Mozilla finally shuts down Firefox Send


Keumars Afifi-Sabet

18 Sep, 2020

Mozilla has discontinued its encrypted file-sharing service Firefox Send a couple of months after suspending the service after reports it was being abused to distribute malware and conduct spear-phishing attacks.

Send was initially rolled out in March 2019 as a free encrypted file-sharing platform that allowed individuals to share files from any browser without having to install third-party software and without fear of the files being intercepted.

However, developers were made aware in July of reports that Firefox Send was being used in a number of malware operations, prompting the company to suspended the service a little more than a year after it was first launched.

In practice, when somebody received a link to a file, they would simply need to click on it to start the download, without having to sign up to an account. They were also able to send supported files of up to 1GB without needing to sign up, or 2.5GB for those who had a Firefox account.

Originally, Mozilla said it would take Firefox Send offline on a temporary basis while improvements were made, although it now appears that effort was unsuccessful.

“Unfortunately, some abusive users were beginning to use Send to ship malware and conduct spear-phishing attacks,” Mozilla said in an update. “This summer we took Firefox Send offline to address this challenge.

Mozilla has also decommissioned its Firefox Notes service, which the organisation claims allowed it to experiment with new methods of encrypted data syncing. The Firefox Notes desktop browser will continue to be functional for all existing installs, although this will no longer be maintained from early November – when the service will be decommissioned.

Box updates bring collaboration and security improvements for remote workers


Bobby Hellard

18 Sep, 2020

Box has revealed a slew of integrations and updates designed to help users manage and secure their workflows from anywhere.

The new features include integrations with Apple and Microsoft Teams, collaboration updates, and some new security and compliance settings within Box Shield.

Revealing the updates at the company’s BoxWorks conference, CEO Aaron Levie said that it has never been more challenging for enterprises to both secure their data and keep up with the pace of business.

“Our vision has always been to provide a central source of truth for your content in the cloud,” sai Levie. “At BoxWorks Digital, we’re enhancing that vision with innovation that will make it incredibly easy to collaborate on a single platform that’s secure, simple to use, easy to manage, and that extends to all the apps your teams use every day.”

Earlier in the year, Box introduced a feature that allowed users to create annotations in the Box web app. As of Thursday, this feature is now also available on iOS and fully supports the Apple Pencil. With it, users can highlight text and images, or leave a comment on the preview of a document.

Box has also expanded its integration with Microsoft Teams with users able to choose a Box folder to be synced automatically with a Microsoft Teams chat group. Users can also instantly grant access to Box files from within Teams and receive Box notifications related to content activity.

With more emphasis on remote working, Box has also updated some security and compliance protocols within its automated security hub, Box Shield. It starts with a new policy exception feature, which must be opted-into at corporate level. It allows employees to suggest policy exceptions by providing a business justification, which is then recorded for auditing purposes. This is expected to be made available to Box Shield customers sometime next year.

The company is also adding event-based retention to its content lifecycle management toolset. With this, users will be able to retain and migrate files for a configurable amount of time depending on their business needs. This includes changing schedules for the migration of files after a client account is closed, a contract expires, or an employee leaves the company.

Accenture ploughs $3 billion into cloud migration support group


Sabina Weston

17 Sep, 2020

Accenture has announced the launch of Accenture Cloud First, a $3 billion (£2.3bn) investment which will aim to help clients accelerate their digital transformation projects and become “cloud-first” businesses.

The new multi-service group will comprise 70,000 cloud professionals, combining Accenture’s cloud expertise and industry insights with its data and Applied Intelligence capabilities.

The goal is to provide its customers with cloud-focused upskilling over the next three years, the company said on Thursday.

The venture will be led by Karthik Narain, who is set to join Accenture’s Global Management Committee on 1 October. Narain previously led Technology services for the company’s Communications, Media, and High Tech industry segments. He joined Accenture in 2015 after a decade as VP at HCL Technologies.

