Month: January 2018

Tech Tip: Windows 10 – Create Multiple Desktops

Posted on by Rob Burdett

If your work involves having different jobs that need different sets of apps, or if you need to have lots of different things open and you only have one monitor, you may find that it helps to create multiple desktops.

To create multiple desktops:

  • Click on the task view button next to the search bar on the taskbar.
  • Go to the button at the bottom-right corner of your screen labelled ‘+ New desktop.’
  • Click on this to create a new desktop.
  • To switch between desktops, click on the task view button and then, click on either of the thumbnails at the foot of the screen.

Nominet To Walk Away From Own Charitable Trust

Posted on by Rob Burdett

Questions about Nominet Trust’s direction and accountability have led to Nominet announcing that it is withdrawing from its own charitable foundation that it set up over a decade ago.

What Is Nominet Trust?

Nominet Trust is the charitable foundation that was set up by Nominet, the UK’s domain-name registry, as a way of dealing with the excess revenue from registrations of .uk domain names.

What’s Gone Wrong?

An email sent by Nominet CEO Russell Haworth cites problems with the Trusts “grant-giving, single funder model” which was set up in 2008, as being at the heart of the reason for Nominet wanting to walk away from its own Trust.

It has been reported, however, that some members of the Trust became concerned that, rather than using the money from .uk to find good causes, money may have been used to fund unrelated business expansions, including loss-making ventures.

There was also concern after Nominet raised its prices by 50% for reasons that were unclear to many, and that contacts Nominet had signed to run dozens of new domain registries, may have been won by offering below-market rates.

The announcement of the move away from the Trust by Nominet was accompanied by the resignation of the chair of trustees Natalie Campbell, and by two of its directors, former Nominet board member Nora Nanayakkara, and Jemima Rellie.

Trouble At The Top?

There appears to have been a history of trouble at the top at Nominet with previous CEO, Lesley Cowley, reportedly giving the board members more power over the funds.

Some commentators have noted that the arrival of new Chief Executive Russell Haworth, a former acquisition and venture specialist with no experience of the domain name registry market, brought more of a shift from non-profit with a strong public benefit remit to a profit-seeking investment vehicle.

Mr Haworth’s arrival in 2015 also coincided with the resignation of the entire Nominet Trust team, including the chief executive, chair, several trustees, and most of its senior staff.

It has also been noted that under Haworth’s leadership, the organization appeared to ignore the recommendations of an independent study into its governance that would have given members a greater say in Nominet’s direction.

What Now?

Nominet’s CEO has stated that the Nominet Trust should now be free to attract other investors in order to fulfil its social tech ambitions, which means that the Trust will become a separate entity with a new name, and with different governance and funding structures. The Trust is reported to be in a healthy financial position and is continuing running its programmes.
Nominet is still willing to be involved as a member of the Trust during the transition period.

It is thought that the new version of the Nominet Trust will be led by new Chair Bill Liao, who joined the Board back in 2014. It is reported that Mr Liao has the full support of Trustees Sebastien Lahtinen, Beth Murray and Hannah Keartland.

What Does This Mean For Your Business?

It seems that a change in CEO, the focus way Nominet now does business, and most probably the culture (after resignations) and power shifts, and led to questions which, in turn led to the registry and its Trust going their separate ways.

Nominet was set up as a non-profit, public-interest, government-designed operator of the UK’s internet registry, and the Trust was set up to make use of money for good, charitable causes. It is important that organisational structures of this kind maintain accountability and transparency, and that the original charitable focus of Trusts is protected by members who have enough power.

Although businesses and charities need strong leadership, too much power at the top, and power and focus wasted on internal struggles can cause problems for the health of an organisation. As it stands, Nominet has a stable annual revenue of £30m, and the Trust (and the good causes it gives to) have benefitted from £44m since 2008. The hope is, therefore, that the change will mean stability restored to the Trust and that any problems with direction and accountability can be investigated and put right.

10% of Cryptocurrency ICOs Are Stolen

Posted on by Rob Burdett

A report by Ernst & Young has highlighted the fact that 10% of all funds raised through Initial Coin Offerings (ICOs) are stolen by hackers using techniques such as Phishing.

