To include the infographic in your site use the embed code below:

<a style=”border:none;” title=”UKFast Hosting – Cloud Services Checklist” href=”http://blog.ukfast.co.uk/2012/01/27/9581// “><img src=”http://images.ukfast.co.uk/diagrams/infographic/get_ahead_of_the_cloud/Cloud_The_Cloud_Checklist_700x990.jpg” alt=”UKFast Hosting – Cloud Services Checklist” /></a>Infographic by <a title=”UKFast Hosting” href=”http://www.ukfast.co.uk/”>UKFast Hosting</a>

To embed the inforgraphic into your own site, please use the code below:

<a style=”border:none;” title=”UKFast Hosting – Cloud Services Application” href=”http://blog.ukfast.co.uk/2012/01/27/9577/ “><img src=”http://images.ukfast.co.uk/diagrams/infographic/get_ahead_of_the_cloud/Cloud_Cloud_Service_Application_700x990.jpg” alt=”UKFast Hosting – Cloud Services Application” /></a>Infographic by <a title=”UKFast Hosting” href=”http://www.ukfast.co.uk/”>UKFast Hosting</a>

A mere 25 per cent of UK online merchants are actively tracking fraud through their mobile sites, and even fewer are tracking electronic crime via their apps, just 16 per cent.

The UK Online Fraud Report 2012 claims that despite the gloomy economic climate, online retailers are experiencing growth and expect this to continue throughout 2012.

“The mobile channel presents a real opportunity for merchants,” said Dr Akif Khan, co-author of the report and director of products and services for CyberSource in the EMEA – creators of the fraud report.

“But just a quarter of those merchants are tracking fraud originating on their mobile site and only 16% are tracking fraud through their mobile apps.”

With more and more interfaces being streamlined to make m-commerce simpler for the user, the fraud risks on mobile channels are becoming increasingly different to those of traditional online shopping. Khan continued to say that they are yet to be “properly understood”.

The report examines the varying impact of fraud on each sector: 51 per cent of travel and 46 per cent of services providers were primarily concerned with the amount of revenue lost as a result of fraud.

Half of all physical goods retailers surveyed are more concerned by declining genuine orders in the belief that they are fraudulent and 41 per cent of digital goods companies expressed concern over the cost of potentially having to manual review too many orders.

Forthcoming changes to privacy settings, set to take effect from 1 March, will see data shared across all these platforms. Users cannot opt out of the changes.

Google claims that the update will offer more relevant searches but critics say that it is instead related to the data battle the search giant is waging with arch-rival Facebook.

Alma Whitten, Google’s director of privacy, product and engineering, told the BBC that the changes were necessary to simplify current privacy settings.

“We’re rolling out a new main privacy policy that covers the majority of our products and explains what information we collect and how we use it in a more readable way,” she said.

“If you’re signed into Google, we can do things like suggest search queries, or tailor your search results, based on the interests you’ve expressed in Google+, Gmail and YouTube,” the firm said.

The search behemoth caused controversy earlier in the month after integrating Google search with Google + – causing social network Twitter to lash out over the effect that this will have on its own search rankings.

Data is a hugely valuable commodity as firms seek ways of making money from users’ web habits with ever more targeted adverts.

Google’s new privacy policy combines more than 60 different policies into one. A move that campaign organisation The Open Rights Group (ORG) thinks could be risky.

“Does this simplicity come at the expense of strong boundaries between Google products. Will details that users thought might be private on one be revealed in unexpected ways on another?” asked Peter Bradwell, an ORG campaigner.

Google has yet to release details about how the new privacy policy will work, however their previous attempts at social network with the now defunct Buzz led to a string of privacy investigations from data regulators around the world.

“You’d hope they had learnt lessons from Buzz,” said Mr Bradwell.

The UK’s Information Commissioner’s Office warned that any changes must be communicated to users.

“It is important that technology companies, such as Google, are aware of the privacy concerns that exist when behavioural advertising is used to target particular content at individuals. Failure to inform users about changes may not only lead to a loss of trust in the company, but could also mean that they are failing to comply with the requirements of the Data Protection Act.”

Embed the infographic into your own site using the link below:

<a style=”border:none;” title=”UKFast Hosting – Business and Cloud Computing” href=”http://blog.ukfast.co.uk/2012/01/30/business-and-cloud-infographic/”><img src=”http://images.ukfast.co.uk/diagrams/infographic/get_ahead_of_the_cloud/Cloud_business_and_cloud_computing.jpg” alt=”UKFast Hosting – Business and Cloud Computing” /></a> Infographic by <a title=”UKFast Hosting” href=”http://www.ukfast.co.uk/”>UKFast Hosting</a>

All of the experts agreed that many SMEs struggle to get around the hype of cloud to find out how it can help their business to prosper. Harvey Davies, owner of iStorCloud described it as “a minefield for SMES” and Cliff Fox, managing director of SICL said that cloud is like “the wild west” for companies who are struggling to make informed choices about the technology.

To help businesses break through the hype of cloud we have designed a series of infographics that we’ll post throughout the next week.

Please feel free to add your comments and advice for people considering cloud computing solutions – we’d love to hear your views.

Here is the first in our series – Why Do SMEs Choose Cloud?:

To embed the infographic in your own site, please use the code below:

<a style=”border: none;” title=”UKFast Hosting – Why do some SMEs choose the cloud?” href=”http://blog.ukfast.co.uk/why-do-some-smes-choose-the-cloud/”><img src=”http://www.ukfast.co.uk/images/diagrams/infographic/get_ahead_of_the_cloud/Cloud_why_do_smes_choose_the_cloud_700x990.jpg” alt=”UKFast Hosting – Why do some SMEs choose the cloud?” /></a> Infographic by <a title=”UKFast Hosting” href=”http://www.ukfast.co.uk/”>UKFast Hosting</a>

As a company with customer service at its heart, receiving recognition for the passion, focus and effort of our team is a fantastic honour for us.

The final result will be announced by the Institute of Customer Service (ICS), who runs the awards, at a ceremony on March 6.

At last year’s event we were delighted to receive ‘highly commended’ status for the award for Customer Commitment and the Customer Focus award; so we’re hoping for similar, if not even more, success at this year’s awards.

We are up against some tough competition, but being shortlisted alongside business heavyweights like National Express and LV= makes being named a finalist even more exciting.

Find out more about the awards and view the full list of finalists at the ICS website.

The video giant revealed the astonishing figures in a blog post –the same place that they revealed, in mid-2007, that YouTube had hit 6 hours of footage uploaded every minute. That’s ten times more uploads footage per second in less than a five year period.

In the blog post, YouTube explained: “For all the hours of video you’re uploading – you’re watching more as well; we’ve now exceeded four billion video views globally every day. That’s up 25 percent in the last eight months and the equivalent of more than half the world’s population watching a video every day.”

YouTube attempts to put the massive engagement figures into some perspective at onehourpersecond.com.

The blog also revealed that the focus for YouTube in 2012 will be more original channels – creating the new MTV, ESPN and CNN – with the new homepage aligned with your favourite channels as well as a range of new creator tools.

With YouTube apps already a staple feature of most smart phones, the increase of full-length titles on the site and personalised channels and homepages, YouTube is making video consumption simpler and more convenient.

Will the growth of internet TV help or hinder the site’s growth? Will people ever get bored of videos of keyboard cats and people falling over?

Within minutes of the U.S. Department of Justice (DOJ) announcing MegaUpload’s takedown, the hacker-group took down the websites of the DOJ, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), Warner Music Group, BMI, and Universal Music, all of whom are supporters of the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA).

Anonymous tweeted the announcement of #OpPayback and to orchestrate its top-scale DDoS attacks (distributed denial of service – where the group effectively floods the site with traffic, overwhelming it to a point where it can no longer function properly).

In an interesting evolution of the Anonymous attacks, hackers shared a link through Twitter inviting users to click and install a program called LOIC. This program allows computers to join in an attack on a particular website, firing overwhelming amounts of unwanted traffic at the site – it was almost a recruitment effort from the group to join the ranks of their zombie computer army.

More than 5,635 people were confirmed by the group to have joined the attack using LOIC. The attack highlights the increasing complexity and scale of Anonymous’s signature DDoS attacks.

The twitter account of @AnonymousIRC, a prolific hacker associated with the hacktivist gang, directed a message at the FBI asking if the bureau ‘feel censored yet?’ and said: “We sincerely hope you like your own medicine!”

The music industry targets were only briefly targeted for their support of SOPA and PIPA, although Universal’s site remained down this morning.

The action against MegaUpload is being touted as the biggest copyright case in US history and although the DOJ is insisting that the case is completely unrelated to the ongoing battles of SOPA and PIPA, it couldn’t really have come at a more heated time.

As the attacks continued, Anonymous tweeted ‘you should have expected us’. At such an explosive time for the future of the internet the closing down of MegaUpload has shown to be the catalyst for hacktivism to skyrocket.

The scale of volunteers to join in the attack is a clear demonstration that hacktivism is not going anywhere soon other than up. The scale of the reaction that developments of SOPA, PIPA and any other copyright legislation could provoke is beyond imagination.

Update: According to Anonymous’s communications site this is the list of websites affecting by #OpPayback:

• Department of Justice
• Motion Picture Association of America
• Universal Music
• Belgian Anti-Piracy Federation
• Recording Industry Association of America
• Federal Bureau of Investigation
• HADOPI law site
• U.S. Copyright Office
• Universal Music France
• Senator Christopher Dodd
• Vivendi France
• The White House
• BMI
• Warner Music Group

The traffic site Pingdom found in their annual research that the number of internet users has jumped from a mere 360 million at the end of 2000 and now accounts for 30 per cent of the planet’s population.

Europe accounts for 476 million of these users, Asia holds the top spot with 922 million and North America is in third place with 271 million. China leads the countries with a whopping 485 million people using the internet, more than 36 per cent of its total population.

Revealing other data from different third-party sources, Pingdom discovered that in the year that marked the 40th anniversary of the first e-mail ever sent, 3.1 billion e-mail accounts were active worldwide. Microsoft Outlook proved the most popular client with a 27 per cent market share, while Hotmail was the most popular service with 360 million users.

The number of global websites shot up to 555 million in December, with a massive 300 million of them added just last year. The number of registered domains reached 220 million in 2011’s third quarter. Domain names with a .com address were the most prevalent at 95.5 million.

Social media and mobile traffic continued to skyrocket, according to Pingdom’s information. By the end of last year, Facebook had more than 800 million users, 200 million of which joined the service just last year. The number of Twitter accounts rose to 225 million, with 100 million active users in 2011. Lady Gaga ended 2011 as the most popular person on Twitter, currently followed by 18.1 million people, while #Egypt was the top hashtag on the site last year. Overall, 2.4 billion social network accounts flooded cyberspace in 2011.

