This week’s technology news – 15th August 2014

1.2 billion stolen credentials

Security and Investigations company Hold Security has discovered a Russian crime ring’s hacking efforts, penetrating websites big and small in search of the lucrative digital commodity of user credentials. From a mass of cyber attacks, the group has acquired over 4.5 billion records. Within these, 1.2 billion are genuine, unique login credentials. This was accomplished by successfully attacking over 420,000 websites and is suspected to be by method of SQL injection.

SQL injection occurs whereby someone inputs malicious code inside a SQL database. This can be via a standard web form or by taking advantage of a custom URL, which passes data back to the server. Once inside the database, the code can execute its custom command eg. taking lists of usernames and passwords and sending them to the desired location.

There are several measures you can put in place to combat SQL injection and save your own data from criminal attack.

1.When requesting data in forms that will be sent to your database make sure you assign length restrictions.
2.Check data type and check custom text for uses of execute code commands.
3.In addition, monitor your databases to check only the correct type of information is being collected is equally important.

With another huge credentials breach it highlights the urgency for regular password changes as part of good governance policies to keep your data secure.

 

Technology tracking study for Parkinsons patients and improved clinical decision making

In the same week that the world heard the sad news of brilliant US comedian Robin Williams’ suicide (disclosed as a Parkinson’s sufferer by his widow after his death), another Hollywood star and Parkinson’s sufferer, Michael J Fox has publicised an olive branch of hope for Parkinson sufferers.   His foundation, The Michael J Fox Foundation (MJFF) announced its support and co-funding for a study and new wearable healthcare technology app to help doctors study the effect of different medications for sufferers of the disease in the future.  In a joint venture with Intel division Basis (spurred into action by senior advisor, former chief executive – and Parkinson sufferer Andy Grove), patients were provided with smartwatches armed with sensors to track sufferers in realtime.

The disease is believed to be caused by a mix of genetic and environmental factors, though its exact cause is still unknown.  Symptoms can include tremors, uncontrollable movements, impaired balance and co-ordination, stiffness, slowness of movement, loss of smell, decline in intellectual functioning, speech and swallowing problems.

In the tests, 16 patients and nine control volunteers wore watches which allowed more than 300 data points to be recorded ever second, translating to one gigabyte of data, per patient, per day over a four day period. The information gathered was then uploaded to Intel’s system by a smartphone carried by the wearers.   The data seeks to understand how people live with the disease and respond to treatments and drugs (which could also reveal unmet needs to improve treatment in the future). The digital tests were paired with hard copy diaries kept by the individuals, supplemented by two clinical visits for further tests.  The scientists intend to create new algorithms following assessment of the data, to enable body movement symptoms and sleep patterns to be automatically measured and made available for review in real time.

The next stage of the complex study will take place in Boston, New York and Israel and will involve releasing the app to enable patients to record how they are feeling and to report their medication intake, to inform future prescriptions and to understand gait, fluidity of movement, tremors, sleep habits etc. 24×7.   Mindful of the sensitivity of patient data, Intel confirmed it would encrypt and anonymise the data to safeguard privacy. They also hope that it will eventually lead to opening up the sensor driven platform to other research centres and wearable devices in future.

Other tech players involved in health tracking tech data and devices include Samsung’s Simband wristband, Apple’s Healthkit app and Google Fit software. Through their brand weight and increased market interest in digital healthcare including emerging names such as Theranos in blood testing and diagnosis, this is creating a momentum for the sector which is rapidly growing, as new possibilities and hope for sufferers of Parkinsons and other diseases open up in the future.

parkinsons
Females only a bitesize chunk of Apple’s apple

Apple CEO Tim Cook has voiced dis-satisfaction with the low ratio of female employees at Apple in a recent employee diversity report.  This disclosed a global 70:30 gender split in favour of a largely white male workforce.  This is by no means startling for the technology industry, but nonetheless marks Cook’s goal to see the ratio change over time.

Apple currently employs 35% females in non-tech roles, 20%  in tech positions and 28% in leadership roles.  For Cook though, the diversity message goes much deeper and wider:  “Our definition of diversity goes far beyond the traditional categories of race, gender and ethnicity.  It includes personal qualities that usually go unmeasured, like sexual orientation, veteran status, and disabilities.  Who we are, where we come from, and what we’ve experienced influence the way we perceive issues and solve problems.  We believe in celebrating that diversity and investing in it”.

