This Week’s Technology News – 26th September 2014

Just Google it – or maybe not
Google is for most people, the ‘go to’ place for finding information on the internet and has been the dominant player for quite some time. Users of Google’s search service are not likely to complain, being happy with the service and its many improvements over the years. In Europe it accounts for 90% of all search traffic effectively holding a monopoly in the search arena. The European commission opened an anti-trust investigation into Google in November 2010 after complaints from competitors that its search service favoured its own services such as Google Maps, Play store, Google mail and more, giving Google an unfair advantage. The EU warned Google that they would need to give equal prominence to rival search engines to prevent anti-trust fines.

These disputes have yet to be resolved as the EU remains unhappy about how Google has reacted to these complaints after three attempts. Google’s last proposal was to allow competitors to bid for reserved space at the top of search results. This was rejected by the EU for a range of reasons including that this would allow Google to make money out of these changes. If the next proposed changes don’t appease the EU, the next stage will be a fine. Anti-trust laws can result in fines of up to 10% of annual sales, which for Google last year amounted to £33.8 billion, so no small change there.

Google’s current search disputes with the EU draws significant parallels to Microsoft’s browser woes which started back in 2007 where it’s inclusion of Internet Explorer with Windows secured a 90% market share effectively excluding other internet browsers. After several proposals the final outcome was for Microsoft to have to give Windows users a choice of browser with the automatic ‘browser choice’ popup, which has stayed on Windows to this day. Since then Microsoft has been fined for failing to deliver the ‘browser choice’ to specific scenarios of Windows usage. Microsoft’s browsing market share today now sits at 57.69% – a far cry from its dominant position before.

It is uncertain if Google will be affected in quite the same way Microsoft was if they need to implement similar changes, but it would be a thorn in their ‘all Google’ ecosystem. Google may be happy to take a substantial financial hit from the EU, though it is not clear if this would be a one-off or continued annual charge if they do not make the necessary changes. Either way this will not be an easy decision for Google, having seen the fall of Internet Explorer. The next proposal will certainly be an interesting one to follow and one that could change search engine prominence for years to come, possibly with the loss of the ever common response: “just Google it”.

Devastated by Shellshock
A major flaw which has been nicknamed ‘Shellshock’, has been discovered in the Unix Bash shell. This leaves Linux machines, OS X machines, routers, older IoT devices and others more vulnerable to attack. With Linux hosting appliances, web-connected devices, web servers and web-powered services, the Bash shell and Mac OS X Mavericks would also be affected.

Attackers can run code on your machine after exploiting the flaw, but the worry, exposed by PC World, is that this flaw has been in the Bash shell for years and is likely, because it is so embedded in systems, to be found in unpatched systems for a long time to come (although those using good security should hopefully avoid heavy compromise).

With memories of Heartbleed still fresh in the minds from the wide use of OpenSSL security protocol, Shellshock is being seen by some as having similar gravity because of the extent of devices affected.

Countering this, Red Hat, Fedora, CentOS, Ubuntu, and Debian and internet service providers have already put out patches to plug Shellshock.  It could however last for years as a large amount of software interacts with the shell and with so many old devices on the network this will leave vulnerability to the bug. Some commentators are cooler about the worries because most systems installed with Bash cannot be remotely exploited, thus limiting harm.

To test if your version of Bash is vulnerable to this issue, you can run this command:
$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the system responds with the following you are running a vulnerable version of Bash and should apply any available updates immediately:
this is a test

Keeping systems and security up to date will always help minimise fallout and phishing attempts from such incidents.  Given that this has only just come out, no doubt many more notorious incidents will follow in the future.  For organisations who have not reviewed their IT infrastructure to establish their levels of security and governance procedures, now might be a very good time, whether you are using Linux or not.

blog 26-9 verify

I promise I am who I say I am, Sir
The ever-increasing threat of internet fraud has prompted an identity assurance system called Verify to be created by the award winning Government Digital Service.  Still at beta testing stage, it could potentially mark a huge step forward in the process of formalising secure verification for end users, businesses, public sector organisations and governments, which all interact with each other.

It is being promoted as a one-stop shop for proving your identity for a range of government services, which could include filing and paying your tax return, or renewing a passport or driving licence.  The UK is apparently leading the world with this testing, so all eyes are on to monitor its success (with banks and other commercial organisations taking great interest in the results).