What Is An ICO?

An Initial Coin Offering (ICO) is a controversial way of start-up companies raising money / crowd funding to build new technology platforms or to fund businesses that use crypto currencies (also called tokens), and the underlying blockchain technology. The tokens only become functional units of currency if / when the ICO’s funding goal is met, and the project finally launches.

The controversy about ICOs centres around the fact that, although it is an innovative new source of venture funding, some commentators view ICO projects as unregulated securities that allow their founders to raise an unjustified amounts of capital, and that valuations of ICO tokens may be driven too much by the fear of missing out and, therefore, seem to result in investors rushing to put money into projects that ignore some important market fundamentals, such as project development.

$400 Million Stolen

After analysing more than 372 ICOs, Ernst & Young has reported that approximately $400 million of the total $3.7 billion funds raised to date has been stolen by hackers. The most widely used technique to steal the digital cryptocurrency funds was found to be Phishing, resulting in the theft of $1.5 million in ICO proceeds per month.

ICOs are an opportunity for scammers because they are able to take advantage of the promise of people making a huge return from a relatively low investment.

As well as scammers taking money, the study also found that underlying software code in some projects contains hidden investment terms that have not been disclosed, or that contradict previous disclosures e.g. saying there will be no further issuance of a cryptocurrency, while the code may leave that option open.

Challenges To Reaching Targets For ICOs

The Ernst & Young research shows that the volume of ICOs has been slowing since late 2017, with less than 25% reaching their target in November 2017, compared with 90% in June. Recent ICOs have faced challenges in reaching their targets, a drop in quality i.e. more low quality projects with higher fundraising goals are being presented, and issues from earlier projects are now being highlighted.

Crypto-based investment of choice is therefore waning, organizers and contributors are now facing increased regulatory scrutiny, and they are therefore now under more pressure to prove the longer-term potential of their product or service to an increasingly sceptical audience.

What Does This Mean For Your Business?

A drop in the value of popular cryptocurrency Bitcoin (its value has fallen 12% over 24 hours), added to warnings about investing in cryptocurrencies from the chairman of UBS and warnings by billionaire investor Warren Buffett (who said he would never invest in cryptocurrency), and news reports of scams such as a fake sale con for instant messenger service Telegram to unsuspecting would-be investors have all served as warnings about the risks of cryptocurrencies and of ICOs.

This latest Ernst & Young research has only served to cement that message to businesses and investors, and some commentators now think that ICOs could soon disappear altogether as a viable fundraising option, unless they can address the issue of security urgently and effectively.

WhatsApp For Business Launches in UK

Posted on by Rob Burdett

The new business-focused version of WhatsApp for Android is now available for download in the UK.

Small Business Needs

The new WhatsApp Business can be downloaded for free at Google Play, and is specifically aimed at the needs of small businesses, which account for 99.3% of all private sector businesses in the UK (FSB).

Facebook-owned WhatsApp has said that it wants people to use WhatsApp to connect with small businesses, and that the new ‘WhatsApp Business’ will make it easier for companies to connect with customers, and offers a more convenient way for the 1.3 billion WhatsApp users to chat with businesses.

Why Launch WhatsApp Business?

Since Facebook acquired WhatsApp in 2014 for $22 billion, the company has been looking for ways to monetize the app which, although was developed for use by individuals, is now being widely used by people in business, and in large and small organizations as a collaboration tool for staff.

This move by WhatsApp is also designed to gain a march on rivals in what has become a battle for the attention of consumers by messaging apps including Apple’s iMessage, Facebook’s Messenger, Kik, Slack for business, and others.
What Can It Do?

The launch in the UK (and the US, Indonesia, Italy and Mexico at the same time) is part of the wider worldwide rollout. According to WhatsApp, 80% of small businesses already using the App in India and Brazil say WhatsApp helps them both communicate with customers and grow their business (Morning Consult study figures).

