Image Credit: Asif Islam / Shutterstock