The launch follows a steady rise in demand for cloud-based services during the pandemic and a steep decline in the use of physical offices and customer-facing stores.

“COVID-19 has created a new inflection point that requires every company to dramatically accelerate the move to the cloud as a foundation for digital transformation to build the resilience, new experiences and products, trust, speed and structural cost reduction that the ongoing health, economic and societal crisis demands — and that a better future for all requires,” said Accenture CEO Julie Sweet.

“Accenture Cloud First and our substantial investment demonstrate our commitment to delivering greater value to our clients when they need it most. Digital transformation requires cloud at scale, and post-COVID leadership requires that every business become a ‘cloud-first’ business,” she added.

The company said that the $3 billion investment will be used to create industry roadmaps and data models, and build AI-based architectures that customers can build on.

The hope is that, by 2023, the project will be providing customers with cloud tools, assets, and automation software to help drive innovation, as well as cutting-edge research into the latest cloud technologies, such as edge computing.

Paul Daugherty, Accenture Technology group chief executive, described the cloud as “the most disruptive and value-creating technology of our time” and a “foundation for the digital transformation”.

“With most businesses currently at only about 20% in the cloud, moving to 80% or more rapidly and cost effectively is a massive change that requires a bold new model,” said Daugherty. “Accenture Cloud First, along with our $3 billion investment and our market-leading Software as a Service capabilities in Intelligent Platform Services, ensures that we provide our clients with value, speed and innovation in every part of their cloud journey.”

The announcement comes just days after Accenture launched the latest version of its myWizard Intelligent Automation Platform, which allows organisations to create, implement and measure enterprise-wide automation strategies and reimagine their information technology systems for efficiency and performance.

UK’s WANdisco partners with AWS to drive cloud migration projects


Bobby Hellard

17 Sep, 2020

Cloud specialist WANdisco has partnered with Amazon Web Services (AWS) to launch a rapid self-service data migration tool, in a deal that’s seen as a major win for the UK cloud industry.

The ‘LiveData Migrator’ lets companies move any size of on-premises data to AWS within minutes and without the need of engineers or specialists.

WANdisco, a publicly listed company with dual headquarters in Sheffield and California that specialises in distributed computing, is already an ‘Advanced Technology Partner’ in the AWS network and its LiveData Migrator services has also achieved AWS Migration Competency status – which requires a proven level of technical proficiency and customer success.

It is one of four AWS partners to collaborate on migration requirements for use cases including Hadoop, storage and database data migration, and mainframe data integration.

One of the first to use the LiveData Migrator is website hosting platform GoDaddy, which shifted 500 terabytes of Hadoop Distributed File System (HDFS) data to Amazon S3.

“We found that WANdisco’s LiveData Migrator delivered the best time to value solution in the use case of a Hadoop to Amazon S3 data migration and replication,” said GoDaddy chief data and analytics officer Wayne Peacock.

“Rather than running an internal time-consuming and costly manual migration project, using LiveData Migrator has helped us avoid disruption to our production processes and made 70 TB of data immediately available for Amazon S3 testing.”

Migrating large data volumes with traditional approaches requires disrupting the operation of on-premises applications, but the LiveData Migrator works without any production system downtime or business disruption, according to WANdisco.

“Enterprises that want to move their data to the cloud but are concerned about the risks of doing so now have a powerful solution that’s self-service and extremely easy to use,” said WANdicso CEO David Richards.

“Regardless of company size or technical expertise, LiveData Migrator enables businesses to migrate their data risk-free to the cloud on a massive scale without any disruption to business operations. Data can be accommodated without any risk of data loss while modernising data and applications to stay competitive.”

Google bans ‘stalkerware’ from Play store


Sabina Weston

17 Sep, 2020

Google has issued a ban on any software that allows an individual to track the whereabouts of other users without their consent, apps often referred to as ‘stalkerware‘.