Features

Features of the App include:

  • Business Profiles: to help companies to provide useful information to customers e.g. business description, email or store addresses, and website.
  • Smart Messaging Tools: to enable companies to respond quickly with answers to frequently asked questions, also greeting messages to introduce customers to the business, and away messages that let them know you’re busy.
  • Messaging Statistics: simple metrics like the number of messages read to see what’s working, and to give businesses a way of measuring and monitoring the effectiveness of the app.
  • WhatsApp Web: to enable the sending and receiving of messages with WhatsApp Business on the desktop.
  • Account Type: so that customers will know that they’re talking to a business because it is listed as a Business Account. This can become a Confirmed Account later (similar feature to Twitter’s verification process), and once confirmed, the account phone number will match the business phone number.
  • WhatsApp allows users to send photos, it has end-to-end encryption security (n important feature for businesses), allows for easy document sharing (up to 100 MB), and allows for seamless syncing of your chats to your computer so that you can chat on whatever device is most convenient.

What Does This Mean For Your Business?

Since many business people (and more importantly, their customers) were using WhatsApp for general communication anyway, it makes sense for Facebook to develop a version that is focused more specifically on small businesses. Clearly, this is a very large market in countries across the world, and it will, of course, present opportunities for monetisation and probably advertising using the Facebook-owned network in future.

From the perspective of businesses, WhatsApp provides a lot of powerful, useful, and cost saving features for a handy free app, and with speed and versatility of communications being an important factor in getting the business in today’s environment, WhatsApp Business is likely to prove popular.

WhatsApp Business offers businesses / brands the potential for building a relationship with their customers on a 1:1 level. The huge user base of the app, its speed and reliability, and the verification system of the business version could provide new opportunities for businesses that are able to harness it in a value-adding and engaging way.

There are many possible applications for WhatsApp Business e.g., KLM’s use of the app for flight confirmations and updates, brands using the app on competitions, and WhatsApp Business could work well in industries such as hospitality. WhatsApp could be a perfect way to enable customers to book a hotel room, get customer support, and even access an on-site member of staff such as a concierge. Retail brands could use the app for many purposes in addition to just shipping confirmations.

Many tech and business commentators are saying that 1:1 messaging is the future of personalized commerce and post-purchase customer service, and WhatsApp Business is well positioned enough, and widely used enough to provide opportunities for businesses worldwide to improve their communication and relationship marketing.

Amazon’s ‘No Checkout’ Grocery Store Opens

Posted on by Rob Burdett

Amazon has opened a revolutionary checkout-free, bricks-and-mortar grocery store called ‘Amazon Go’ in Seattle, after more than a year of testing.

How Can It Have No Checkouts?

The Amazon Go store uses infra-red ceiling-mounted cameras and electronic sensors to track what shoppers remove from the shelves (which have weight sensors), and what they put back. Some items carry a visual dot code, which acts like a barcode, to help the cameras to identify them.

The system uses a deep learning element so that it can differentiate between customers as they move around the store and between similar looking items for sale. The items for sale are added to the customers’ Amazon Go account as they pick them up, and items are deleted from the account if they put back on the shelves. An electronic receipt is issued as the customer exits the store.

Cash is not needed as customers are billed to the card that Amazon has on file. The ‘grab and go’ concept of the Amazon Go “just walk out” store means that it has no checkout operators or self-service tills because the whole process is automated.

As yet, there is no information about how accurate the system is, and there have only been some reports of minor teething problems.

Super-Convenient

The fact that Amazon Go appears to have eradicated the challenges of long queues which can deter shoppers, and removed the challenge of human error and other messages and authorisation processes that can disrupt self-service tills, could mean that the new store concept poses a real challenge to other retailers.

Whole Foods

Amazon began challenging grocery retailers in the US such as Wal-Mart in the bricks-and-mortar world last summer when it bought Whole Foods Market Inc. for $13.7 Billion, with industry insiders saying that it would be a long and costly process for Amazon to revolutionize grocery delivery the way they revolutionized online retailing. Before groceries, Amazon moved into brick-and-mortar retailing with the opening of a bookshop in Seattle in 2015 – there are now 13 in the US, plus dozens of pop-up outlets.

