All posts by Connor Jones

Salesforce sued over dealings with sex trafficking site


Connor Jones

28 Mar, 2019

Salesforce is facing a lawsuit which alleges the company profited from and knowingly facilitated sex trafficking on now-defunct website Backpage.com.

The suit has been filed by 50 anonymous women who claim to be victims and survivors of sex trafficking, abuse and rape as a result of the activity that was taking place on Backpage.com, a website that used Salesforce software during its operation.

Ironically, the lawsuit points to the Silicon Valley CRM giant’s publicly promoted anti-human trafficking campaign at the time of its work with Backpage.

“Salesforce knew the scourge of sex trafficking because it sought publicity for trying to stop it,” according to documents filed in the Superior Court in San Francisco. “But at the same time, this publicly traded company was, in actuality, among the vilest of rogue companies, concerned only with their bottom line.”

Salesforce started working with Backpage in 2013, right around the time the website’s numbers began to fall and the human trafficking accusations piled up, prompting loud calls from social and legal bodies to have the site pulled offline.

A spokesperson from Salesforce said that while the company is unable to comment on ongoing litigation, it is “deeply committed to the ethical and humane use of our products and take these allegations seriously”.

The core argument from the legal filing contends that Salesforce publicly campaigned against human rights violations while privately supplying software to Backpage, the claim being that such services provided the “backbone of Backpage’s exponential growth”. It also claims that Salesforce “designed and implemented a heavily customised enterprise database tailored for Backpage’s operations”.

Backpage was seized by the FBI in April 2018 after investigations showed that it was guilty of harbouring human traffickers on its site who targeted adults and children.

The site was widely used like the popular Craigslist whereby users posted ads and listings to sell items, advertise rental homes and jobs but also had an ‘adult services’ section where the crimes took place.

Backpage’s CEO Carl Ferrer faces five years in prison and is due to be sentenced in July.

AMP for Gmail launches in bid to boost productivity


Connor Jones

27 Mar, 2019

Google has officially announced its AMP for Gmail feature, which aims to revitalise the long-standing, barebones email user interface into a more interactive web page-like experience.

Accelerated Mobile Pages (AMP) was announced over a year ago as part of an open-source framework for developers to create faster loading content for the web.

Instead of basic plain text messages, over the course of the next few weeks and months as more organisations start to adopt the new feature, you will receive and be able to send more interactive messages – a feature which Google thinks will boost business productivity.

For example, someone may send over some conditions to a contract which demand written agreement. Instead of typing back a traditional three-word response, AMP can embed an instant messaging window which can be used for further purposes if required.

“Starting today, we’re making emails more useful and interactive in Gmail,” said Aakash Sahney, product manager at Gmail. “Your emails can stay up to date so you’re always seeing the freshest information, like the latest comment threads and recommended jobs. With dynamic email, you can easily take action directly from within the message itself, like RSVP to an event, fill out a questionnaire, browse a catalogue or respond to a comment.”

This will help prevent cluttered inboxes and save users from having to redirect out of the email client to overlook something that can just be presented within the original email, or just answer a questionnaire. AMP aims to streamline the email-based productivity process.

Major companies you’re likely to have some connection to that support AMP for Gmail already include Booking.com, Doodle and Pinterest – so you’re likely to start receiving AMP emails from these firms pretty soon.

If you’re familiar with working in G Suite, you’ll know how annoying it is to get an email through for each individual comment made on a Google Doc. With AMP for mobile, all comments can be viewed in just one email that allows you to edit them directly from your inbox.

Like most new tech advancements that change a major process to which many are accustomed, AMP will probably take a bit of getting used to. Some will argue that Google is trying to re-invent the wheel, but as long as it keeps turning as well as it used to, it doesn’t bother us.

AMP will be rolling out to desktop Gmail clients first with mobile support coming later down the line. It will be interesting to see the extent to which companies will adopt the new format, considering the email format won’t be accessible using some other email clients (Outlook and Yahoo Mail are also currently supported).

Unsecured MongoDB database exposes real-time locations of families


Connor Jones

25 Mar, 2019

The popular family tracking app Family Locator has for weeks exposed the real-time unencrypted location data of over 238,000 of its users.

The app which closely resembles the functionality of Apple’s ‘Find My Friends’ app, allows users to track family members and set up geofencing features which notify users when a family member, leaves work or arrives at school, for example.

Not for the first time this month, the data was left exposed thanks to an unprotected MongoDB database which allowed anyone who knew the exact details of the server to access the information, according to TechCrunch.

The exposed database was found by Sanyam Jain, a security researcher and a member of the GDI Foundation, a non-profit which detects and analyses criminal opportunities and shares them publicly.