In comparison, the UK IT sector currently employs just 15% females in tech positions and 9% in leadership roles (source ONS, Aug 2014). This is surprisingly down on the top job stats for women from just ten months ago at the back of the UK recession, when females held 15% of leadership positions in technology.

Given the future global growth for the technology and IT servicing sectors, it would great for the eoncomy for British female students exiting schools to get excited about jobs and career opportunities in the IT industry, as well as for employers to open their eyes to think about how they can attract this valuable talent pool that would change the skewed picture on both sides of the pond if we could take a leaf out of Cook’s book.

 

Microsoft squeezing Kinect into smart phones and more

Microsoft is no stranger to real-time 3D motion capture and has been facilitating developer’s innovative controller-free ideas for many years, using their Kinect for Windows sensor. The 3D sensor can let you navigate menus by moving your hands without actually touching any physical object. As clever as the device may be when utilised well, it is hard to argue the camera sensor is small.  On the contrary, the existing Kinect devices are big and bulky, limiting its use to larger areas with the sensor fixed and calibrated to a central, ideal position.

Microsoft’s Research labs are currently working on different technologies to miniaturise Kinect-like 3D depth sensing. One approach to accomplishing this task as demonstrated by Microsoft, involves turning a regular web camera into a depth camera. Using just low cost parts including a ring of LEDs, this transformation can take place in as little as 10 minutes, the down-side here being the greater accuracy and range from the bigger, more expensive units is lost.

When the technology hits the right size we could find Kinect branded cameras on future tablets and smartphones. Using face detection to unlock your device and sign in and even letting you take advantage of in-air hand gestures to control the interface. The most interesting uses of the mobile Kinect technology could be seen via third-parties, if Microsoft opens up the Kinect APIs upon a possible release. This would make the innovative ideas from existing and future developers a lot more accessible when more people have access to the technology.

kinect_mobile

This week’s technology news – 25th July 2014

Policing Cloud and data policies provides good practice
The evolution of big data and the harnessing of data in the Cloud has, with all its technological innovation and wider corporate adoption, flagged up ever increasing policing needs around compliance and information risk management. These must be reviewed regularly and intensely by the CISO to protect the organisation.  Failure to do so will make the threat of fines and penalties (which can be more severe than fines) ever more likely.

If strong information security measures and good governance practice are put in place, this can keep organisations ahead of regulatory mandates.  The speed of change in data and privacy laws does not make it easy to stay on top but a vigilant CISO will be thinking ahead constantly.

Cloud services may be offered by multiple suppliers using multiple data centres, sending data around the world. This crossing of borders gets complicated as each country has its own jurisdictions, making safeguarding complex especially if the review is triggered by incident versus proactively controlled and selected.

The right of respect for personal information data held by organisations is at the heart of information security. Accordingly, companies need to know what information they hold and whether it is “Personal Identifiable Information” (PII).  Protecting PII is the responsibility of the data controller.  Apart from names and addresses, PII can include medical records, bank account details, photos, videos, personal preferences, opinions and work locations. It does not however, have to include a name to be PII.  Privacy is a compliance AND business risk area.

Approved jurisdictions are recognised by the EU as having an adequate levels of protection under local regulation.  Countries which have satisfied the requirements outside Europe include:  Argentina, Canada, Israel, Uruguay and New Zealand.   The US is a jurisdiction that is missing from the list.  Their ‘work around’ is the Safe Harbour Treaty, that allows EU information to be transferred to US based organisations, but this may still not provide sufficient regulatory assurance or liability for some organisations or public bodies.

The decision to use Cloud systems should be accompanied by an information risk assessment concentrating on the complexity not only of the Cloud system, but privacy regulations too – and the level of security required for that data.  Once analysed, the right path for each organisation becomes less complex and the knowledge and understanding of the CISO increases, as does the confidence of the Board that they and their data is in “safe hands”.

Reputations are lost quickly in the modern age.  Trust which may have taken years to build, when lost, is gone forever – and the swift migration of consumers will always hit the bottom line. Governance is not always present in the information security function and breaches may be more often down to an inadvertent mistake rather than criminal intent, but all steps taken to reduce risk, so long as it still enables the organisation to reach its goals, will smarten the way business operates and reacts.  So wake up and smell the coffee:  be close to your Cloud provider to know and understand where your information will be stored and processed.