Amazon launched its ‘Amazon Fresh’ grocery delivery service in the UK back in 2016, and reports indicate that it is 25% cheaper to use Amazon Fresh than shopping in traditional supermarkets.

What Does This Mean For Your Businesses?

The strengths and reach of Amazon has meant that it has spent the last 3 years diversifying and challenging more businesses in more markets. The scaling up of its parcel delivery, plus drone and robot deliveries, Amazon Fresh, its purchase of Whole Foods, and its opening of its Amazon Business online trade counter have seen more (small and large) businesses facing a tough new competitor. It is also worth noting that Amazon has a presence and therefore a potential instant grocery ordering system in many homes in the UK in the form of the Amazon Echo, thereby giving them a further advantage over the traditional big supermarkets.

For the big supermarkets here in the UK, although Amazon Go won’t challenge profits directly now (Amazon Go is one store in Seattle at the moment), the fact that it exists, it works, it appears to address key customer concerns (no queues), and its in the hands of a company with the scale, reach, and brand awareness to expand it is a worry and another challenge to the big grocery retailers.

On the plus side, if the technology could be replicated, it could serve as a blueprint for something that could be copied by the big supermarkets in some key locations.

Some commentators have pointed out that, while Amazon is not yet making large amounts of money (in big player terms) from its retail stores, they are helping to raise brand awareness and to promote Amazon’s Prime membership scheme.

HP Worldwide Recall of ‘Fire Hazard’ Laptop Batteries

Posted on by Rob Burdett

HP has announced that it is launching a worldwide voluntary safety recall and replacement program for certain notebook computer and mobile workstation batteries over safety concerns.

Fire Hazard

The reason given for the recall is that the batteries, including those for the ProBook, ZBook, x360, Pavilion and Envy, is that HP says they have the potential to overheat, posing a fire and burn hazard to customers.

The fire hazard risk appears to have been reported by the Consumer Product Safety Commission (CPSC) which identified eight cases of the batteries overheating, melting, or charring. There has also been a report of one person suffering a first-degree burn from the battery, and three others suffering damage to property totalling $4,500.

How Big Is The Problem?

The CPSC estimates that as many as 50,000 units sold in the U.S. are at risk, and possibly, a further 3,000 more units sold in Canada.

Which Batteries?

HP says that the affected batteries were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. This includes those sold as accessories or provided as replacements through HP or an authorized HP Service Provider.

HP has provided a list of the notebook product names for batteries that may be affected at the foot of this page on its website: https://batteryprogram687.ext.hp.com/en-US/Home/ProgramSummary

How to Check Your Battery

On the same web page, HP has provided a downloadable HP Validation Utility which will check whether the battery is in your notebook is affected. The utility will also verify the battery as being one of HP’s, and this means that HP will be able to send a free replacement battery.

What If You Can’t Get To The Battery?

HP have stated that in cases where the battery is internal to the system (and isn’t customer replaceable), they will provide a “free battery replacement service” for each verified, affected battery validated on their HP Battery Recall website. This will mean that the battery will be replaced by an authorized technician at no cost to the customer.

Battery Safety Mode

In the light of the news about fire risk, if customers need to continue using their notebook, HP says that they can do so by enabling the Battery Safety Mode by connecting the notebook to an HP power adaptor.

What Does This Mean For Your Business?

The reports of people suffering burns and property being damaged are alarming, and the immediate advice for businesses with HP notebook computers and mobile workstations is to go to the HP Battery Recall website https://batteryprogram687.ext.hp.com/ to check if their battery is affected, learn about the BIOS update that contains the Battery Safety Mode feature, and to order a free battery and battery replacement services, if eligible.

In times where mobile devices are becoming ever more popular and powerful, and globalisation means that products can be widely shipped in large numbers before a problem is identified, stories such as these are becoming all-too-common. For example, there was the case of the Galaxy Note 7 phone recall due to explosive batteries, and last August, 10,000 Galaxy Note 4 batteries were recalled for risk of overheating. In the case of HP, they appear to have acted quickly, and to have provided adequate help and advice to customers. This story is also, therefore, a reminder of the importance of a having Disaster Recovery Plans in place.