None of the data found on the database was encrypted: name, email address, profile photo and plaintext passwords were easily accessible and geofenced locations were visible along with the assigned name. It would be effortless to not only know the user’s location but also where they lived, worked and where their children were schooled.

“Unfortunately, this is yet another case where unprofessional handling of technology has led to data leakage,” said Boris Cipot, senior security engineer at Synopsys.

“A serious misconduct such as this should not happen but, as we often see, they do and usually they happen if and when security procedures are not implemented correctly or disregarded,” he said. “Security should not be taken lightly especially when you are working with data that someone entrusted you with.” 

The developer of Family Locator React Apps has been unresponsive to approaches from the media. TechCrunch tried to contact the company for over a week but its website had no contact information and the record from the Australian Securities and Investments Commission returned only a name of the company’s owner.

The database was later pulled offline by Microsoft as it was hosted on its Azure cloud but it’s unknown for how long the database was left exposed.

MongoDB earlier this month was at fault for another data breach; researcher Bob Diachenko discovered the unprotected database containing 809 million email records, many of which contained personally identifiable information.

Matters got worse when security company DynaRisk confirmed that the number of leaked records was actually three times higher than first thought, the real number stood at over two billion.

Most records contained surnames, email addresses, gender information, postcode and IP addresses for each entry. The records were cross-checked with the popular HaveIBeenPwned website which showed the data had not been previously found in a data breach, meaning this discovery was new and the affected people had not been the subject of a data breach previously.

MWC 2019: VMware says telcos must move 5G infrastructure into the cloud to stay ahead


Connor Jones

27 Feb, 2019

VMware made many announcements at MWC 2019 and they all centred around one common theme: network virtualisation.

“If a telco wants to progress in the future, they need to think software-defined,” said Gabriele di Piazza, VP products & solutions for telco at VMware. “More and more communication service providers (CSPs) are turning to VMware to lead their transformation ahead of 5G rollout.”

It thinks that there needs to be a shift away from hardware-defined architecture, towards a fully virtualised one which will enable telcos to beat competitors to market with fully automated, scalable infrastructure.

Traditional data centre models will be a thing of the past and phones will transmit to masts and that data will be sent to the cloud, where the network is managed virtually in a SlaaS configuration – we’re noticing a pattern here.

VMware calls it a ‘telco cloud’ which will exist alongside the traditional public, private, hybrid and edge clouds. The network function virtualisation (NFV) platform on its telco cloud will enable better management of a network and improved efficency of services.

Features and applications can be applied to the cloud environment such as machine learning-driven technology that can spot issues and vulnerabilities and automatically patch them without having to physically attend a data centre and make a repair.

“With the current demands placed on carrier networks reaching new levels and 5G on the horizon, there’s no room for error when it comes to network infrastructure,” said Piazza. “Near real-time solutions are the key to identifying and fixing issues in order to keep networks humming. Networks need unified monitoring, automation and assurance across physical and virtualized networks to deliver the highest levels of performance, scalability and resiliency.”

Among the vast amount of announcements the company made at this year’s MWC which included its telco cloud, NFV virtual cloud platform, it also announced some key business partnerships that aim to strengthen 5G network management on the whole.

Building on a relationship dating back to 2012, VMware announced it’s teaming up with Ericsson to test, validate and optimise the biggest network functions in VMware’s cloud.

This makes both firm’s offerings more appealing as Ericsson becomes one of the prime chargers in the 5G infrastructure scene, it benefits from having its applications available on the VMware cloud and having them tested for assurance by the pair of them.

It will make it easier for telcos to access and manage the Ericsson services they need while knowing that they’re safe and optimised as they reside in the cloud.

VMware also announced that it will be servicing T-Systems as its managed services provider using its Workspace One multi-cloud platform.

When the company hires a new employee, that employee’s work device, say a phone, can be delivered to them on their first day pre-loaded with every application they need to function in the office.

One of the main issues with the current workplace is those presented, ironically, by security products, said Adam Rykowski, VP product management for Workspace One.

Multi-factor authentication can be an issue for new starters or when working remotely because users would have to log in to every service, of which there could be up to 30-40 which is hugely laborious and time-consuming.

Using Workspace One, all the apps the employee needs reside in the cloud and can be accessed using a single sign-on that VMware applies to all relevant apps.

Rubrik security slip-up exposed masses of its corporate clients’ data


Connor Jones

30 Jan, 2019

Data management company Rubrik was found to have an unsecured server that exposed, in some cases, sensitive client information.

The server itself wasn’t password protected which meant that anyone who knew the location of the server could access it, according to TechCrunch. It held tens of gigabytes of data including client names, email addresses, email signatures and their case work.

Rubrik, which is valued at $3.3 billion, has some incredibly high-profile clients whose information was on the exposed database which include Deloitte, Shell and the NHS among others.