As 2011 came to a close, the number of mobile subscriptions was estimated at 5.9 billion in a world of 7 billion people altogether. Active mobile broadband accounts numbered 1.2 billion. And with more mobile phone users hopping onto the internet, 85 per cent of all handsets shipped in 2011 included a web browser.

So what is to come now? In a company blog post Pingdom predicted: “For 2012, there’s every reason to think that the internet, by any measure, will keep growing.
“As we put more of our personal as well as professional lives online, we will come to rely on the internet in ways we could hardly imagine before. For better or worse, the Internet is now a critical component in almost everything we do.”

Here’s the portrait that the report paints of the internet in 2011:

• 3.146 billion – Number of email accounts worldwide.
• 27.6% – Microsoft Outlook was the most popular email client.
• 19% – Percentage of spam emails delivered to corporate email inboxes despite spam filters.
• 112 – Number of emails sent and received per day by the average corporate user.
• 71% – Percentage of worldwide email traffic that was spam (November 2011).
• 360 million – Total number of Hotmail users (largest email service in the world).
• $44.25 – The estimated return on $1 invested in email marketing in 2011.
• 40 – Years since the first email was sent, in 1971.
• 0.39% – Percentage of email that was malicious (November 2011).
• 555 million – Number of websites (December 2011).
• 300 million – Added websites in 2011.

‘Linux Adoption and Trends 2012: A Survey of Enterprise and End Users’ from the Linux Foundation and the Yeoman Group, revealed that the two emerging trends are driving the growth of the technology.

The survey showed that 75% of these were concerned about the growth of data. Of these, 72% revealed that they are choosing Linux to support this.

Of users in the cloud, 66% are using Linux as their primary platform – an increase of 4.7% of last year. “Going forward, 34.9% of organizations are planning to migrate more applications to the cloud, up from 26% last year,” the report says.

Seventy-two percent of organizations expect to have a quarter or more of their servers virtualized by the end of the year, and more than 46% of the organizations plan to have half or more of their platforms virtualized by year’s end.

One of the key findings of the report is that more than 8 out of 10 of existing enterprise Linux users have expanded their usage over the past 12 months and plan to add more in the coming year.

Although there were 1,893 respondents to the survey, the results were calculated from responses from 428 IT professionals from organisations across the world with an annual revenue of more than $500 million or more than 500 employees.

Download the full report from the Linux Foundation.

Today thousands of sites are taking part in a #SOPABlackout by taking their sites down, censoring them or generally showing their opposition to the Act which, they say, would have a huge and damaging effect on online business .

Wading through the press coverage, the bill itself and the mass of opinions and conjecture, here is a summary of how an American law could change online business in the UK, what the Act is all about and how it could affect us?

What is it?

SOPA is a proposed piece of American legislation drafted to combat online piracy and prevent American companies having thier intellectual property stolen. The actual Act is complicated; Chris Heald from Mashable described it as spaghetti and that “if a programmer on my team wrote code as convoluted as the Act I would fire them instantly.”

Basically, the bill proposes a system to punish sites allegedly “dedicated to the theft of US property.” Sites, or single pages, that are:
1. directed toward the US, and either
2. allegedly “engage in, enable or facilitate” infringement or
3. allegedly be taking or have taken steps to “avoid confirming a high probability” of infringement.

Here’s how Mashable explains that this could play out:

• Plantiff accuses your site of infringement and serves notice to PayPal and Google, et al.
• PayPal and Google must shut off your payment services and ad services in 5 days. You are never notified.
• If a service provider fails to shut off service, then the plantiff may may now take you to court for infringement.
• Once you become aware that you’ve been accused of infringement, you either a) let your services get cut off by taking no action, or b) serve a counter-notice, which places you under US jurisdiction (if you’re not in the US) and sets you up for a perjury charge.
• If you respond with a counter-notice, then Plantiff may now take you to court for infringement.
• Plantiff accuses your site of infringement, and you don’t respond. Plantiff files an in rem lawsuit, and seizes control of your domain.

So before having a judge rule you guilty of an infringement, the copyright-holder could cut-off your ad and payment services and demand the infringing content be removed. If this does not happen, a law suit can then be filed.

How will it affect the UK?

The key lies in the Act’s definition of sites “dedicated to the theft of US property.”

Any site across the world found to meet this definition could be subject to punishment under the law. Mashable describes this as giving “the government the right to unilaterally censor foreign websites. So any website in the UK that infringes the conditions mentioned above will be affected by the bill.”

As The Huffington Post explains: “Search engines will have to comply with the bill by removing links to sites displaying contentious copyright material,” whether that is in America, the UK or anywhere else.

If your UK-based site is found to breach copyright, Paypal and credit payment services like Visa and Mastercard can be cut off.

As Jimmy Wales, founder of Wikipedia, points out to the BBC, the Act could have detrimental effects on start-up companies, online entrepreneurialism and innovation overall. He said:“Start-ups that focus on user-generated content may find it hard to gain funding, and will have to devote significant resources to checking all material for copyright.”
From a consumer point of view, YouTube, Facebook and other social media sites all fall foul of the bill as users regularly post and share copyrighted material in the form of music videos, film clips, songs and images. SOPA makes it a felony offense to post a copyrighted song or video.

Where Does That Leave Us?

Having already announced that he would remove the DNS blocking and rerouting provisions of the bill (considered the most onerous by many in the tech community), architect of the bill, Republican Lamar Smith has released a statement announcing a mark-up session next month where the bill could be added to and amended.

The statement read by Chairman Smith read: “To enact legislation that protects consumers, businesses and jobs from foreign thieves who steal America’s intellectual property, we will continue to bring together industry representatives and Members to find ways to combat online piracy.

“Due to the Republican and Democratic retreats taking place over the next two weeks, markup of the Stop Online Piracy Act is expected to resume in February.

“I am committed to continuing to work with my colleagues in the House and Senate to send a bipartisan bill to the White House that saves American jobs and protects intellectual property.”

This suggests that despite the opposition from the #SOPAblackout and President Obama’s criticism of the Act in its current form, SOPA isn’t dead yet, which means that protests and the opposition will continue until an acceptable edit or replacement can be found.

What do you think: can SOPA be edited enough to make it fairer or should it be completely scrapped?

Wales announced on Twitter that Wikipedia will begin a 24-hour blackout of the English Wikipedia site, which will provide access only to pages explaining the Act and urging people to contact their congressman and representatives in opposition of the bill.

The idea of an internet blackout was first proposed by social media site Reddit and was adopted by Wikipedia after Wales asked site users if the company should initiate a ‘public uprising’ against the proposed bill.

Wales said: “Right now what I am thinking is that if there is a credible threat that this might happen, this could have a positive impact on the thinking of some legislators.

“Do not underestimate our power – in my opinion they are terrified of a public uprising about this, and we are uniquely positioned [to] start that.”

Reddit and the Cheezburger network that includes sites like The Daily What and Fail Blog also plan to shut down but Facebook, Twitter and Google have all voiced their opposition to the Act but are yet to join tomorrow’s blackout. Many users are, however, pledging to flood social networks that do not join the blackout with messages in protest against the Act and why it could be harmful for freedom of expression.

Twitter’s chief executive, Dick Costolo, slated the public uprising saying: “Closing a global business in reaction to single-issue national politics is foolish.”

It is the latest development in a long line of controversy in reaction to SOPA. US President Barack Obama has expressed his reluctance to sign the bill in its current form in a White House statement issued this week.

It read: “We will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global internet.”

The statement continued to say that online piracy needs “a serious legislative response” but not one that “inhibits innovation”.

The statement effectively put the brakes on SOPA in its current form, until an ammended or adjusted version of the bill progresses. PIPA, or the Protect IP Act (the Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation Act) is still alive and kicking and due before the Senate on January 24th.

As no one knows the full facts of either Act, it is impossible to separate fact from conjecture, but what is clear is that the furore surrounding SOPA and PIPA has reached fever pitch and support for the Acts seems to be evaporating fast.

“This coming Tuesday behold the full Norton Antivirus 1,7Gb src, the rest will follow,” Yama Tough posted via Twitter.

It is claimed that the hack is related to a proposed class action lawsuit filed in the U.S. earlier this week, which accuses Symantec of seeking to persuade customers to buy its products by scaring them with misleading information about the health of their computers. The lawsuit described Norton Utilities as a form of “scareware,” however a Norton spokesperson gave no additional information about the claims made by Anonymous.

In the past week Yama Tough has released pieces of source code from Symantec products along with a cache of emails. The hacker says that all of the data was taken from Indian government servers.

Symantec provided news-site the Inquirer with the following statement regarding the Norton source code:

“The code for Norton Utilities that was posted publicly is related to the 2006 version of Norton Utilities only. That version of the product is no longer sold or supported. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities.”

“Furthermore, we have no indications that the code disclosure impacts the functionality or security of any of Symantec’s other solutions. Lastly, there are no indications that customer information has been impacted or exposed at this time. As always, in general, Symantec recommends that users keep their solutions updated which will help ensure protection against any new possible threats.”

iCrossing has extrapolated data announced at Facebook’s F8 conference in September and predict that the site will reach the milestone as soon as August 12 this year.

A population of 1 billion Facebook users amounts to three times the population of America – the site’s country of origin.

The announcement comes amid news of a slowdown for the site in the UK and US, however, iCrossing explained that emerging markets more than compensate for the downturn; India has added 14 million users and Brazil a further 7 million users over a nine month period.

As Facebook’s IPO (initial public offering) looms – some predict it could be as early as May this year – many are concerned how this will translates into revenue.

Facebook’s advertising revenue has continued from strength to strength and revenue has grown to $US3.8 billion (£25 billion) in 2011 from just $US264 million (£172.5 million) in 2008, according to estimates from research firm eMarketer.

In a recent interview with the Wall Street Journal, Facebook founder Mark Zuckerberg said: “I built this as a product and not initially as a company. What ended up happening after we started hiring more people and building out the team is I began to get an appreciation that a company is a great way to get a lot of people involved in a mission you’re trying to push forward.”

The company’s chief operating officer, Sheryl Sandberg, explained Facebook’s goals as part of the interview. She said: “We want to see sharing increase. We want to see users continue to grow, but as we already have more and more users, the growth comes from activity. We are really emphasising what people do.”

Facebook may be solidifying its position at the top of the tree, but there are some sizeable competitors waiting in the wings to steal its perch. Google+ had a few stumbles in the aftermath of the hype around the network’s launch, but some projections expect it to hit 400 million users by the end of 2012.

Considering that Google+ could reach 400 million users in just 18 months and it has taken Facebook eight years to reach a billion, it seems that true competition could be on the horizon.

It is definitely an interesting time for the social behemoth. How well it will fair against competitors and the changes that becoming a public company will bring – only time will tell.

No longer will we simply see .com, .net, .org or the 19 other current gTLDs, instead the internet world will now be flooded with the likes of .news, .cocacola, .football and .anyotherwordthatismorethan2characterslong.

To register a new gTLD will cost $185,000 and $25,000 per year, compared to $10 for a .com domain.