Plastering on the care
digital patch plaster

A very clever battery-operated, wireless, sticking plaster-sized, patient monitoring patch has been developed by Oxford based firm, Sensium Healthcare. The monitoring patch could revolutionise patient care and increase the amount of time medical staff can give to those patients in greatest need.   Currently, patients requiring monitoring are hooked up, immobile and require constant observation, normally in four hour cycles.  The new monitoring patch enables the patient to get up and move around (encouraged as part of the process of speeding up recovery) and vital sign data is updated every few minutes, passing the data via a ‘router box’ in each room to the hospital IT system.

It is not intended to replace routine checks, but nursing staff report that it has helped take off some of the pressure on ward rounds.  The patches provided early detection of deterioration in 12% of patients wearing them in the tests at the Brighton hospital.   With a high incident of 12,000 recorded preventable deaths in England in 2012, of which one third were down to monitoring, this could be a significant game changer for NHS England – and at only £35 each and lasting 5 days, it is a refreshingly cheap solution for the Minister for Health to consider!  http://www.bbc.co.uk/news/health-28317509#

The next big thing in Mobile Memory
rice-rram
Tablets have come a long way in the last 10 years: from Windows XP tablet PC edition, to all the options that exist today. But memory is one of the areas where we have not seen great strides. Rice University in Texas is claiming a breakthrough in this field. Their silicon oxide technology – a type of RRAM – has been in development for five years and is nearing mass production, having gone through several refinements. The technology is undergoing prototyping of chips,  capable of storing one Terabyte, the size of a postage stamp. The cost of a chip so memory-dense would likely be sky high but the technology also provides all size variants in-between.

When Operating System and Device makers have a lot more memory to play with, how we use our devices could change. Being able to dump all of your apps into memory mean you could access all your information instantly. This can change how we both multitask and perform complex tasks on mobile devices.  As always cost and power consumption will be vital in what role this technology does play in the future, but with the right balance struck, this could be a turning point for mobile devices.

MDM vs Containerisation
Last year certain analysts were predicting that traditional mobile-device-management (MDM) was on the way out, to be replaced with containerisation of both data and apps. It would seem the market has taking a different approach after all. Application level management has in fact grown but MDM is still the preferred method for BYOD security. This has led to many a heated discussion on which path is best for mobile security going forwards.

So what is the right choice? Many companies are taking a two pronged attack, taking advantage of the strengths of each to use either, or both, when best appropriate. Just because MDM and containerisation can exist together does not mean that is what is best for your own organisation.  Define your own device use cases and security / governance requirements beforehand to decide which solution best suits your needs  Then you will be able to deliver the best options for your organisation’s needs.

 

Amicus ITS entered in to UKIT awards

JP and Mercedes

Two Amicus ITS employees have been nominated for the prestigious, national UKIT awards 2014.

Competing against the best of the IT industry are: JP Norman, Head of Technology & Governance, nominated for “Security Professional of the Year”, as well as Mercedes Coombes, Service Desk Level 2 Analyst who is in the running for “IT Service & Support Professional of the Year”.

The UKIT Awards, part of The Chartered Institute for IT, recognise excellence and outstanding performance throughout the UK computer industry. The awards focus on the contribution and achievements of individuals, projects, organisations and technologies that have excelled in their use and the successful development and deployment of IT in the past 12 months.

The judging is based on 4 key categories: professionalism, innovation, becoming a role model figure and evidencing measurable success, all of which JP and Mercedes have excelled in.

JP is solely responsible for the implementation of ISO27001, developing Compliance into a Service for all clients, and bringing the company’s IGSOC compliance from 66% to 100%. In addition, Mercedes has shown great initiative and going above and beyond normal duties, to ensure clients get the best service possible. She is known for her attention to detail and has demonstrated her understanding of intricate technical IT systems.

Both JP and Mercedes will find out if they have been shortlisted on Friday 5th September, to make it through to the finals on 12th November 2014 at Battersea Arena in London.