It wasn’t just the high-profile clients that belonged on the database, all of its corporate clients resided on there and the database was indexed on Shodan, a search engine for exposed devices and databases.

In addition to the names and contact details, contents of emails relating to issues and complaints between clients and Rubrik were also stored on the dedicated client portion of the exposed server. Some emails also included sensitive information about Rubrik’s clients’ setup and configuration.

Rubrik has said it took the database offline within an hour of becoming alerted to the issue, the data from which dated back to October 2018 according to email timestamps.

“While building a new solution for customer support, a sandbox environment containing a subset of our customer corporate contact information and support interaction data was potentially accessible for a brief period of time,” said a spokesperson for Rubrik. “We rectified this issue immediately.”

“We also confirmed that no customer-owned data was exposed,” the spokesperson added. “Other than the security researcher who discovered this issue, no one has accessed this environment”.

This comes as fairly ironic news as Rubrik recently announced that it will expand into the security and compliance market.

On that note, you may have picked up on the fact that some of Rubrik’s clients are based in Europe which means GDPR could come into play. The data giant could face a fine of up to 4% of its annual global revenue for exposing data it is responsible for.

It would be a big blow to the up-and-coming star in data management which raised $261 million from venture capital firms earlier this month and was also listed in the top 5 IPO prospects for 2019 by Mosaic Score.

Lloyd’s bank to advance digitisation by transferring accounts away from legacy IT


Connor Jones

25 Jan, 2019

Lloyds bank is planning to move 500,000 customer accounts from its Intelligent Finance division out of its legacy IT onto a cloud-based banking platform built by Thought Machine, according to the <a href="https://www.ft.com/content/ae57bfcc-1e50-11e9-b2f7-97e4dbd3580d" target="_blank"><em>FT</em></a>.

Intelligent Finance is a sunsetted business which services existing customers and doesn't take on new ones.

Back in November, Lloyds announced a partnership with and £11 million investment in Thought Machine, as part of an initiative to accelerate the banks' digital transformation.

Zak Mian, group director of transformation at Lloyds Banking Group, said at the time: "A key part of our recently launched three-year strategic plan is applying technology innovation to meet our customers' evolving needs.

"I'm really excited to work with the <a href="https://www.cloudpro.co.uk/saas/7822/ibm-chosen-to-push-cloud-native-ban… target="_blank">Thought Machine</a> team to explore ways to simplify and enhance our IT architecture and helping on our journey to make banking easy and simple for customers."

The downside of this digital transformation is that while it's cutting costs, it's also costing jobs. Lloyds has already axed over a thousand of its employees in the last year in two redundancy rounds and now its legacy IT is getting the boot, so will more people whose job it is to maintain those systems.

Lloyd's bank has declined to comment on the matter.

Back in November 2018, <a href="https://www.itpro.co.uk/digital-transformation/32301/lloyds-bank-switche… target="_blank">Lloyds announced</a> that it would cut 6,000 jobs and create 8,000 new digital jobs in the process, with 75% of those affected expected to move into those new positions.

Some specialist roles will also be recruited externally, such as data scientists and software engineers. The bank confirmed that no branches are planned to close due to the changes.

"Lloyds Banking Group will create an additional 2,000 roles, as it strengthens its capability to offer customers new leading-edge digital banking products and services," a spokesperson said at the time.

"The Group is investing to further digitise the bank and will refresh some existing roles and create new roles within its structure, while also providing comprehensive retraining for colleagues to help them build their capabilities to meet the demands of these future roles."

From a business perspective, migrating away from legacy IT is cost-effective and better for security, something that is of paramount importance to all banks.

"It is the legacy that gets you," <a href="https://www.itpro.co.uk/data-breaches/31245/it-s-the-legacy-that-gets-yo… target="_blank">said TalkTalk former CEO Dido Harding</a> referencing the risks of outdated IT in cyber security.

Maintaining these outdated systems could account for up to 80% of a bank's IT budget and in Lloyds's case, it could save them £750 million in annual IT costs, according to the <em>FT</em> report.

BTU general secretary Mark Brown said to the <em>Telegraph</em>: "What they are building is a completely new IT system, and that won't need anywhere near the number of people that are involved in the current IT system.

"If it works and doesn't collapse, it is going to completely change retail banking," said Brown.&nbsp;

Many in the banking sector fear further job losses to more efficient tech, especially after the news this week that Santander will close 140 of high street branches due to customers' evolving needs and preferences towards <a href="https://www.cloudpro.co.uk/finance/6292/how-to-use-mobile-banking-safely" target="_blank">online and digital banking</a>.

It said that branch transactions fell 23% while digital banking transaction increased 99% last year and figures from the Office for National Statistics show that nearly 6,000 local branches have shut since 2010 which is a fall of a third.