As a part of new changes to its Developer Program Policy, Google said that Android apps intending to monitor other users’ behaviour will be obliged to present the tracked user with a persistent notification and unique icon that clearly identifies the app.

They will also be banned from advertising themselves as a “spying or secret surveillance solution” and will be unable to “hide or cloak tracking behaviour or attempt to mislead users about such functionality”.

However, the ban, which comes into effect on 1 October, does not apply to apps used by parents to track the whereabouts of their children. Any software that allows companies to track employee devices, such as enterprise management apps, will also be excluded from the ban.

According to David Emms, principal security researcher at Kaspersky, apps which help monitor adults without their permission or knowledge “masquerade as parental control software and call themselves legal that way”.

“The whole category is tricky because we can’t label it as malware and report it as we would a backdoor trojan or similar, because in some jurisdictions it’s legal so it straddles a grey area,” Emms told IT Pro last month.

According to Kaspersky research, the period between January and August 2019 saw over 518,223 cases globally where the company’s protection technologies either registered the presence of stalkerware on user devices or detected an attempt to install it – a 373% increase in the same period in 2018.

Apart from the formal ban of stalkerware apps, Google also announced that it would be making changes to its policy in order to tackle the issues of misrepresentation and gambling.

Effective from 21 October, developer accounts will not be allowed to mislead users by impersonating any person or organisation, as well as misrepresenting or concealing their ownership or primary purpose of the app.

Google will also restrict online gambling to the UK, Ireland, France, and Brazil.

For confidential advice, call the National Abuse Helpline on 0808 200 0247 or visit nationaldahelpline.org.uk

Zoom will reportedly add ‘Slack-like’ chat functionality


Bobby Hellard

16 Sep, 2020

Zoom is reportedly working on a major update to the messaging functionality of its video conferencing platform to build a more ‘Slack-like’ service. 

The company has hired a “significant number of engineers” to move its basic text interface to a more advanced setup, according to The Information

Zoom is actually a partner of Slack and both services offer similar products, though each specialises in different segments. Slack is mostly a chat-based platform – though it does have low key video comm services, while Zoom is a rapidly growing video conferencing platform.

A lot of companies, particularly in the startup space, use both in tandem. 

However, as standalone services, both are rivals of Microsoft Teams which has both video conferencing and instant messaging capabilities. Slack has been heavily critical of Teams, calling it a “weak copycat product” when filling an antitrust complaint. Zoom, however, hasn’t voiced any concerns over Microsoft’s rival product – despite Microsoft reportedly labelling the firms as a “threat”. 

All three services have seen gains during the pandemic, particularly Zoom, with its revenue shooting up 355% year on year. Teams reportedly surpassed 44 million daily active users at the very start of lockdown, but Slack CEO Stewart Butterfield argued that the figure was inflated by the fact Teams was bundled into Office 365, suggesting it was anti-competitive.

Slack’s own revenue has seen a sharp decline with growth falling 32% compared to the 49% recorded in Q1. 

The general consensus seems to be that Slack is falling behind Teams, and unless its antitrust complaint is successful, its growth could be hampered. The company recently launched a service for adding external organisation to channels, called ‘Slack Connect‘, which is seen as a big play to kill off email. 

The current chat capabilities on Zoom already resembles Teams, though it doesn’t have ‘channels’ and seems more like a rudimentary instant messaging service. It does, however, sync with Google services. 

Nokia simplifies Microsoft Azure integration


Sabina Weston

16 Sep, 2020

Nokia has announced a slew of new features for its Nokia Digital Automation Cloud (DAC) private wireless networking platform, including simplified integration with Microsoft Azure IoT modules.

Nokia’s new approach to software installation, described as  ‘click and deploy’, means that Microsoft Azure IoT Edge Modules such as Modbus can now be deployed on the Nokia DAC edge server.