The initial registration process should only take 10 minutes and thereafter creates a secure assured platform confirming you are who you say you are, from which the user can interact with any of the companies or organisations with a short circuited ID route.  In practice the user would firstly select the company needed to verify them (ie. Experian), then provide personal details including passport or driving licence number and link this to a phone number (mobile or landline). The user would then be given a one-time code prior to proceeding further.

With testing outsourced currently to Experian and US company Verizon, the longer term plan is for the application to be used by The Post Office, banks and UK mobile phone operators etc.  The process is complex and still a long way from being ready to launch.  Technical glitches need ironing out, as well as ensuring the customer experience for frustrated users unable to complete the verification process is fit for purpose.

Secure ID verification is a tremendously thorny subject given the high levels of internet fraud, so getting us to a more secure place is terribly important.  However, added to this is the issue of trust.  Will users be comfortable to have such unification and data sharing between distinct organisations and Governments?   It is the same uncomfortable route that public services are increasingly going down under the aegis of cost savings:  eg. co-location of community and council services with police stations. It sounds good on paper, but may be a vision of convenience too far from the State without proper consideration of public appetite.

collaboration visual
Connected employees driving changes in the workplace

Meetings on average, occupy one third of our working lives, yet much time is wasted with late starts, bad connections or out of date tools.  With the increase of collaboration, both physical and virtual, the modern mobile professional workforce demands tools which are agile, easy to use and secure.

A recent survey found 73% of workers take a laptop, smartphone, tablet or combination of devices into physical meetings.  Additionally, 55% of these professionals are using smart devices to share documents and visuals with meeting participants as an alternative to projectors and monitors.  Rather more worryingly for organisations, the consumerisation of technology has led to employees using their own apps and devices into meetings and choosing their own web conferencing tools. 65% of all workers surveyed had a backup conferencing or collaboration tool they chose to use in lieu of the corporate solution.

With an increasingly mobile workforce, if real-time, secure collaboration and productivity is to be demanded and delivered, then businesses need to review their systems and apps to establish the most appropriate route whether corporate devices or enterprise BYOD strategy to ensure that the people and productivity solution is fit for purpose and wraps data security and policy management together. Only then, will collaboration be seen on both sides as offering the flexibility and answers for the user and the security and peace of mind to the organisation for where and how the data is and can be shared and stored.

Lost no more – tracking technology going truly global
Location tracking technology has evolved substantially in recent years, making the leap from stand-alone device for use in a car to being incorporated into almost all portable smart devices including smartphones, tablets and now smart watches. Not only has the technology got smaller, but also smarter than ever. Google and Nokia are hard at work making indoor location tracking available in more locations. So whether you are driving or hiking- or perhaps needing directions whilst exploring a large indoor area such as a shopping centre, you are likely to be covered with the device in your pocket.

Flight tracking technology has not had the same push as mobile. Its accuracy was fully tested on 8th March with the disappearance of Malaysian Airlines flight MH370 and found to be wanting due to the alarming gaps in information. The airline technology was unable to accurately pinpoint the location of the missing aircraft and led to enormous areas being searched over land and across the seabed for two months without result. The existing radar system does not have global coverage and is reliant on the transponder, which failed in the case of flight MH370.

Aireon (a subsidiary of Iridium Satellite) is promising global coverage for aircraft tracking so no matter where on the planet an aircraft goes missing, they claim it should be possible to locate it. The system is currently in development and due to launch in 2017, but Aireon plan to make it available free of charge to the aviation community, emergency services and search rescue teams. Aireon uses a variation of the Automatic Dependent Surveillance Broadcast (ADS-B), with 66 “Next” Low Earth Orbit (LOE) satellites to essentially cover the globe. With global reach achieved, the intelligence of location data will be the next drive in this area. Google has already made great strides in adding context to location data with Street View. Interactive points of interest information and indoor mapping has already begun, but is still in the early stages. Even with all this data collected there is still the need for intelligent systems to interpret this on new devices such as wearables as well as bringing the new data back into the car. Location based services have added value and greater investment in both location and information accuracy will enhance and create an elevated user experiences and increase the security and safety of people worldwide.

With these technological advances, finding aircraft should be quicker in future, potentially saving lives as well as offering a degree of closure to anguished relatives. But a warning bell must also sound out around the question of data security with a global data network like this in operation, where it could be accessed potentially by third parties. As long as this aspect is also thoroughly reviewed then it should be win-win scenario.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.