Licence Plate Recognition -1 Million Mistakes a Day!

Posted on by Rob Burdett

Concerns over the possible misreading of hundreds of thousands of vehicle licence plates each day have led to calls for statutory regulation of the UK’s automatic number plate recognition (ANPR) system.

Over 1 Million Mistakes Per Day!

The ANPR system uses 9,000 ANPR cameras, to record and store up to 30 million vehicle records each year. Unfortunately, it is also reported to be recording a staggering (up to) 1.2 million false readings of number plates every day! That’s the equivalent to over 400 million incorrect readings each year!

The implication is that innocent motorists may be wrongly accused and punished for a variety of motoring offences, and that real offenders may be escaping punishment. This has led to calls for statutory regulation of the camera system.

Police In the Dark

Not only does The National ANPR Data Centre (NADC) accept data from all police ANPR systems, without carrying out any checks on the effectiveness of those systems, but it is also believed that Police currently have no meaningful data on the accuracy of ANPR, or on the contribution surveillance cameras make to tackling crime.

Also Cyber Attack Risk

Not only is it unclear what contribution the camera system could be making to cutting crime, but it has also been revealed that some systems could be at risk from cyber attack, thereby possibly allowing data to be changed, making it impossible to use as evidence anyway.

A recent example in the U.S. left over half of the surveillance cameras covering the city of Washington’s public spaces unable to record footage for three days, until experts were able to remove ransomware from the recording devices.

Facial Recognition Camera Concerns

There are growing concerns too, particularly where data protection and privacy are concerned, about the increased use of facial recognition cameras to identify suspects by matching camera images against 19 million custody images held by police. For example, Leicestershire Constabulary faced criticism after using automatic facial recognition at the Download concert in 2015, in Donnington Park, and the Metropolitan Police used similar technology during last year’s Notting Hill Carnival to match images of people with photographs stored on its Electronic Wanted and Missing Systems (EWMS).

Surveillance Camera Commissioner Says…

The England and Wales Surveillance Camera Commissioner, Tony Porter, has said that he is yet to be convinced that an assertion that national ANPR meets performance standards holds water.

What Does This Mean For Your Business?

Although there may be valid concerns about inaccuracies in the ANPR system and the impact these could have on businesses and individuals, other surveillance cameras can play an important role for business security monitoring systems. Used responsibly and only for the intended purpose, they can add value, and provide a low cost, cost saving, and vital way to maintain security.

Camera surveillance generally is now an almost unnoticed part of daily life in what, according to Big Brother Watch, is now the most surveilled western democracy, where there is now an estimated 6 million+ surveillance cameras. The worry among some of those being watched is that privacy and security are at risk, the fact that we are being watched constantly by unknown parties (and our images potentially stored and shared) is sinister, mistakes can be made with the responsibility being placed on the victim to clear their name and prove inaccuracy, regulations are not adequate, and that many cameras are operated by businesses, and quasi-government organisations.

For many people, an argument that ‘if you’re doing nothing wrong you’ve got nothing to worry about’ is not a valid argument because it simply gives a green light to the further erosion of rights without considering the consequences, and occasionally we all do something wrong (but perhaps not intentionally) which is more likely to be caught on camera than ever before, and the punishment may not feel as though it fits the crime with the inflexibility of some camera-based systems and their operators.

The introduction of GDPR will also have implications for what images from surveillance cameras are stored, where and how securely they are stored. For example, GDPR could apply to stored facial images of individuals.

Ford Doubles Investment in Electric Cars

Posted on by Rob Burdett

The Ford Motor Co has announced its plans to more than double its previously announced target of $4.5 billion investment in electric cars to $11 billion by 2022, and the company is aiming to have 40 mainstream, hybrid and fully electric vehicles in its model line-up.

Cost Cuts To Create Investment

Ford’s Chief Executive Jim Hackett is reported as saying that the capital investment for the major move to electric / hybrid car manufacture will be created by slashing a massive $14 billion in costs over the next five years.