Costing an estimated total closer to $500,000 to set up, smaller companies and not-for-profit organisations are concerned about the cost of protecting themselves from cyber-squatters.

Last year, the United Nations, the International Monetary Fund and 26 other international organisations wrote to ICANN to ask for suffixes like .imf to be protected.

In December, the US Federal Trade Commission also wrote to ICANN warning that the expansion of generic top-level domains “has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down internet fraudsters.”

Scott Pinzon, director of marketing and outreach at ICANN, explained that the internet is notoriously hard to predict. He said: “New gTLDs represent a platform for innovation. No one can predict what smart people will do with them. Lots of new business models will be invented. Some will work. Some won’t.

“But given the fountain of innovation and public benefit that has poured from the internet over the last 20 years, sitting here in 2011 and definitively predicting the failure of new gTLDs seems short-sighted.”

Here’s a summary of the effects that the change could bring for internet business:

Advantages:

• Increased accessibility – easier to search for sites because URLs are likely to be richer in key words and more SEO friendly.
• Prestige – having a .brand gTLD adds a certain je ne sais quoi to a business’ brand, placing them with global players like .dell, .cocacola.
• Increased security – .com is freely available, with around 90 million registered names, and is open to fraudsters and abuse, having a specific suffix could increase consumer trust in your site.
• Creativity – the new suffixes could prove to be a marketer’s dream, opening the doors for enjoy.coke or visit.london.

Disadvantages:

• Cost – the new domain names are massively expensive in comparison to .com/.org
• Exclusion – because of the high cost, only big name brands have the budget to get the ‘edge’ that personalised gTLDs presents.
• Confusion – having so many new gTLDs (as many as 1,000) novice internet users may find themselves out of their depth simply browsing the web
• Search – the confusion caused by changing gTLDs could lead the public to turn to search engines more rather than typing the full web address.

How do you think the new gTLDs will change the web for online business?

The following table shows affected software by bulletin and the likelihood of an Operating System restart being required and the services this may affect:

In summary, we are likely to see updates requiring reboots of servers this month. As usual, as a UKFast customer, you will benefit from these updates being applied automatically unless you have opted out of this service.

The hacktivist cell, allegedly in allegiance with Anonymous, obtained thousands of British email addresses and encrypted passwords, including those of defence, MI6 intelligence and the police as well as politicians and NATO advisers, and published them on the internet.

Among the addresses published were those of advisers to the Joint Intelligence Organisation, which acts as the prime minister’s eyes and ears on sensitive information. The cell did not, however, target David Cameron himself.

The high-profile data was obtained during the group’s Christmas Eve hack on intelligence firm Stratfor, who specialises in foreign affairs and security. The hacked database contains spreadsheets of the user IDs, email addresses and encrypted passwords of about 850,000 subscribers to Stratfor’s website.

The passwords are encrypted in code that can quickly be cracked using off-the-shelf software.
The database also has some 19,000 email addresses ending in the ‘.mil’ domain of the US military, including 173 individuals deployed in Afghanistan and 170 in Iraq. There was personal data from former vice-president Dan Quayle and former secretary of state Henry Kissinger.

Seven officials in the UK Cabinet Office have also had their details exposed, 45 Foreign Office officials, 14 from the Home Office, 67 Scotland Yard and other police officials, and two employees within the royal household were also compromised.

Alarmingly, none of the 23 people in the houses of parliament, including Jeremy Corbyn, Lady Nicholson and Lord Roper, were aware that they had been hacked.

That’s application, not applications.

There’s a great piece from a couple of years ago by the brilliant futurist and knob-twiddler, Brian Eno, in which he reappraises his view on technology and its impact on society. I re-read it again today (you can read it here http://hillspoint.typepad.com/hillspoint/science/) and this paragraph stood out a mile.

“I notice that the idea of ‘expert’ has changed. An expert used to be ‘somebody with access to special information’. Now, since so much information is equally available to everyone, the idea of ‘expert’ becomes ‘somebody with a better way of interpreting’. Judgement has replaced access.”

These days everyone has access to powerful information; every agency can access the same infographics; all marketers can praise the latest App that someone else has created; and anyone – absolutely anyone – can share a link to a TED video. But are they thinking about what it means for the business that they are working on, right now? Can they apply it, really? Can they learn from it and use it to sell more things?

No more Cut & Haste.

Twitter + Bit.ly  ≠ Expert.

Let’s make 2012 the year when marketers start to really apply the power of emergent technologies and behaviours. And not just talk about them.

The renowned hactivist group, along with AntiSec partners in crime LulzSec, shot into the limelight in 2011 and were responsible for attacks on Sony, AT&T, the Serious Organised Crime Agency and News International.

The group has a ‘simple’ concept – no leadership. Anonymous is a decentralised online community acting in a coordinated manner, anonymously. By its very nature this means that anyone could call themselves ‘Anonymous’ and this is where the Stratfor hack comes in.

The hack into the private intelligence firm seemed like any other AntiSec hack; Twitter announcement, samples of stolen material posted online along with taunts about the poor security measures that the global intelligence company had in place.

More than 2.5 million emails, internal documents, and a client list including passwords and credit card details allegedly stolen during the hack were posted online – supposedly totalling a massive 200 gigabytes of stolen information.

The hacker who carried out the attack, Sabu, who often speaks for the AntiSec, posted this message explaining the attack: “We are #antisec. We hack and expose security experts who are part of an industry hell-bent on scamming governments and users out of billions.”

When the hacker’s claimed that some of the credit cards had been used to donate between $500,000 and $1 million to charity, and that four of Stratfor’s servers – including backups – had been wiped (typically non-Anonymous hack characteristics), people began to question whether this was an Anonymous attack or not.

Anonymous released a press release at Christmas stating: “Hackers claiming to be Anonymous have distorted this truth [about Stratfor’s role] in order to further their hidden agenda.

“Sabu and his crew are nothing more than opportunistic attention wh*res who are possibly agent provocateurs.”

This began an intense spat with the Stratfor hackers who retorted: “Anyone can claim to be Anonymous, but because of the inherent decentralised nature of Anonymous, without central top-down leadership, no individual is in place to speak to the legitimacy of another individual or group’s operation.”

The wiping clean of four of the companies servers has led many analysts to question whether the attack could have been carried out by a rival company hiding behind the Anonymous mask to cause as much disruption as possible and destroy the reputation of one of their competitors.

It has also been asked; if it was an Anonymous hack, why not target a politically relevant security company like Hakluyt or Aegis?

The Stratfor hack has thrust Anonymous into the limelight not for a notable attack, but rather calling into question the philosophy of the organisation. Having no centralised censor has left the gates wide-open for misuse of the Anonymous ‘brand’.

As for the Stratfor attack – was it really a true Anonymous hack? That depends on how you define ‘Anonymous’.

As UKFast revealed in 2011, the extra firepower of cheap graphics cards leaves most passwords vulnerable. Having long complex passwords that are changed regularly dramatically improves your password strength.

Password generators are a hi-tech way to have a constantly changing password, with a new one created by the gadgets each time you log in.

Why not include your online presence in the new year clear-out? The January lull presents a perfect opportunity to delete any profiles on sites that you no longer use to reduce your vulnerability online.

Only this week an old profile of mine came out of the woodwork to surprise me. Care2.com, an e-card site, of which I was a customer some years ago, was hacked and details from their database were stolen.

I had sent a couple of their e-cards to friends around a decade ago – so had set up a profile, that I had since forgotten completely about. My details were taken and it just so happened that my password had, coincidentally, done a 10 year cycle and, after changes every few months, was now exactly the same as it had been at the time of setting up my Care2 account.

This meant that the hacker could then access my Hotmail account – and all the personal information held in the emails within it – as well as numerous other social network and communication sites.

Fortunately I heard about the hack quickly and changed each of my passwords – all to something different from the other – even if it is only a slight variation.

Lesson to be learned: delete unused, dormant profiles. An unused profile is basically a database of your information just waiting to be stolen, and as you never use the site, you might never know it had been breached.

Additionally, having the same password for everything is never a safe option – if one profile is compromised, it is then child’s play to access every one of them.

Also changes in terms and conditions could mean that legacy data is being used by companies to for marketing purposes. An old MySpace page may, through a change of terms and conditions, mean that your old details could be used also.

Only having profiles for sites that you use regularly will reduce the risk of your data being stolen without you knowing about it and having different passwords for each will make it all the more difficult for cyber criminals to access more of your personal information.

Here are our top tips for password safety:

• Use a mix of upper and lowercase character, numbers and symbols – Af197”£
• The longer the better, a phrase would be ideal such as: ILoveLiv3rPO0LFc185
• Change your passwords regularly
• No dictionary listed words or obvious passwords, eg: Password, 123456, drowssap…
• No dates of birth, initials, names or anything that would be easy to guess from a social media profile, eg: Alice1987
• Only keep profiles for sites that you are actively using.

Microsoft is starting off 2012 with 7 bulletins addressing 8 vulnerabilities.

Bulletin breakdown:

• 1 bulletin is rated as critical
• 6 bulletins are rated as important
• 1 vulnerability could lead to a security feature bypass
• 2 vulnerabilities could lead to information disclosure
• 1 vulnerability could lead to elevation of privileges

These updates will be applied to all Microsoft Operating Systems, Microsoft Developer tools and software.
The following table summarises the security bulletins for this month in order of severity.

We will issue further information on the impact of this month’s updates once they have been released for testing from the 10^th of January 2012

Download figures for the Christmas week (December 25-31) smashed the month’s average of 750,000 per week and solidified smartphones, and their apps, as the hot commodity going into 2012.

It is the first time in history that mobile application downloads have surpassed the billion mark in a single week but is a figure that experts in the field expect to become commonplace in 2012.

As 2011 drew to a close, Apple’s App Store was on track to exceed 10 billion downloads – which will double the cumulative number of downloads earned across 2008, 2009 and 2010.

The Android Market has also set records, more than tripling its life-to-date downloads of 3 billion, reached in May 2011, to now over 10 billion cumulative downloads reached in December.

The phenomenal and surprising increase, but it comes as no surpise when you consider the equally large increase in smart phone activations throughout the holiday period.

The latest report from analytics firm Flurry – who analyse the app downloads and mobile activations across the world – estimates that more than 20 million new devices were activated throughout the same week.

The figures clearly show how smartphones have sky-rocketed this year: 6.8 million new devices were activated on Christmas Day alone, compared to just 2.8 million on the same day in 2010.

With the expected release of the iPhone 5 later in the year, and its Android rivals, there is little doubt that the growth of smartphones, tablets and their apps will continue to skyrocket.

The Flurry report also provides a country by country breakdown, and despite the comparable size of the UK to countries like China, the US and Germany, the UK continued to lead the way with adoption of smartphone technology, ranking third in the list with 81 million downloads.

The US accounted for almost half of the total downloads with 509 million throughout the week, followed by China in second place with 99 million downloads.