This week’s technology news – 16th May 2014

Major headache for Google as Euro court ruling supports take down requests.
A European court has ruled this week that individuals could force the removal of “irrelevant and outdated” search results. Google is starting to receive fresh takedown requests for information links that could otherwise show up in old caches when searches are made. Google refuses to confirm how many requests have been made and is remaining tight-lipped about the EU ruling, after initially responding that the “right to be forgotten” ruling was “disappointing”.

The EU has been pushing heavily for a new law on data privacy – of which “right to be forgotten” is a key component, since it proposed guidelines in January 2012. It does appear to contradict the EU advocate general’s advice in 2013 that search engines would not be obliged to honour such requests. Whilst EU Commissioner Viviane Reding is calling it a victory for the protection of personal data, legal commentators consider it will be hard to implement and difficult to manage.

In the meantime, the door to the Information Commissioner’s Office is likely to be on the receiving end of a few more knocks for advice. This demonstrates a real conflict between a perceived infringement of privacy and the rights of free speech and freedom of information for society. If the full EU proposals do get passed, firms that do not comply with the law could face fines of around 1% of their global revenues.

Samsung Knox phones and tablets approved for UK Public sector workers
Android has been hugely successful in the commercial market, taking the dominant lead and keeping it for quite some time. However Android has never be known as the most secure mobile platform, keeping many companies wary of adopting Android devices for their workforce. To convince corporates to keep their sensitive data on Android, Samsung has taken it upon themselves to create their own security platform to tackle this particular issue. Called Samsung Knox, it now runs on most of Samsung’s top-end phones and tablets securing the device from the kernel to the application level. Now, the UK government will allow UK public sector workers to use select Samsung phones and tablets following the Knox platform being approved by the Communications and Electronic Security Group (CESG).

This is a big win for Samsung who already takes the lion share of Android sales, in addition to public sectors now being able to choose these devices this could very well have a ripple effect with other corporations seeing this as a sign of maturity for Samsung’s devices in-terms of security and follow suit. Other Android OEMs such as HTC, Sony and LG have a lot of work on their hands if they want to play catch up with Samsung.

Microsoft’s 3D camera cleared to help stroke victims
Microsoft’s Kinect camera was originally introduced into the world as a gaming peripheral but it’s not hard to argue that it’s most interesting application has actually been in healthcare. Jintronix a Montreal based company with a history of motion-based physical rehabilitation has received 510(k) clearance from the US Food and Drug Administration (FDA) for its rehab system. The system itself uses Microsoft’s Kinect camera to help stroke victims recover physical functions without any sensors needed to be worn on the body.

The FDA clearance is an important milestone, CEO Shawn Errunza Jintronix said “We’re very excited about receiving FDA clearance, which paves the way for Jintronix to help in the rehabilitation of countless stroke victims,”
The technology behind this, although impressive and with allot of clever applications already delivered is due for a big overhaul as version 2 nears release. We can only imagine what visionary developers will be able to design when the new Kinect for Windows roles out soon.

slider-img1

This week’s technology news – 9th May 2014

Volvo gets its Batmobile out on show on the roads of Gothenburg
Volvo Car Group’s “Drive Me” project has started testing its automotive prototype on the streets of Gothenburg, Sweden. Volvo stress the uniqueness of this project over the Google self-drive cars is that it involves all the key players: legislators, transportation authorities, a major city, a vehicle manufacturer and real customers.

The intention will be to have 100 such vehicles on the road by 2017. The self-driving cars use radar, camera and laser technology to monitor the nearby environment. Technical expert Erik Coelingh advises that “almost all collisions that occur are caused by human error so if you automate driving, you take away the causes of many accidents and you can make traffic safer.” Volvo’s self-driving cars use radar, camera to monitor traffic and infrastructure around the vehicle, as well as GPS in order to get the latest map data to the vehicle’s computer. Time is moving swiftly in the world of robotics – and whilst the thought of a driverless car fills most of us with terror, Volvo are clearly intent on demonstrating technical leadership.

With a long history of safety, they already have the credibility of their brand. It is just about making this new step acceptable in the eyes of the consumer. If you don’t want to get scared just yet, simply avoid Sweden’s 30 miles of selected roads during the test phase!