Why?

The shift towards investment in electrification is being driven by pressure from regulators in China, Europe and California to cut carbon emissions from fossil fuels, and plans by China, India, France and the United Kingdom to phase out vehicles powered by combustion engines and fossil fuels between 2030 and 2040.

Ford’s move is also being driven by pressure from the success of Tesla in creating electric sedans and SUVs that resulted in a large number of orders, causing it to surpass Ford in terms of market capitalization, thereby positioning Tesla as the second-largest auto company in the U.S. after General Motors. Tesla also proved to other car manufacturers that large-scale demand exists in the market.

A large amount of the pressure driving Ford’s move, of course, also comes from the move by its bigger competitors into electrification. For example :

  • GM announced last year it would add 20 new battery electric and fuel cell vehicles to its global line-up by 2023.
  • Volkswagen said in November it would spend $40 billion on electric cars, autonomous driving and new mobility services by the end of 2022.
  • Toyota is working towards creating breakthrough battery technology in the first half of the 2020s with a view to cutting the potential cost of making electric cars.
  • Mercedes-Benz plans to electrify its entire portfolio by 2022 (50 electric and hybrid models).
  • Jaguar Land Rover plans to electrify its entire vehicle line-up by 2020.
  • Renault, Nissan, and Mitsubishi plan to release 12 all-electric models by 2022.
  • Volvo plans to electrify all its vehicles by 2019.

Thinking Big

Ford hopes that its ‘think big’ on electric cars strategy which arrived with its new chairman Jim Hackett (previously in charge self-driving car subsidiary Ford Smart Mobility) will enable it to accelerate global development of electric vehicles, make quicker decisions, and gain ground on the competition.

Which Cars?

Whereas motor show presentations currently indicate many other manufacturers appear to be currently focusing on electric trucks and SUVs, Ford has been clear that it plans to electrify all of its iconic and popular vehicles, 40 electric vehicles by 2022, with 16 fully electric vehicles and the rest plug-in hybrids.

What Does This Mean For Your Business?

The move to electrification by car manufacturers has been coming for some time, pushed by international pollution / emission targets, and pulled by consumer demand and the promise of new opportunities. For businesses, costs as well as performance and reliability are important, and as long as electric vehicles deliver on all three, then the move to electrification is good news.

Although the move to electrification will have implications for vehicle-related businesses e.g. fuel suppliers, garages and parts suppliers, it will also create new markets and new opportunities. For example, Ford’s own ‘Team Edison’ is looking for strategic partnerships with other companies, including suppliers, in some markets.

Electrification of vehicles on a large scale will also bring exciting and potentially cost-saving driverless vehicle opportunities for many businesses.

There are, of course, the obvious environmental benefits that we can all enjoy in the future with cleaner air.

OnePlus Accused Of Credit Card Fraud

Posted on by Rob Burdett

Chinese Android Phone company OnePlus is at the centre of a storm of complaints after many customers said that their credit cards had been used for fraudulent transactions after they purchased products from the OnePlus web store.

What Happened?

After receiving multiple customer complaints on the OnePlus support forum, and on social media platform Reddit over the weekend linking purchases on its website oneplus.net to fraudulent activity customer accounts, OnePlus has issued a statement saying that it has launched an investigation into the claims.

Customers affected appear to be those who have purchased a phone directly through the company website with their credit card rather than using a third-party such as PayPal.

A poll on the OnePlus support forum indicates that as many as 200 people in different countries have seen fraudulent charges, ranging from $50 to $3,000, appear on the credit cards that they used on the OnePlus site.

Theories and Denial

Theories as to what may have happened include the fact that the company’s Oneplus.net e-website was initially built on the Magento eCommerce platform which was known to be vulnerable to cross-site scripting and remote code execution attack. OnePlus has said, however, that although it had used the platform originally, since 2014 it had been re-building the entire website with custom code, and credit that card payments were never implemented in Magento’s payment module.