]]> http://blog.ukfast.co.uk/2012/01/04/appy-holidays/feed/ 0 http://blog.ukfast.co.uk/2011/12/21/7-reasons-why-tablets-are-changing-the-web-for-the-better/ http://blog.ukfast.co.uk/2011/12/21/7-reasons-why-tablets-are-changing-the-web-for-the-better/#comments Wed, 21 Dec 2011 15:09:30 +0000 Guest http://blog.ukfast.co.uk/?p=9366 This is a guest post from Ryan Kaye, Client Services Director at CTI Digital

When the iPad first launched (April 2010), we bought a few at work and played with them, and like everybody else I thought these are pretty cool, but it’s just a big iPhone, or perhaps a cool coffee table ornament and it’s not going to change the world.

A little over 18 months on my opinion has completely changed and I am convinced they’re a complete game changer.

Earlier this year the sale of tablets overtook Laptops and PC’s and now they are outselling Laptops by a ratio of 2:1. Conversion rates are higher on tablets than desktop PC’s and both android and iTunes stores are already transacting billions a year in virtual goods.

Why is this happening?

1. Tablets are quicker - I mean in terms of time to turn on and be in use, the critical factor that previously prevented me bothering to open my laptop bag and search for a spare plug socket.
2. They’re interactive – the move away from a mouse is more profound than anybody previously realised, by touching, pinching, rotating and swiping we are making it feel more tactile and real. It’s probably psychological but I never bothered reading more than a few pages on a PC, anything longer was printed first, with tablets I don’t care.
3. They really are mobile – Anybody who has ran for a train and walked further than 10 minutes with their laptop I am sure will agree they are heavy and cumbersome. If you have tried to write a document on a train, plane or car, you can no doubt testify it’s generally a cramped annoying experience. Tablets aren’t.
4. They can be used by all ages  – My dad bought an iPad when they first came out, which baffled me, “you never use the internet and still can’t use your mobile phone, what do you need and iPad for?” I said. He now uses it almost every day and buys more online than I do. A young child does not have the motor skills to use a mouse but I have seen two year olds playing angry birds and watching cartoons, more importantly they can work it themselves.
5. They remove barriers–  Again maybe psychological but the laptop screen is a barrier and from moving to tablets you generally engage more with people and find it easier to share, show and collaborate.
6. The proliferation of smart phones – Touchscreen technology has been around for a few years now in smart phones and people are starting to expect to be able to use gestures for everything else. I read recently about a vending machine manufacturer who had to recall their latest machine because people were trying to swipe the images and thought it was broke. The president has already been set and we have to adapt to this new expectation.
7. They fit in with our busy lives better – By this I mean we are all very rarely doing one thing at a time anymore. Tablets are used most when people are at home watching TV or doing something else. Anyone who’s lap has got too hot or back has gone into spasms for using the laptop in bed will find if you have a tablet you very quickly gather dust on your old laptop.

I will concede there are still some things you cannot do on a tablet you can with a PC but you soon will be able to. In summary tablets are better, easier to use and give us a much richer experience.

The Stone Age did not end because we ran out of stones, we evolved and moved on. The age of the mouse is dying and those who adapt and evolve best will survive.

If this has passed you by, SOPA is a bill introduced in the American House of Representatives in October this year. If passed, the bill will give the U.S law enforcement agencies and copyright holders more powers to fight online piracy. Court orders could be brought against websites who allegedly enabled or facilitated copyright infringement. Possible actions taken against these sites would include barring online advertising networks and payment gateways such as PayPal from working. ISP’s could also be blocked from accessing the sites.

Within the U.S there has been a lot of conflict over this bill with big names taking different sides.

In Hollywood, among the Movie, TV and Music companies, the bill is being welcomed with open arms. They have apparently spent more than $91 million this year in lobbying for the bill to be passed. In an open letter, Disney, News Corp, the NFL, Time Warner, Sony and Viacom wrote “Every day, internet criminals use illegal foreign websites to steal from New York companies and hard-working Americans. These illegal foreign websites are destroying American jobs and causing billions in lost revenue.”

On the other side is the tech world. Twitter’s Jack Dorsey, Arriana Huffington, Google’s Sergey Brin and others wrote a joint letter warning that Sopa and Protect IP (a corresponding bill) will undermine security online, hold back innovation and give the govenment the power to censor the web in a similar fashion to China, Iran and Malaysia.

Hearings were held on the 15th and 16th December to discuss the bill.  On the Friday it was abruptly adjourned with no vote date set. However it now seems that the vote will go ahead tomorrow with the smart money on the bill being passed.

What do you think about the bill – a step in the right direction to stopping online piracy or a slippery slope to censorship?

I’m excited by technology. I have been as long as I can remember. A childhood of Star Wars, comics and the cult ‘Book of the Future’ (after which my own blog is named) left me dreaming of a future world of fast-changing gizmos. Many of my dreams have come true, but as I get older it is the cultural impact of technology, as much as the gadgetry itself, that interests me.

It feels like we’re in the middle of some very significant cultural and societal changes at the moment, driven by technology. Here are a few of my top areas to watch:

Privacy and Personalisation

These two are different sides of the same coin. The prevailing trend over the last five years has been for people to share more and more of their personal data online. The more they share, the better companies can target them with products and services. Some people see this as better service – personalisation – while others see it as an invasion of privacy. The split is only semi-generational but the balance seems to be moving clearly towards those who are happy to share in return for reward and engagement from their preferred brands.

This isn’t a licence for companies to ignore privacy concerns: anybody working in this space, as I am with CANDDi, needs to think carefully about how people will take to the collection and use of data about their preferences, and design their service to meet people’s concerns.

Touch and Tablets

When I’m out selling I rarely prepare a slide deck anymore. At least not one that I expect to stand at the front of a room and deliver. Instead I pull together some examples and diagrams on my iPad and pass that around the audience when I need to illustrate something. I also use it for taking notes: the lack of a vertical screen creates much less of a barrier between me and whoever I’m meeting than a laptop would. These changes bring audience and presenter, or the participants in a meeting, closer together. They take the formal edge off the event and rebalance the power relationship.

The tablet has also changed the nature of home Internet use, making it a much more tactile, social experience. It has changed the way that the whole user experience for the web needs to be designed, with apps filling the gap until websites can be rebuilt for the touch experience. It’s not – yet – the end of the keyboard and mouse, but has proven that other interfaces can provide a more human interface to technology and information.

Cash and Commerce

I get sent quite a lot of gadgets to test. I’m wielding one around my wrist at the moment: a watch with an integrated pre-paid card. Just by touching the watch to MasterCard PayPass points I can pay for small purchases up to £15. Where the PayPass is installed it is a lot more convenient than scrabbling around for cash, and really no less secure (arguably it is more so). I can also top the card up online from my smartphone via online banking.

What does this mean? I think it means the end of cash, within my lifetime and possibly in the next decade. Like vinyl it will hang around for minority uses but most of us will carry fewer and fewer coins and notes. No more searching for change for the parking meter. No more queuing at the cash point. I for one won’t be sad to see the back of cash.

IT outsourcing contracts are generally complex and detailed documents and should not be signed without careful consideration from both the outsourcing services supplier and the customer.  They should be drafted for the specific services being provided and be flexible enough to adapt to the changeable economic climate.

Our 10 top tips for negotiating a successful IT outsourcing contract are:

1. Give yourself time

Manage the expectations of all those involved.  Ensure you have time to identify objectives, undertake due diligence and negotiate the contract. By the business investing time to get it right at this early stage, you are likely to be saving significant time and cost in the future by minimising the risk of dispute and litigation.

2. Undertake careful due diligence

As a customer, you should ascertain who is the best supplier for the right price. To achieve this, consider requesting a number of service providers to tender for the work, so you can get a feel for price and timescales.

As a supplier, due diligence is essential and should cover enquiries into the actual extent of the services required, the existing contracts that will transfer and the employees subject to transfer. All of this will then be used to determine price and risk.

3. Sign a contract

It may appear obvious but it is surprising as to the number of companies that commence material services supply without a robust contract in place.  Therefore, ensure a contract is negotiated and most importantly signed.

4. Agree a detailed service specification

A clear and detailed description of the services is the lynchpin of any IT outsourcing contract.  Minimum service levels to which the services should be produced must also be considered.

As a customer, include contractual provisions for dealing with a supplier’s poor performance.  This may include delay payments, service credits, customer rights of step-in and a right to terminate the contract.

As a supplier, you should ensure that you can realistically meet the service specification and ensure you are not liable for any failure to meet service requirements due to the acts or omissions of your customers.

5. Introduce flexibility

IT outsourcing contracts nowadays need to flex with customer requirements and have the scope to increase, decrease and alter the extent of the services on relatively short notice.  Contracts need to be adaptable to periods of rapid growth but also periods of consolidation and reduction.

6. Introduce Innovative Pricing Solutions

As a customer, seek complete transparency on all costs and charges.  After all, one of the key drivers for outsourcing the work is to make cost savings.  Consider including a benchmarking mechanism, under which the supplier’s charges are market tested on an annual basis.

Suppliers should think about introducing innovative pricing solutions to work with the flexibility of the contract.  If you have spent time and effort in developing these innovative solutions, ensure they are expressly stated to be subject to the contract’s confidentiality provisions so they are passed on to your competitors.

Both parties may wish to include an index-based price review provision so that there is the ability to adapt to market fluctuations.

7. Ensure data is protected

For the purposes of the Data Protection Act, the supplier is generally the data processor and the customer, remains the data controller.  Therefore, the customer remains on the hook for any losses or unauthorised disclosures of personal data by the supplier.  As a customer, you will need to manage this risk both contractually and by ensuring that you are comfortable with the security practices of the supplier.

8. Negotiate appropriate liability limitations

Limitation of liability clauses are always a thorny issue as the requirements of the parties are diametrically opposed.  As a customer, you need to ensure that the clause covers potential losses if the supplier fails to meet its obligations, whereas as the supplier needs to cap its risk at a level which is commercially acceptable.

As a customer, it is unrealistic to expect the supplier to accept high or unlimited liability for all losses and you should expect the supplier to request that its liability cap be tied closely to the contract price.

9. Consider personnel issues

Consider at an early stage whether TUPE is likely to apply on commencement and/or termination of the contract.  Ensure appropriate provisions are included within the contract to protect your position under the legislation whether you are the supplier or the customer

10. Secure an exit plan

Finally, it is prudent for both parties to consider exit plans pre-contract.  The plan should address issues, such as the supplier’s obligations during the exit transition period, the customer’s access to the systems and any fees payable to the supplier for its cooperation.

Image from Telegraph.co.uk

The search-behemoth has released its annual list of the most searched for terms . Looking at it overall, the overarching theme seems to be avoiding the harsh reality of the recession.

The lists, as per usual, are plagued with celebrities and people ‘living the dream’. US reality star Kim Kardashian tops the chart for celebrities no doubt thanks to the media frenzy since her 72 day marriage. The only male entry in the list is Ricky Gervais – due to his controversial hosting of the Golden Globes.