Sony’s new tapes beat storage record
Sony not content with the recently revealed Archival Disc, capable of storing 300GB per disc, has teamed up with IBM to also give storage tapes the modern treatment. Tapes store allot more data and hold it for longer than disc’s. The new Sony tapes can hold a staggering 185 terabytes of data per cartridge, the equivalent of 3,700 Blu-ray discs. In addition to storing an impressive amount of data per cartridge the density of data – 148 gigabits per square inch beats the world record more than five times over. This is definitely one to watch and could be the answer too many corporations’ storage needs, especially in an increasing cloud based, digital world.

Piracy alerts set for UK
Internet piracy is an issue all around the world, costing the entertainment industry billions. The entertainment industry bodies and UK ISP’s (Internet Service Providers) have completed a deal to help fight internet piracy. The ISP’s involved so far are BT, Sky, TalkTalk and Virgin Media. Right holders will be the ones listening in to traffic on bit torrent networks, this will form a Copyright Infringement Report which will be sent to the relevant ISP. The ISP will then verify these reports with their own records, if this matches up the ISP will send out an email/physical letter to the account holder. These alerts pinpoint the activity in question and suggest legal alternatives for users getting their entertainment online. The alert system is planned to run for three years with regular reviews on its effectiveness.

This is an interesting step if not a very late one and the approach could be considered very soft. Hopefully these alert messages will have the desired effect but we will have to wait for the first review to see what impact – if any, these have.

Sony_Tapes

This week’s technology news – 4th April 2014

Not totally Xpired – Government offers limited reprieve to public sector and NHS
The UK Government has announced it is bailing out the whole of the UK public sector and NHS by signing a deal with Microsoft to extend support and security updates for Windows XP.  The deal is set to cost taxpayers an estimated £5.5m but will only cover critical and security updates for one year.  As the flag went up on this seven years ago it should reasonably have been dealt with by now by those healthcare IT directors left on catchup.  The support which was due to finish on 8 April 2014 is estimated by UK IT healthcare publishers EHI Intelligence to affect approximately 85% of the 800,000 PCs in the NHS.  The outdated XP operating system, first released in 2001 has been a cause of serious concern to the health service for a long time, as budgetary constraints and an alarming lack of urgency has stifled many migration plans still waiting to happen.  Trusts with more than 250 Windows XP users will need a premier support agreement with Microsoft. The Government is insisting that public sector organisations have a robust migration plan to move off XP, Office 2003, and Exchange 2003 within the year. Trusts that did migrate off XP ahead of 8 April have indicated that it is a long and complex job (sometimes up to two years), demanding significant investment, staff training, and measures to quarantine applications that cannot be put onto new platforms.   But good solutions are out there and CIOs need to step up their strategy, funding arrangements and get on with their plans in a wholesome not fractionalised approach, if they are to avoid a repeated cliff hanger crisis this time next year.

Facebook your GP
The Netherlands has demonstrated it is leading the way in using social media as a significant and positive telehealth tool.  ParkinsonsNet, introduced in 2004, now has 66 regional networks linking 3,000 healthcare professionals from 15 different disciplines linking to patients with Parkinson’s all over The Netherlands.   Radboud University Medical Centre’s report suggests it is empowering patients and lowering healthcare costs (estimated at E20 million).  The interest to NHS bosses is the chance it could be extended to diabetes sufferers, those with heart disease or breathing problems.  Whilst not aimed at removing F2F time with a GP, there is a real possibility that this could greatly enhance community accessibility into the NHS and have a major impact on budget savings to its overstretched purse.  A similar scheme has already been set up in the UK for mental health patients and professionals – and Scotland already has a dedicated Telehealth and Telecare system being piloted and due to go countrywide by 2020.  As noted by NHS England Director for Long-term Conditions, Dr Martin McShane, the facebook style technology is exciting, but the need to ensure the right governances are in place to maintain security, integrity and trust, are paramount to serve this delivery solution successfully.

the NHS Care.data progress report
NHS’s Care.data project to store all GP data in a central database housed by the Health and Social Care Information Center (HSCIC) has ended up in hot water after a series of messy incidents. First, NHS delayed Care.data for 6 months due to patients being given insufficient and confusing information on opting out. Then, PA Consulting uploaded 27 DVDs of Hospital Ep (HES) data from HSCIC to Google’s cloud to assist in analysing the data using Google BigQuery, resulting in an official complaint to the ICO for the handling of the data. This has all resulted in Google pulling out of a speculated ‘groundbreaking’ deal to include NHS data in search results. All in all this has been a terrible start not only for the NHS, but users trust in how their private medical data is stored and used by Care.data.