Another theory, fuelled by a security audit by Fidus, focuses on the idea that OnePlus may have been conducting card transactions itself, rather than through an iFrame, thereby making credit card details (including security code) vulnerable to interception as they passed through the OnePlus site. OnePlus has denied this, saying that it hasn’t been processing cards itself, it doesn’t save any payment information surrendered when people purchased its phones, and that it merely passes all data to a partner who handles the payment process.

Problems In The Past

Some of the accusations are fuelled by the fact that, last year, OnePlus admitted that some of its phones had been sending data to Alibaba without the user’s knowledge or consent, thereby breaching data protection law in Europe. Also, the company admitted that an insecure, secret back-door diagnostic tool had been left on some phones.

What Does This Mean For Your Business?

Customer trust is paramount in business, and businesses have a responsibility to make sure that all customer data and privacy is protected. The introduction of GDPR this year should help to push this message even further towards to top of the business agenda. This story reminds us that, in a time where we are more confident than ever to buy online, basic security vulnerabilities still exist in some cases where credit card numbers are submitted through forms.

Sadly, as in so many cases, breaches and security vulnerabilities are not revealed first by the company themselves, but by affected customers and researchers / other third-parties. In the case of OnePlus, as in so many others, customers have accused the company of being slow to respond to the problem.

Companies need to test and audit their payment systems to make sure that they offer maximum security as well as convenience to customers.

This story should also be a reminder of how important it is to have a workable, well-communicated, and current Disaster Recovery Plan and Business Continuity Plan in place.

In the case of OnePlus, more information is yet to be revealed about exactly what happened and why. The company itself has advised customers who think they may have been affected to check their card statements, and contact their banks to resolve any suspicious charges and help to initiate a chargeback and prevent any financial loss.

New macOS Too Secure?

Posted on by Rob Burdett

The new security called ‘System ‘Integrity Protection’ (SIP) behind macOS High Sierra is proving so secure that it appears to be stopping users from being able to delete (third-party) apps with ease.

What’s The Issue?

The process behind the SIP was first introduced to users during the ‘El Capitan’ version of macOS (10.11) in late 2015, and has a unique advantage in relation to macOS’s overall security infrastructure.

However, the SIP framework follows Apple Software Update processes that are so strict that it is impossible with the new macOS environment for runtime attachments or code injection infiltration to occur within an Apple Software Update setting.

All this means that not only will users find it less easy to delete certain third-party software / apps, but also that the past bugs may be made exempt by the ‘rootless’ SIP framework, and could, therefore, become a future risk.

Why?

Apple is essentially undertaking a simple bunkerisation / sandboxing of app behaviour within the macOS environment from a binary level in order to prevent third-party developers who have not sold their wares through the macOS App Store from being deleted with ease. Therefore, the only software affected by this security change is software developed outside of Apple.

Sealed

The ‘sealed’ nature of the software environment in iOS means that ‘permissionless’ app distribution on an iPad or iPhone can’t really happen and actually goes against the terms and conditions of use. The only way around it would be to ‘jailbreak’ the device, which would also wave the owner’s right to a legal warranty. However, the macOS App Store allows for permissionless app distribution in the context of online software distribution.

What Does This Mean For Your Business?

Security is a priority to businesses today, particularly with the proliferation of potentially devastating malware and phishing scams. With Android phones, for example, there have been some problems and scares recently with 36 fake, malicious apps turning up in Google Play, and with a fake version of WhatsApp being downloaded from Google Play by more than one million unsuspecting people. Apple systems have always been seen as a more secure option, a benefit that is very much valued by Apple users. Any move to protect the Apple environment is, therefore, something is likely to be valued and understood by many users, and any talk of potential ‘security’ problems causes alarm among the Apple community.

The problem, in this case, isn’t really that there is any kind of immediate security flaw as such, but that there is a more of a new user annoyance in relation to personal choice, as the High Sierra system allows third-party app installation but not its own singular removal. One possible potential security risk is that a user could be tricked into installing a virus or phishing app which is then protected by the sealed SIP framework.

It is, however, possible to restart the system in ‘recovery mode’ and delete any offending app because ‘recovery mode’ suspends any SIP framework protection during the ‘recovery’ boot-up mode sequence.