The crown for the fastest-growing search term goes to the royal wedding; a ‘rags to riches’ tale of the middle-class girl made royalty – though it surprisingly doesn’t appear in the top ten searches for the UK.

Technology featured fairly heavily in the list, behind all of the celebrity fluff. The non-existent iPhone 5 comes behind Kate and Wills’ nuptials as the second fastest rising search and featured in the top ten news searches. The iPad 2 also ranked highly, as did its predecessor last year.

The alternate reality of video games made a prominent showing in the lists: Fifa 12 trails the iPhone 5 in the fastest rising searches, and Minecraft places as the eighth fastest rising.

The food and drink chart offered a further reminder of people’s handling of spiralling costs and less money, with Asda – reportedly the cheapest of the big supermarkets – topping the list.

Escaping the recession through less realistic means also popped up, with the top holiday destination search being Las Vegas and the top TV shows as X Factor and The Apprentice.

Politics did make a little appearance with the top ‘what is’ search asking what is AV? Its pusher, deputy prime minister Nick Clegg, didn’t feature so favourably; he sits on top of the fastest-falling people chart.

Unfortunately Google itself appeared in the top UK searches list – coming in fifth place. Other ‘functional’ searches in the top tens are Facebook, YouTube and Hotmail.

A Google spokesperson explained to the media that the search-giant reveals the web’s trends “through an exploration of the billions of search queries we receive each year. In addition to the year-end Zeitgeist, which highlights the top trends of 2011, we have several tools that give insight into global, regional, past and present search trends.”

And finally the ‘what is?’ and ‘how to?’ entries bring a lighter mood to the lists with entries including ‘how to snog’, ‘what is scampi?’ and ‘what are piles?’.

The following table shows affected software by bulletin and the likelihood of an Operating System restart being required and hence impacting on services provided:

So in summary, we are likely to see updates requiring reboots of servers this month. (As usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

MC.

2011 has undoubtedly been the year of technology on the move. People have now come to expect access to everything everywhere. We held a round table debate to discuss the biggest technological advances of 2011 and it was pretty obvious that ‘on-the-go’ is ‘on-the-up’.

Looking back at the footage of the debate, there are three stand out ‘advances’ of this year:

1. Mobile Internet

We can now do more than ever on our mobile phones. Smart phones have given us simple access to the web and the ability to most things faster and easier than using a desktop PC.

This expectation of smartphone users to be able to access whatever they want quickly and efficiently has forced e-commerce business into action and more and more mobile sites and apps are emerging.

Ben Aronson, creative director at Juice Digital, explained the importance of getting the foundations of your mobile offering correct. He said: “There are so many rubbish apps out there, businesses seem to say ‘we need an app’ before considering what they need an app for.

The integration of tablet computers and smart phones into our everyday life has been so immediate that many companies are still catching up with their web presence.

Paul Harris, marketing director at UKFast explained the key point that retailers seem to be missing with their web presence. He said: “You want a different experience from your phone, to your tablet, to your PC as you are using them in completely different ways. Each has different usability options, different interfaces and we use them for different things.”

Mobile internet is massively on the increase: from August 2010 – 2011, 17.6 million of us accessed the internet through a mobile device – this equates to around 45% of internet users. This figure has almost doubled from the 23% of internet users connecting on a mobile device in 2009.

Mobile optimised sites for retailers offer a simplified ‘m-commerce’ version of the site – making it faster and easier to make a purchase or find that product that you’d like. Clearly other than a mobile site is an app. The Amazon app is by far my favourite – quick, simple navigation, fast payment – all of the aspects a good app or site should have.

However, across the world there are companies embracing the mobile revolution in a range of different ways. EBay launched a pop-up shop that only offered QR codes across the walls so payment must be made on a mobile device rather than at a till.

QR codes themselves are now incorporated into so many high end marketing schemes – the likes of Calvin Klein, Pepsi and Coca-Cola have used the technology in global campaigns.

With the demand for mobile internet on the increase, it is only natural that the devices themselves will take off too, which leads us nicely to advancement number two:

2. Tablet Computers

With the increase in mobile internet usage and smartphones constantly conditioning us to believe that there is always an ‘app for that’, the natural evolution would be into tablet computers – bigger screens, better capabilities and increased usability.

This year, the iPad has taken the computing world by storm, leaving many an ‘iPad killer’ in its wake. As with any Apple product, we all knew it was going to big – but perhaps not this big. Ryan Kaye, client services director at CTI Digital, explained how the tablet computer – particularly the iPad – has revolutionised business for him in 2011.

He said: “It has got to the point where if I leave my house without my iPad I will turn around and go back for it – I am that reliant on it now. It has completely changed the format of meetings with clients; I can hand it over to them to show them a PDF instead of a slideshow on a screen. It breaks down those barriers.

“It is so instant that you can do work anywhere – on the train, at home or in the office – whereas with a laptop, although it is portable, it is heavier, takes longer to boot up and is generally less convenient.”

Throughout the year, we have seen several attempts at tablet computers being launched as an ‘iPad killer’, one of which, the HP Touchpad, was generally well-received, but at a price of $600 it could not compete with its Apple counterpart. Touchpads are now appearing on HP’s eBay store.

Amazon’s Kindle Fire, currently US only, offers similar capabilities of an iPad but at a fraction of the price. I definitely believe that it is one to watch in the coming year.

3. Cloud Computing

Taking mobile internet access a step further is cloud computing. This year has undeniably been the year of the cloud. Despite hugely high-profile outages with Amazon and Google, the technology has gone from strength to strength.

Offering businesses the opportunity to place their computing power outside of the office for someone else to manage and gain access from inside and outside the office, at a low cost, cloud has been seen as the perfect solution to IT needs during the recession.

Paul Harris, marketing director at UKFast explained how the technological advances of the year could not be discussed without mentioning cloud computing. He said: “Cloud has been around for a long time but at a business level it is only just starting to become possible for us to put all of our office’s computing power into a data centre, for someone else to manage, and be able to access it from a thin client in the office or from outside the workplace.

“It really has been one of the biggest advances of this year.”

Despite the high-profile failures of the cloud the technology has continued to create a buzz both in the consumer and corporate fields. Apple’s iCloud has continued the battle with DropBox – using cloud computing to sync all devices and keep a back up in the cloud.

Businesses have embraced outsourcing their IT needs to the cloud. The development of Microsoft Office 365 (or UKFast’s CloudApps) allows access to office applications from anywhere, with the applications themselves stored within the cloud.
The next twelve months should prove to be really exciting to see how these three technologies evolve even further. Will we see the end of the desktop PC? Has the high street lost all hope? Will we ever be face-to face sociable again?

It has taken a while for the shockwaves to filter through and it is likely that the first quarter of 2012 is when there will be a significant shortage of hard drives.

Intel this week released a statement that it expects a fourth-quarter revenue shortfall of roughly $1 billion. As Intel’s customers realise they will not be able to get enough hard drives for their computers, they are reducing orders for the Intel chips.

The PC market has been hardest hit “Server has been relatively strong but we’re seeing a pretty significant reduction in backlog in the PC-related segment of our business so that seems to be where it’s really hitting us,” said Stacy J. Smith, Intel’s chief financial officer.

Supply is expected to catch up with demand sometime during the first quarter of 2012.

In the meantime the cost of hard drives is increasing. For lower end drives, which have been in highest demand, prices have almost doubled.

At UKFast we have found that many suppliers are limiting the number of hard drives per order. Fortunately, due to our long standing relationships with suppliers we are able to get higher maximum order volumes.

We have also seen many big suppliers stop providing hard drives alone as they stockpile to ensure they can continue building their own PC’s and servers. This, combined with Christmas when demand naturally increases, has made it a tough market for many smaller businesses looking to buy hard drives.

The Thailand flooding is a stark reminder that technology is not immune to the effects of the natural world.

Have you been impacted by the hard drive shortage?

Bulletin Breakdown:

• 3 bulletins are rated Critical, 11 are Important
• 10 vulnerabilities can lead to Remote Code Execution
• 3 vulnerability can lead to Elevation of Privilege
• 1 vulnerability can lead to Information Disclosure

 
The following table summarises the security bulletins for this month in order of severity.

We will issue further information on the impact of this month’s updates once they have been released for testing from the 13^th of December.

MC.

“It is the department’s intention to trial within the next 12 months, a pilot of up to 1,000 desktops to test proof of concept for open source,” a DWP spokeswoman told The Guardian

The DWP currently uses computers running Windows XP, Microsoft Office and Internet Explorer 6.

The top three suppliers to the department at the moment are IBM, HP and BT but last month the Cabinet Office published an open-source ‘procurement toolkit’ for the public sector on its website with the purpose of levelling the playing field for open-source and proprietary software.

Open-source has been a hot topic around government IT recently and has been used as the proof of the current government’s commitment to new technologies.

The DWP’s Mike Truran spoke about the initiative at the Datacenter Dynamics Convergence conference. Quoted in a report by ComputerWeekly, he explained that the department is committed to open source – in line with the coalition government’s IT strategy.

He said that “If the pilot works we will take it forward.” As the toolkit published clearly states, cost savings from avoiding proprietary software are not the only motivation for the government to encourage the use of open source; another important aspect is to encourage competition and improve control over IT projects by preventing ‘vendor lock-in’.

Additionally, the government’s ICT Asset and Services Knowledgebase, which will be used to record the reuse of existing open-source solutions, will be launched in the new year, following a tender in July.

In the three years since its launch Chrome’s market share has grown to 26.76% giving it the edge over Firefox’s current 25.49% share. The tech media have since been a flurry of damning headlines and condemning stories bringing doomsday to the Mozilla browser. What is much more concerning is not the market share.

Figures by web analytics firm StatCounter, show that Firefox’s market share has actually stayed quite steady since Chrome’s 2008 launch; from around 26.14% at the time of the Chrome launch to a peak of almost 32% in January 2010 and back to a level of 25.49% now. Whereas Microsoft’s Internet Explorer – the top dog in browsers since, well, forever, has seen a sharp decline in market share over the same period.

So Chrome’s gain has largely been Microsoft’s loss, rather than Mozilla’s.

The big snag for Firefox is their uncertain future with Google. Mozilla has maintained a five-year relationship with the search-giants, feeding them search users in a deal that generated around 80% of The Mozilla Foundation’s revenue last year.

This search referral deal was up for renewal in November and so far an agreement has not been made, prompting many to suspect a lengthy rebalancing of their financial relationship is in the pipeline.

A spokesperson for Mozilla told PCPro that the Google negotiations are still in progress: “We currently have partnerships with a number of search providers that differ by market, including major search partners including Google, Bing, Yahoo, Yandex, Amazon, eBay and others.”

“Our search relationship with Google remains positive for both of us. We are in active negotiations and have nothing further to announce at this time,” Mozilla said. “We have every confidence that search partnerships will continue to be a strong and growing generator of revenue for the foreseeable future.”