Windows is going free for Tablets and Phones
Microsoft hosted its yearly Build event this week. Traditionally focused at developers Build has recently been a source of what may be coming out next from Microsoft. Alongside big software updates for Windows 8 and Windows Phone, what may have surprised the audience most was Microsoft’s announcement of cutting Windows’ fees entirely for devices with screens smaller than 9”. This is a huge change in Microsoft’s strategy, now OEM can build a tablet or smart phone, running Windows without having to pay the traditional licencing fees. This should not only cut the prices of small Windows running hardware across the board, but also get Windows running tablet pricing closer to Android and increase the adoption of Windows on phones and tablets. Android is now not the only free mobile OS around.

The Week’s Technology News – 28th March 2014

A little more seasoning with that sensor, Sir?
The first international factory for ingestible sensors, is to be built in the UK by US company, Proteus Digital Health.  The factory will have the NHS and the UK Government as partners.   Portable devices such as these are decentralising healthcare and will transform the way healthcare can be delivered in partnership with the patient. The technology is swallowed and the stomach fluids power the sensor by transporting it via stomach fluids.  A body worn patch sends information captured to a mobile device.  Such technologies have the potential to be transformative to healthcare, as the collection of data and mobile management tools enable diagnosis, faster assessment and more accurate treatment, linking the patient, their carer and clinician to help them stay well.  The technology will become more affordable and convenient as specialists in consumer technology are conjoining with medical technology and identifying commercial opportunity.  For an already overstretched NHS this sounds like a welcome IT technological advance.

Irritation with spammers creates collaboration amongst mobile giants and ICO
EE, O2, Three and Vodafone and the Information Commissioner’s Office (ICO) are working together to prevent nuisance text messages of spammers and fraudsters spreading across the UK’s four major mobile networks. This is being done by the mobile group signing up to the GSMA Spam Reporting Service. This will be coupled with mechanisms in real time to find the perpetrators. Those who have breached the Privacy of Electronic Communication Regulations (PECR), will have monetary penalties issued against them.  In 2012, the ICO issued a £440,000 fine to two men running a spam texting operation.  The GSMA platform will collate and analyse the details of users’ reported spam to id patterns and origins of attack. The collaborative aim of the group is to isolate and prevent spread to other networks.  The ICO is also looking to extend this into nuisance calls.  Vigilance against threats to mobile devices are an ongoing challenge for MSPs, as mobile workforces become ever more commonplace. Reducing fear and threat should certainly get the thumbs up from the marketplace.

Keep your MITs off our data
A group of MIT researchers have created a new platform for creating spy proof websites by building secure sites, services and applications, called Mylar.  This is in response to the high profile Snowden leaks of government agency incursions in the USA to capture people’s private data and to counter the increase in identify theft and hacking efforts internationally.  With Mylar, the data remains encrypted all the time in its servers and only decrypted when accessed from your computer, with correct password authentication.  The system is being tested by a group of patients in the US to share medical information with their doctors and the designers are exploring their own chat, photo sharing and calendar applications.   Whether this leads to a more commercial take up remains to be seen, as web providers may be reluctant to use a technology which restricts clients’ websites from accessing user data to serve targeted ads.

Gartner take time out to stare up at the clouds
One of Gartner’s leading Storage Technology and Strategist Directors, Valdis Fink, has been thinking afresh about how Cloud needs to develop, versus how it has been used.   For organisations, a primary benefit of Cloud has been to shift capital costs to operational costs.  SMEs who have had their own servers or back up options, are increasingly taking up the opportunity to outsource to secure data centres.  However, data centres have remained the same with centralised grid computing architecture which has got larger and the offerings cheaper, so data (and apps) has essentially just been re-centralised elsewhere. Fink maintains that real cloud computing should be location and device independent, safe and accessible from anywhere, within the internet, on peoples’ computers and devices, in data centres and in hyper-scale data centres, using information dispersal algorithms.  Such technologies are available today, which synch and secure. So the challenge for forward thinking MSPs is to drive the thinking, rather than follow major vendors to ensure your service is “leading edge” and right for your clients who have every right to expect the best.