The announcement comes almost a year after Nokia and Microsoft made their first joint solutions public. In November 2019, the two companies announced a strategic collaboration aiming to accelerate transformation and innovation with the help of cloud, artificial intelligence (AI), and the Internet of Things (IoT).

BT was the first global telecommunications service provider to provide its enterprise customers with a managed service integrating Microsoft Azure cloud and Nokia SD-WAN solutions.

According to Stephan Litjens, general manager of Nokia Digital Automation: “Microsoft Azure IoT services enable customers to address interconnected scenarios across multiple industries that include manufacturing, logistics, utilities, smart cities and transportation”.

The Finnish tech giant also announced that it would be extending platform capabilities complementing private wireless connectivity as well as providing new, integrated voice and video in order to facilitate campus-wide communications.

“With the new functionality and added value features introduced today, we further ease and accelerate customers’ transformation path towards Industry 4.0”, said Litjens.

Nokia’s DAC team comms and DAC VoIP will now offer voice and video solutions to provide customers with secure communication, regardless of how many people they are speaking to. The new on-premise applications are delivered over the platform’s scalable edge cloud and are expected to be especially useful for larger, asset-intensive locations such as ports, mines, and factories.

Nokia DAC Applications head Tuuli Ahava said that the new features will “address the questions facing organizations as they begin to implement Industry 4.0 use cases”.

“Data security, backward and forward compatibility, legacy system integration, ecosystem access, and ease-of-use are just some of the concerns that the DAC platform resolves in one optimized solution,” she added.

The announcement follows the launch of Nokia’s 5G SA private wireless network, which is used by Lufthansa Technik, Toyota Production Engineering, and Sandvik.

MFA bypass allows hackers to infiltrate Microsoft 365


Keumars Afifi-Sabet

15 Sep, 2020

Critical vulnerabilities in multi-factor authentication (MFA) protocols based on the WS-Trust security standard could allow cyber criminals to access various cloud applications including core Microsoft services.

Microsoft 365 is the most notable cloud service that can be infiltrated in such a way due to the way the platform’s session login is designed, according to Proofpoint, with hackers able to gain full access to a target’s account. Information including emails, files, contacts, among other data points would be vulnerable to such an attack.

This is in addition to the MFA bypass granting access to a host of other cloud services, including production and development environments such as Microsoft Azure as well as Visual Studio.

The flaw lies in the implementation of the WS-Trust specification, an OASIS standard that is used for renewing and validating security tokens and establishing trusted connections. Proofpoint researchers claim that WS-Trust is inherently insecure and that Microsoft’s identity providers implemented the standard with a number of bugs.

These vulnerabilities can be exploited to allow an attacker, for example, to spoof their IP address to bypass MFA through a simple request header manipulation. Changing the user-agent header, in another example, may also cause the system to misidentify the protocol, and believe it to be using ‘modern authentication’. 

“Most likely, these vulnerabilities have existed for years. We have tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues,” Proofpoint said.

“Vulnerabilities require research, but once discovered, they can be exploited in an automated fashion. They are hard to detect and may not even appear on event logs, leaving no trace or hint of their activity. Since MFA as a preventative measure can be bypassed, it becomes necessary to layer additional security measures in the form of account compromise detection and remediation.”

With MFA becoming an essential and more widely-adopted additional layer of security to reinforce username-and-password logins, cyber criminals are certainly more attracted to identifying and implementing bypasses.

This is particularly pertinent during the coronavirus crisis, where the mass shift to remote and home working meant critical apps and services were being accessed from insecure locations, with protocols such as MFA in place to bolster cyber security.

Microsoft retrieves underwater data centre after two years


Bobby Hellard

15 Sep, 2020

Microsoft has retrieved a data centre from the ocean floor, just off the coast of Orkney, Scotland, and early signs show that the project was a successful moonshot. 

Of the 864 servers onboard, Microsoft reports that only eight faulted, which is an eighth of the failure rate of a typical land-based data centre.