Should the renewal talks between the two companies fall through, a potentially strategic move from Google could see the foundation – and, not forgetting, one of Google Chrome’s main rivals – left without the bulk of its revenue.

Superhero rescues for Firefox could emerge in the shape of a lucrative deal expanding their smaller relationship with Microsoft’s Bing, or any of their other current search partners.

What is quite clear is that Mozilla is worried; the company has just released a short video entitled ‘The Mozilla Story’ reminding users of the organization’s roots as a community project and the importance of Firefox as an open-source Web browser backed by a non-profit organization.

One thing is for sure, it would be a real shame to lose an organisation that is so dedicated to creating a ‘better internet’ when so many large companies are focused on the commercial potential of innovations rather than their impact.

Watch ‘The Mozilla Story‘.

Image from Windows Store Blog

The news of the Windows store comes just over a year after Apple announced the launch of an App Store for their desktop computers, which was launched this January.

In a post on the newly launched Windows Store blog, Ted Dworkin, Partner Program Manager for the Store, described the design ideas behind the new store. He said: “Ensuring the visibility of apps and the efficiency and fluidity of app discovery became the fundamental building block of our Store design.

“We use minimal chrome so apps shine through, and complement the apps with a series of way-finding and promotion mechanisms—search, category browse, ranking lists, editorial curation — to help people find great apps.”

The software giant will initially give developers the ‘industry-standard’ 70% share of any revenues, keeping 30% – which is the same as Apple initially instituted on the iPhone App Store. However, Microsoft has pledged that once revenues pass $25,000, the split will shift to an 80-20 split for the lifetime of the app on the store.

In the blog post, Dworkin continued to explain that four guiding principles have been developed to maintain the best partnerships between Microsoft and app developers.

These principles describe how apps should be designed for discovery, have flexible business models and transparent terms and offer the best economics.

Pricing of apps on the store will begin at $1.49 as opposed to Apple’s $0.99.

The Windows Store will be available on PCs, laptops and tablets running the Windows 8 operating system. They did not disclose plans for mobile devices; however the Windows Phone platform already has its own app store called Marketplace.

The coalition brings together government and industry leaders to discuss the best practices and build effective solutions to the challenges that young people face on the internet. Within this effort there are five working groups each tackling a different area of online safety.

One of the key areas that the coalition will focus on is the effective take down of child abuse content. Peter Cullen, General Manager, Trustworthy Computing at Microsoft discussed how Microsoft has been working towards this before joining the coalition, and how their pioneering technology will help, in a post on the company’s blog.

He said: “Microsoft is working with thought leaders around the world on advancing effective mechanisms to find, remove and report child-exploitive content online, including technologies like PhotoDNA. Microsoft, in partnership with Dartmouth College and the National Centre for Missing and Exploited Children (NCMEC), developed PhotoDNA, an image-matching technology that helps find and remove some of the worst-known child pornography images from the internet.

“Internally, Microsoft has implemented PhotoDNA on Hotmail, SkyDrive and Bing to help stop the spread of these images through these platforms. The company has also made PhotoDNA available for others to use at no charge. As a result, Facebook also uses PhotoDNA globally, and we continue to work with others in industry, government and law enforcement on new ways PhotoDNA technology and other efforts can help combat child sexual exploitation in Europe and worldwide.”

Microsoft is involved in ratings and classification schemes such as Pan European Game Information (PEGI) and The Entertainment Software Rating Board (ESRB) for games, and more recently has supported efforts to extend these regimes to mobile applications and another one of the working groups of this coalition will work towards developing a comprehensive content classification of all content directed at children.

In line with this the collective also aim to develop defined criteria for age-appropriate privacy settings and increase the availability and uptake of essential parental controls.

The final group will work towards establishing the feasibility of implementing a consistent abuse mechanism for easy reporting of issues across online experiences in Europe.

Cullen continued in his blog post: “Microsoft has observed that governments that bring together multi-stakeholder groups to tackle these issues through a shared responsibility model have yielded the most balanced approaches to online safety, as there is no “one size fits all” solution, and online safety considerations may differ based on a particular service, product or technology.

“Indeed, the governments that take a balanced and holistic approach to online safety through cooperative partnerships, sound public policies, robust education and awareness programs, and sensible use of technology tools, have demonstrated the greatest success. This is why Microsoft is pleased to continue working to advance improvements in this area as a company, and to be part of the CEO Coalition process, as more can be done when we partner together to achieve real, sustainable impact in the area of child online safety.”

The release, based around the Linux Kernel 3.2, will be a long term support (LTS) release and is available for x86 and 64bit platforms. The code also includes version 9 of both Firefox and Thunderbird from Mozilla.

Kate Stewart, Ubuntu release manager warned that the latest release is not an appropriate option for novice Linux users, in a blog post saying: “Pre-releases of Precise Pangolin are NOT encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage.

“They are, however, recommended for Ubuntu developers and those who want to help in testing, reporting, and fixing bugs as we work towards getting this LTS release ready.”

There is still a lot of work to do before the LTS release scheduled for the spring; when the work first started there was a list of 2,237 tasks, only 339 of these have been completed and 41 have been postponed so there is still plenty for developers to be working on.

Canonical boss Mark Shuttleworth had previously commented on the development of the latest release in his blog, explaining the importance of the full release for cloud computing technologies.

He said “Ubuntu is the #1 OS for cloud computing, whether you measure it by the number of instances running on all the major public clouds, the number of Ubuntu-based cloud appliances, the number of public and private clouds running on Ubuntu host OS.

“The extraordinary diversity of the Ubuntu community, the calibre of collaboration between Ubuntu and OpenStack, and the focused efforts of Canonical to make Ubuntu useful in the cloud have all contributed to that position.”

The policy paints a detailed picture about how the government will tackle cyber crime, with an unprecedented cooperation with the private sector.

The linkup between the government and private sector will see firms such as Vodafone, Barclays and BT, develop a pilot sharing scheme with the Government Communications Headquarters (GCHQ).

It seems the government has recognised that it can’t tackle cyber security alone and it is hoped that the ‘sharing system’ will be two-way stream with some businesses expressing concern over sharing commercially sensitive data. However, an efficient real-time exchange of data would enable organisations and businesses to defend themselves against emerging threats.

Earlier in the year, the government announced a £650 million investment in national cyber security and ranked the cyber threat as tier one priority – the same level as terrorist attacks. Although a sizeable chunk of the budget will be set aside to tackle high-end cyber threats, like cyber warfare and threats to national security (like the Stuxnet worm and cyber-espionage), there will be a nest-egg invested in business concerns.

The policy pledges to support SMEs by opening up public sector procurement and assures that, as part of the Growth Review, at least 25% of the value of government cyber security contracts will go to SMES.

Further aid to UK businesses comes in the form of industry-led cyber security standards for private sector companies. Sticking to these guidelines could become a competitive advantage for UK businesses, promoting them as certifiably cyber secure. The Department for Business and Skills (BIS) will work with domestic, European, global and commercial standards organisations to accelerate this work.

Throughout the strategy, a key focus is set on improving education about cyber security across all levels of the online community so that the general public, along with business owners, is better equipped to stay safe online.

In line with this the strategy also aims to ramp up the role of Get Safe Online, reinforcing the message that everyone has a crucial role to play in keeping cyberspace safe, including the public. In increasing this investment, they aim Get Safe Online the single, authoritative place to go for the public to get the latest information on internet threats and the simple steps they can take to protect themselves.

Read the full strategy.

Do you think that the strategy goes far enough in its aims to make the UK one of the safest online environments? What else should the government consider in its battle against cyber crime?

Not surprisingly data security heads up the list. The past year has seen a lot of press about security concerns in the cloud. Public clouds in particular are vulnerable to security breaches. However, as with all areas of data security it is the people handling the data who play the biggest role in how secure it is. Cloud computing does offer a high level of security but only if implemented and maintained correctly. The perception is that it is harder to achieve high levels of security within the cloud than using more traditional hosting.

Cost and the uncertainty of exactly how much will be saved using cloud is the second biggest concern. This is likely to be a general symptom of confusion over the cloud and the varying jargon surrounding it. As CIO’s become more au fait with the cloud, comparing to other services should be easier.

Loss of control ranks third. Often companies are unaware of exactly where their data is stored when they move to the cloud. The very nature of the clouds ability to bring further resources on line means companies cannot keep track of exactly what hardware their data is on leading to some insecurities.

In some ways it is surprising that reliability comes in fourth on the list as the cloud is touted as providing an ‘always on’ service. However high profile outages on Amazon EC2 have raised doubts over how reliable the cloud actually is. In truth, provided a cloud network is well maintained and set up correctly the cloud should provide very high availability.

Other concerns include regulation or compliance; data portability; software compatibility; performance; and lock-in.

I would expect that over the next 12 months many of these issues are addressed and understanding of the cloud grows. Come next year a similar list of concerns over the cloud may well look very different.

Do you agree with this list?

Here is a brief run down of the different types of cloud and pros and cons of each of them:

Public cloud

This is a cluster of servers which provide hosting resources in an elastic manner allowing easy scalability. Generally you only pay for what you use making it a great option for companies that experience short term peaks. However, because of the shared infrastructure a public cloud has the most security vulnerabilities.

Private cloud

A private cloud is dedicated to a single company. The environment it is in has in-built redundancy and clustering for added resilience. The isolation of a private cloud allows companies to maintain high performance and high availability.

A private cloud has all the benefits of dedicated hosting but with the scalability and flexibility provided by the cloud.

Hybrid cloud

A hybrid cloud can use traditional dedicated servers linked with the cloud. When the dedicated servers reach a certain load threshold the cloud is utilised for additional resources.

It can also be a combination of private and public cloud providing a versatile solution to suit your business needs. This means that the pros and cons of the hybrid cloud depend on how the solution is set up.

The right type of cloud may well be a great solution for your business but also don’t forget to consider the more traditional options. Just because everyone is talking about the cloud does not mean it is a one size fits all solution.

If you are interested in finding out more about the different types of cloud, download our latest report.

The following table shows affected software by bulletin and the likelihood of an Operating System restart being required and hence impacting on services provided:

While this is the lightest patch Tuesday of the year, MS11-083 affects all Windows based devices and is patching what looks to be the worst vulnerability of the year.

So in summary, we are likely to see updates requiring reboots of servers this month. (As usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

MC.

Bulletin Breakdown:

• 1 bulletin is rated Critical, 2 are Important and 1 Moderate
• 2 vulnerabilities can lead to Remote Code Execution
• 1 vulnerability can lead to Elevation of Privilege
• 1 vulnerability can lead to Denial of Service

The following table summarises the security bulletins for this month in order of severity.

We will issue further information on the impact of this month’s updates once they have been released for testing from the 8^th of November.

MC.

Internet security should be at the forefront of everyone’s priorities, especially for business owners.

As part of Global Cyber Security Awareness Month in October, UKFast joined forces with cyber security experts to create a melting pot of security knowledge and hopefully increase understanding and awareness for businesses across the UK.

It became increasingly evident throughout the month that the UK is lagging behind in the security stakes, with many businesses completely oblivious to the risks that they are facing.

One of the key areas of focus throughout our conversations with a range of security experts was the accreditations and monitoring of cyber security policies. UKFast has a series of accreditations including ISO 2001:2008 and PCI DSS level one, but these are not seen as the top line of our security strategy.

Stuart Coulson, security expert at UKFast explained at a recent round table event that the current accreditations are a brilliant way of assessing how secure a business is but businesses should go beyond achieving them to build a solid defence against cyber threats.

“The hackers don’t have any rules, they break them to get to what they want. This is why these accreditations should be a guideline minimum for your strategy,” he said.

“The standards should be set for everyone to adhere to. There should be a set of guidelines that people must abide by from day one of setting up their business to say that they are aware of the cyber risks.”

Daniel Prince, cyber security course director at the University of Lancaster, reiterated this point saying: “The issue with current standards is that they are an audit of your defences so we have our drawbridge and moat which is great, but what happens if these are breached?

“The standards really need to cover the response plans that are in place if someone did break through the defences.”

The UK has seen focus shift dramatically to tackling cyber security issues, with David Cameron only this week saying that cyber crime will be dealt with as harshly as any other national security threat, and that the UK’s cyber defences will be ramped up as part of a £650million plan.

Our top five tips for staying cyber secure, taken from our Cyber Security Awareness Month research are:

1. Secure against internal threats as well as external, staff can just easily infect your systems using a USB drive as opening an infected email – Andrew Frowen, Intaforensics
2. One solution will not fit all in cyber security – research your strategy properly to ensure that it suits the specific needs of you business – Edwin Keen, the University of Bolton
3. Identify the mission critical areas of your business and focus on protecting these  – Daniel Prince, Lancaster University
4. Educating employees is the key – ensuring that cyber security is embedded into training from induction to continued refreshers – Stuart Coulson
5. Audit and update your defences regularly to ensure that they are always protecting the areas that you need them to against newly developing threats. – Alberto Redi

The attack, named Nitro, appears to have been aimed at collecting intellectual property including design documents, formulas and manufacturing processes.

Symantec believes this attack is merely the latest in a wave which started in July 2011 and continued through to mid September. The Command and Control (C&C) servers have been used as early as April 2011 when the focus was on human rights related NGOs. In late May the motor industry was the target. In July the most recent attack against the chemical industry began; this was the most prolonged attack.

Symantec has confirmed at least 29 companies in the chemical sector were targeted with 19 in a variety of other sectors including defence. In a single two week period recently “101 unique IP addresses contacted a C&C server with traffic consistent with an infected machine. These IPs represented 52 unique ISPs or organisations in 20 countries.

Companies affected include multiple Fortune 100s involved in the research and development on chemical compounds; those developing advanced materials primarily used in military vehicles; companies involved in developing manufacturing infrastructure for the chemical and advanced materials industry.

The attacks were launched over email. After researching targets an email was sent tailored to that target. In most companies only a handful of targets were identified but in others a scatter gun approach seems to have been used with one organisation seeing 500 individuals receive an email. The emails varied but two primary methodologies emerged:

1. When a specific target was involved the mail often appeared to be a meeting invitation from established business partners
2. The broader emails tended to be in the form of a necessary security update.

These emails then contained an executable attachment either as a password-protected archive containing the executable file or under the guise of a text file. The self-extracting executable contained PoisonIvy, a common backdoor Trojan developed by a Chinese speaker and freely available on the internet.

On opening the attachment PoisonIvy would immediately be installed. Once completed it contacted a C&C server on TCP port 80. The attackers could then instruct the computer to provide its IP address, names of other computers in the workgroup or domain and dumps of Windows cached password hashes. The attackers then had the capacity to infect additional computers on the network. Their primary goal seems to have been to “obtain domain administrator credentials and/ or gain access to a system storing intellectual property”. Once the data has been found, it was copied to archives on internal systems used as internal staging servers.

From here the content was then uploaded to a remote site outside of the compromised organisation.The majority of infected machines were in the US, Bangladesh and the UK. The organisations targeted were often in a different location to the infected machines but those based in the UK and US figure the highest. Symantec concludes that the attacks were not targeting companies in a particular country.

Symantec managed to trace the attacks to a VPS in the United States. This system was owned by a “20-something located in the Hebei region in China”. Based on the literal translation of his name he has been given the pseudonym Covert Grove. He claimed the VPS was purely for logging into the QQ instant message system and the static IP from the VPS allowed for this. Symantec was not able to ascertain whether Covert Grove worked alone or how large his role in the attacks was.

The fallout from this widespread attack is not yet known and might not be felt for a while.

Jonathan Evans’ message and the subsequent recognition of the importance of data security helped, but the criminals had seen the profit potential of cyber crime and by then had huge networks and spending power behind them. In the past few years we have made huge moves forward in both our awareness and our defences, but the big attacks have kept coming.

In 2008 Heartland Payment Systems lost $140M in stolen credit card details and the end of 2008 saw a further attack against a nation – Georgia.  In 2009 Ghostnet, another cyber espionage campaign was detected which had infiltrated government systems across 103 countries. In 2010 the Bredolab botnet was discovered with an estimated 30 million zombie computers under its control. In 2010 Operation Aurora was discovered. Google, Adobe Systems, Juniper networks and Rackspace confirmed they had been targeted whilst media reports also named Yahoo, Dow Chemical, Northrop Grumman, Morgan Stanley and Symantec as targets.

In 2010 an extremely sophisticated programme, Stuxnet, was discovered in Iranian nuclear power plants. The programme was designed to disrupt SCADA systems, destroying key machinery in the plant. Cyber warfare was now firmly on the cards for governments.

In the last year we have seen the rise of ‘hacktivism’. Groups such as Anonymous and LulzSec have used DDoS attacks to bring down the websites of organisations they disagree with, or simply to cause chaos. And one of the latest hacking campaigns to be discovered, Operation Shady RAT, is suspected of compromising targets across 14 countries including security organisations, steel industry, defence, oil, gas and energy firms, the CIA, FBI, the UN, Sony, Mitsubishi, and several governments to name but a few.

Data breaches large and small have dominated the news. Hacks are no longer limited to computer systems with recent attacks targeting social networks and YouTube. Whilst the headlines tend to focus on governments and multinationals, small businesses and individuals remain just as much a target. The cost of cyber crime to the global economy continues ever upwards.

As we end 2011, hacking is a bigger business than ever. Gone are the days when hacking was an exercise in impressing your peers (that still goes on, but is the least of our worries), and damaging viruses have given way to covert malware which sits hidden on computers, quietly monitoring your data for anything useful. Cybercrime costs us millions and is used to fund terrorism and organised crime. Nation states and corporations infiltrate competitor systems for military secrets, customer information and IP. The internet has become a relatively safe way for governments, criminal groups and activists, as well as bored teenagers, to attack anyone they disagree with.

But at least we are taking it seriously. Major attacks on big companies have led to bigger and better staffed security departments. The Cyber Security Challenge, launched last year, has had great success in encouraging more people to enter the profession so that we have the skills available to protect our systems in the future.

But the biggest vulnerability remains the people. However secure we make our systems, hackers will always find a weak point in a naïve or corruptible individual who will download malware, email personal information, or just leave unencrypted personal data on a train. Education about the risks remains one of the most important tools in the fight against cyber threats. This needs to be continued and expanded in schools, through the media, and most importantly within companies themselves, who remain one of the main targets for hackers.

Part 1 is available here: The 50s-90s: the birth of global communications and the birth of hacking

Part 2 is available here: 2000-2007 hacking becomes big business

This is a guest post by Tony Dyhouse. Tony is one of QinetiQ’s senior managers and runs the cyber security arm of the ICT Knowledge Transfer Network. He has a wealth of experience in all areas of Cyber Security and Information Assurance.

About the ICT Knowledge Transfer Network

The ICT Knowledge Transfer Network (ICTKTN) is an independent body set up by the Technology Strategy Board. Its aim is to deliver improved UK industrial performance by facilitating the development and take up of information and communications technologies, and their adoption as key enablers in other industries.

The KTN runs free-to-attend events, develops workgroups to investigate and advise on key ICT challenges and promotes collaboration between business, government and academia as a route to ICT innovation.

The KTN is a free membership organisation. To find out more, or to join, visit www.ictktn.org.uk

The 2000s saw rapid change in the methods and motivations of hackers. Following 9/11, the security services again cracked down, driving hackers further underground and into the hands of organised crime. Combined with the increasing global reliance on IT, identity theft became mainstream. Increased computing power and “always on” connectivity allowed the creation or ever larger botnets, giving hackers access to vast computing power to launch mass phishing scams and bring down IT systems using DDoS attacks. By the mid 2000s, online fraud profits had out-stripped drug dealing.

As well as the millions of individuals who had their identity stolen through malware or social engineering attacks, major hacks started stealing personal and financial information en masse. In 2007 TJX dept store lost 45 million customer credit card details, at an estimated cost of $250M. Shortly after, Hannaford Bros Grocers had 4.2 million credit card details exposed, at an estimated cost $252M.

In 2003 US government systems came under co-ordinated attack designated Titan Rain, believed to be Chinese in origin and now classed as “Advanced Persistent Threat” (APT). In 2007 major organisations including government and media across Estonia were taken out for days with a DDoS attack, retaliating against a decision to move a symbolic Soviet era statue.

In December 2007, Jonathan Evans, the head of Mi5 sent a letter to 300 CEOs, flagging serious concerns about the dangers of cyber espionage attacks. Finally, after costing many millions of pounds and the large scale theft of everything from government secrets to company IP, the world was ready to take cyber security seriously.

If you missed out on Part 1, you can read it here: The 50s-90s: the birth of global communications and the birth of hacking.

This is a guest post by Tony Dyhouse. Tony is one of QinetiQ’s senior managers and runs the cyber security arm of the ICT Knowledge Transfer Network. He has a wealth of experience in all areas of Cyber Security and Information Assurance.

About the ICT Knowledge Transfer Network

The ICT Knowledge Transfer Network (ICTKTN) is an independent body set up by the Technology Strategy Board. Its aim is to deliver improved UK industrial performance by facilitating the development and take up of information and communications technologies, and their adoption as key enablers in other industries.

The KTN runs free-to-attend events, develops workgroups to investigate and advise on key ICT challenges and promotes collaboration between business, government and academia as a route to ICT innovation.

The KTN is a free membership organisation. To find out more, or to join, visit www.ictktn.org.uk

Cyber security has been a lot higher on the agenda these last few years. Governments, media and corporations, large and small have been talking about it, and all of these have been affected by attacks.

But until recently, only a handful of stories made the headlines, leaving a skewed image of how cyber security has developed. In cyber security awareness month, it’s useful to take a look back at where it all started and how things have changed.