A team from Microsoft sank the cylindrical storage container, called “project Natick“, in 2018. It was loaded with 12 server racks and ocean water was used to keep the servers cool. The container was also sealed and filled with nitrogen, which is not as corrosive to computer equipment as oxygen.

The Natick research team are now conducting tests on the data centre to see what they can learn from the experiment and how it could help to solve environmental problems raised by conventional data centres.  

“Computers are not designed to work in the environment we humans operate,” said Spencer Fowers, principal researcher for project Natick. “Things like oxygen, moisture in the air, that is really bad for computers, it causes corrosion on the components. 

“You also get temperature fluctuations. The heat from night to day, summer to winter, can cause those components to fail so we had this theory: if we’re in a really stable environment, we’re in this cylinder, we’ve taken all the oxygen out, controlled the humidity, no one’s walking around, bumping into things, causing additional failures, we’d see better reliability.” 

The concept of an underwater data centre first came up at Microsoft’s 2014 ‘ThinkWeek’ as a way to provide fast cloud services to coastal populations. With more than half of the world’s population living within 120 miles of a coast, localised hubs would give data a shorter distance to travel, leading to smoother, faster services. 

Once it was hauled out of the sea, the container was cleaned and air-samples were retrieved. The data centre was then loaded onto a truck and driven to a facility in the North of Scotland, where the server racks were slid out so Fowers and his team could perform health checks and collect components to send to Microsoft for analysis.

Among the components boxed up and sent were the failed servers and related cables. The researchers think this hardware will help them to understand why the servers in the underwater data centre are seemingly more reliable than those on land.

Xero urges UK gov to introduce digital tax relief for SMBs


Sabina Weston

15 Sep, 2020

Xero has urged the UK government to step and encourage SMBs to use digital tools to their fullest potential in a bid to help the economy recover from the impact of the COVID-19 pandemic.

According to a new report from the cloud-based accounting software provider, smaller businesses have been more dramatically impacted by the current financial crisis than larger enterprises, with job losses estimated to be almost twice as big. 

By analysing 300,000 customers’ anonymised and aggregated data, Xero found that resilience and recovery of SMBs is significantly influenced by their digital skills.

SMBs that used business management apps before the financial crisis had 12% smaller revenue declines as well as 12% less job losses. Moreover, businesses with at least five apps connected to their account suffered from losses a third smaller than other SMBs during the crisis, and had 40% fewer job losses.

The findings from the report have resulted in Xero calling on the UK government to encourage small businesses to use digital tools to their fullest advantage. The company’s policy recommendations include a digital tools tax relief, improved regional internet access, as well as an offset of technology expenses against tax in order to aid small businesses in digitising and building resilience for future economic challenges.

Managing director of Xero, Gary Turner, described the economic recovery as “at a crossroads now as furlough and eating out schemes come to an end”. 

“As unpredictable as this year has been, one certainty is that digitally-enabled businesses are likely to recover faster than those who aren’t,” he said.

“We’re calling on the Government to support business recovery with funding for tech adoption and the introduction of a tax offset for expenses against technology implementation. Driving digitisation will help countless small businesses to get back on their feet.”

The message to the government comes as Xero announces changes to its Starter Plan, aiming to facilitate cash flow management and growth for SMBs during the pandemic.

Xero users can now send up to 20 invoices a month and make as many bank reconciliations as they need. The company has also announced the launch of a new Xero Projects’ profitability dashboard, aiming to simplify the overview and management of projects and their profitability by showing total profit margin, all work invoiced, and costs. 

Xero’s chief product officer Anna Curzon said that the company wants “to help these new businesses that are starting off now to be set up for a digital environment right from the start by lowering the barriers of entry”.

“We also know that with COVID-19, being paid on time and controlling cash flow has become more important than ever,” she added. “We want to do all we can to ensure businesses stay strong by providing deeper cash flow insights and creating seamless experiences to help them get paid faster.”