Arguably the first cyber breach started in 1957 when a blind eight year old discovered that whistling at a certain pitch (2600hz) reset the telephone trunk. By connecting to the telephone exchange using a free number and resetting the trunk he could make free calls. This was later developed into the ‘blue box’, which provided the pitch electronically. John Draper, who created the blue box, was later arrested.

The first big government attack on record was in 1982 when the CIA, under Ronald Reagan, tampered with software to control the SCADA systems in a Siberian Pipeline, causing the largest non-nuclear explosion seen from space. In 1989, the Worms Against Nuclear Killers worm brought down NASA systems days before launch of the Galileo spacecraft which had Plutonium-based power supply units.

A few major incidents aside, prior to the 90s hacking was very much a ‘band of brothers’ activity – a way of showing off your skills. Mass fraud was considered very bad form and stolen bank account details were used only to fund online costs. Hacking communities started to build up in the 80s where hackers could discuss their achievements. Altos Chat was the first major hacking forum and was the place where Pad and Gandalf, perhaps the original UK hackers, met to share tips.

In the 1990s the secret services of the US and the Australian Federal Police started cracking down hard on hackers, and offering reduced sentences to those who shopped their friends. The self regulating community disappeared and hackers started using their skills for profit. In one of the first examples, an Australian hacker used stolen credit card details to order $50,000 of goods including a jet ski from the US which ended up at the docks as no duty could be paid.

The big stories of the 90s were viruses and hacks which damaged many computers and costs companies millions. 8lgm (8-legged groove machine), a group of hackers set up by Pad & Gandalf, compromised major organisations such as the FTSE, NASA, MoD, and Oracle. Pad & Gandalf both served custodial sentences whilst a third member, Wandii, walked free after the jury accepted his plea that he was “addicted” to computers. Also coming to light in early in the 90s were attacks on US Government systems known as “Solar Sunrise” and “Moonlight Maze”. It was discovered that these attacks had started some years before.

This is a guest post by Tony Dyhouse. Tony is one of QinetiQ’s senior managers and runs the cyber security arm of the ICT Knowledge Transfer Network. He has a wealth of experience in all areas of Cyber Security and Information Assurance.

About the ICT Knowledge Transfer Network

The ICT Knowledge Transfer Network (ICTKTN) is an independent body set up by the Technology Strategy Board. Its aim is to deliver improved UK industrial performance by facilitating the development and take up of information and communications technologies, and their adoption as key enablers in other industries.

The KTN runs free-to-attend events, develops workgroups to investigate and advise on key ICT challenges and promotes collaboration between business, government and academia as a route to ICT innovation.

The KTN is a free membership organisation. To find out more, or to join, visit www.ictktn.org.uk

The interview below shares Redi’s insights into future cyber threats and ventures into the mind and motivation of the hacker.

UKFast: How long have you worked in cyber security? How has the online world changed since then?

Alberto Redi: I have been in the cyber security business for 8 years, and running the Swiss company, Security Lab since 2006.  In this period the process of turning from ‘hacking-for-fun’ to ‘hacking-for-money’ has been completed.

UKF: We have seen only this week that cyber threats are continually evolving, with the discovery of a new ‘Stuxnet’ style worm targeting European countries; what are the major changes that businesses should expect in the coming year?

AR: The changes in cyber threats going on now are what we predicted nearly 10 years ago; that hacking starts seriously targeting smartphones. Despite the hype, hacking social media is already widespread, so I don’t see this as any bigger threat in the future.

The change that has to be addressed NOW is to increase public awareness first, which will then have an impact on the levels of overall corporate awareness.

Just two or three years ago, for example, it was very uncommon for companies other than Telco or the banks to place any kind of budget on auditing their security. We can see the threats and attacks that happen online everyday in the press, but it’s still not enough to make the public think carefully.

People read news about cyber-attacks and hackers with curiosity, but this still does not alter their awareness level.

Companies can close down as a result of a hack attack, see the SSL certificates hack on Dignotar for a recent example. They can lose a lot of money and more importantly lose their credibility; we just have to look at Sony for a clear example of this.

The Stuxnnet worm, targeting nuclear plants, is expected to mutate to a second version. Is that not enough to make people take notice of the threats out there?

UKF: Cyber threats through social media may be ‘nothing new’ but we are hearing time and again that social media sites are feeding hackers – what is your view?

AR: Without a doubt social media is making hacking easier. Nearly everyone who uses a computer also uses at least one of the social network sites and is using both with a very low level of risk awareness.

Additionally social networks make it very easy to put social engineering strategies in place [tricking people into performing actions or divulging confidential information]. Many people still think that what they see on the screen is essentially real, but people must understand that although it looks exactly the same, occasionally it is not.

UKF: The Zone-H website provides an archive of defaced websites from across the globe – providing a platform for hackers to share their website defacements. The majority of the defacements listed on the site are ‘just-for fun’ small scale hacks by script-kids.

Seeing the continually growing list of hack victims posted every day on Zone-H, it seems that the hacking wave is relentless at the moment. Why do hackers hack?

AR: Well, if you look at the Zone-H statistics it’s clear that the main reasons behind most low-end attacks are “just for fun” or for a “political reason”. In this case we are talking just about defacements, which can be considered as a basic ground school.

The real reason for proper hacking, especially for highly skilled hackers, is money – the strongest motivation in the world.

UKF: Although script-kids are considered to be at the low end of the spectrum, they can still cause a lot of damage to a business’s reputation. Who do you believe is more of a threat, the skilled hacker or the ‘script-kid’?
AR: Script kiddies make a lot of noise and, from time to time, they do cause serious damage. But skilled hackers can go one of two ways. If they don’t take the route of turning into security professionals, they are likely to join criminal organizations and become even more dangerous by going underground so that we no longer hear them coming.

UKF: This year has seen the rise of the hacktivist. They have brought hacking and cyber safety into the spotlight – what are your opinions on LulzSec and Anonymous?

AR: When it comes to hacktivists like Lulzsec and Anonymous, I cannot agree with or condone anyone taking part in illegal activities. However these organizations are highlighting the dangers of cyberspace and increasing the awareness which will hopefully lead to a more secure cyber world in the future.

UKF: Who is most at risk from hackers and cyber threats?

AR: Everyone is at risk and everyone should remember this to help ensure a more secure cyber world. Why are people leaving their homes with locked front doors but surfing the web with an obsolete antivirus and no firewall?

UKF: In an age where cyber threats are evolving so quickly and high-profile hacking attempts are an increasingly regular occurrence, what can businesses do to protect themselves from these hacking attacks?

AR: It’s a difficult question. Security is a holistic process where the human factor is the weakest.
The key areas that businesses should be focussing their cyber security strategies on are awareness, patching, tools and auditing.

UKF: What course of action would you recommend if a business has been hacked?

AR: Basically if a business has been hacked it’s too late. Security is like an insurance policy, you have to think before it happens. The only thing that you can do once you have been hacked is to report the attack and try to fix the problem with well-known security specialists. The do-it-yourself approach in the security world is not a good idea.

UKF: What are your top 5 tips to stay ‘cyber-secure’?

AR: My top five tips are:

1. Awareness [know the threats that you are facing]
2. Patching [software or updates to fix problems and bugs – including fixing security vulnerabilities]
3. Tools [that help the application of a patch]
4. Auditing [evaluate the strengths and weaknesses of a cyber security strategy]
5. DO NOT do it yourself!

This is a truism. When you buy a digital book it isn’t the same as buying its paper equivalent. You are buying the right to read the book and that is it. You have no right to sell or share your book because you DON’T own a book, just a protected file.

REMEMBER you do not own the book you have just bought. The company you bought the book from owns it. This is a fundamental difference in the customer experience. You cannot read a great book from your KINDLE, IPad Sony EReader or whatever digital platform you have and then file share with a friend afterward.

In a bizarre incident a few years ago, a Kindle owner in Germany was reading 1984 by George Orwell and suddenly the book disappeared. It disappeared because there was a copyright dispute in that territory and Amazon deleted the file. It went. Gone. Vamoose. In traditional paper book terms, if somebody walked up to you in the street and took your copy of 1984, that would be deemed theft, but as Amazon owned the book and you didn’t, it wasn’t.

There is also the huge issue of privacy. This hasn’t really been discussed as everyone seems to think accessibility and portability far outweigh these disadvantages. After September 11^th 2001, the American Administration passed The Patriot Act. Under this act, if the E-book provider deems your reading to be subversive, indeed anti – American, then they have to, by law, inform the authorities and you could be arrested and detained indefinitely. If you decide, for whatever reason, to read ‘the Anarchists Cookbook,’ you may find yourself in Guantanamo Bay. This isn’t conspiracy theory, this is reality. This is a direct assault on freedoms of expression and the inalienable right to choose to read in the privacy of your own home, what you want.

Never, ever forget that Amazon, Google, Apple are multi – billion dollar shopkeepers. They want to sell you goods. If they can get their goods in front of you, then they are three quarters the way into doing what they are born to do. SELL. Making a dollar.

THIS WILL HAPPEN.

Remember, whatever EReader you have in your hand is a digital shop window and the shopkeeper will use this to sell their wares.

You will be reading a recent acquisition and it is a cracking story when there’s a PING, the page of text disappears and RONALD MCDONALD appears and asks you if you’re hungry why not pop round the corner; directions will be given by a burger sponsored GPS system, to the nearest Maccie D’s.

It may not be burgers but once every household has a digital platform in everyone’s hands, the high street will be dead, your reading experience ADVERTISED to distraction and the SHOPKEEPERS will have at their disposal all your buying information and access to personal and banking details they can tell government about. Or the insurance man down the road.

Digitisation is a great advance but please be aware of the important implications!

A new virus has now been uncovered by leading cyber security firm, Symantec , which has many of the same characteristics as Stuxnet. This new, highly sophisticated computer worm, named Duqu, was discovered on Friday targeting companies in Europe.

It does not seem that Duqu is attempting to vandalise systems, rather spy on them. However the code is so similar to Stuxnet that it is highly likely it was engineered by the same people. A spokesman for Symantec said: “The majority of the code is consistent with the Stuxnet code, so this new worm either came from the authors of Stuxnet or someone was given access to the Stuxnet source codes”.

The firms being targeted have not been disclosed but the information Duqu gathered was sent to a server in India.

Indications are that this is just the first of a wave of Stuxnet-type viruses –  with more sophisticated versions, with the aim of disruption rather than just data gathering, emerging in the next few months.

“Stuxnet really laid new territory in terms of being able to get into and being able to control these nuclear power facilities,” said the spokesman.

“The significance here is that since Stuxnet we have not seen anything else of that level of complexity. It has gone a little quiet since then. The question we are now asking is: ‘Do they have a new goal or purpose?’”

Earlier this month the story broke that the control systems for US air force drones had been infected by a virus. As viruses become more and more sophisticated we are likely to see many more reports of high value computer systems being hit.