Cloud security products uninstalled by mutating malware


Connor Jones

18 Jan, 2019

Unit 42, the global cyber threat intelligence arm of Palo Alto Networks, has discovered new forms of a Linux coin mining malware originally used by the Rocke group which attacks Linux servers, aka a large portion of all servers in the world.

The malware which is believed to be related to the Xbash malware detected in September 2018, will infect a server and then mutate, downloading new code which allows it to assume administrative control and delete cloud services installed on them.

The security products weren’t compromised specifically, instead, the threat actor was able to simply remove them from the server altogether in the same way a legitimate system administrator would be able to.

The samples analysed by Unit 42 targeted cloud services provided by two of China’s leading cloud providers: Tencent Cloud and Alibaba Cloud (Aliyun). It’s also believed by the threat intelligence team that the analysed samples are the first form of malware that can target and delete cloud services from servers.

The threat isn’t just presented to hosts of Linux servers, Cloud Workload Protection Platforms (CWPP), which are essentially built-in security services into cloud products tailored to stop malware intrusions, are also under threat.

The threat is worth taking seriously, considering Tencent Cloud and Alibaba Cloud (Aliyun) both have CWPPs included with their products which means they’re not doing enough to mitigate attacks, evidently with the latest one which attempted to mine Monero using Linux hardware.

The Xbash family of malware which was first discovered in Septemeber 2018 is devastating, with analysed samples infecting servers in worm-like fashion and destroying data on the server while posing as ransomware. Researchers found no evidence in the attack code that a provision was in place whereby data could be restored following the ransom’s payment.

Linux is more prevalent than one might think, Microsoft Azure is now predominantly run on Linux servers – it’s not just the Chinese cloud environments being hosted via Linux, it’s likely that your business is running at least one cloud service on a Linux server too.

Vodafone teams with IBM to drive next wave of digital transformation with 5G


Connor Jones

18 Jan, 2019

Vodafone and IBM have announced a partnership that will see the pair delivering new opportunities to businesses looking for ways to harness the power of 5G in their cloud computing services.

The collaboration aims to provide companies with the technology to integrate multiple cloud environments and prepare for the next wave of digital transformation, with a focus on wide-scale AI adoption and 5G implementation.

According to Vodafone, more than 70% of organisations today use up to 15 different cloud environments and the technology that Vodafone and IBM provide will aid the interconnectivity of all those clouds.

IBM will provide managed services to Vodafone Business’ Cloud and hosting unit under an eight-year deal valued at around $550 million. Vodafone’s 5G and IoT tech will be integrated with IBM’s multicloud, which will enable use cases such as super-fast connectivity between factory-floor robots. The technology is predicted to be operational in the first half of 2019.

Another example would be the innovation of oil rigs. innovating on an oil rig would have been a challenge due to lack of connectivity and disparate IT systems, Vodafone highlighted: “Today, thanks to edge computing and IoT technologies from Vodafone working with the latest AI and augmented reality applications from IBM, engineers will be able to pinpoint and resolve faults on equipment in minutes rather than hours, potentially saving millions in lost productivity.”

“Vodafone has successfully established its cloud business to help our customers succeed in a digital world,” said Vodafone CEO Nick Read. “This strategic venture with IBM allows us to focus on our strengths in fixed and mobile technologies, whilst leveraging IBM’s expertise in multicloud, AI and services. Through this new venture, we’ll accelerate our growth and deepen engagement with our customers while driving radical simplification and efficiency in our business.”

In October 2018, Vodafone became the first telco in the UK to carry full 5G over a commercial network following its Salford site switch-on.

Using Massive MIMO technology, the 5G connectivity provided multiple data channels over a single antenna on a 3.4GHz spectrum. This was significant as previously companies had tested the technology either within a single location or using parts of the 4G network to complete the 5G service.

The mobile telco has invited local companies and organisations to join its 5G trial through its ‘Future Ready’ innovation centre, which is scheduled to open in spring 2019.

The centre will be equipped with 5G wireless routers, gigabit-capable optical-fibre links and Internet of Things (IoT) services, which can digitally connect “everything from office security systems, vehicles, and household appliances to livestock and pets”.

Box launches UK-specific Box Zone with data centres in London and Cardiff


Connor Jones

17 Jan, 2019

Box has launched an additional data zone for its Box Zones offering, presenting a new zone for the UK with separate data centres in London and Cardiff.

Back in 2016, the cloud content management company first announced Box Zones and said that it would feature eight separate locations where users can store data.

Box offers data centres in the UK, USA, Canada, Ireland, Germany, Singapore, Japan and Australia. The company adds more zones when it receives enough demand from its 90,000 customers, which is why the UK has just received its own data centres.

“Businesses today face a complex and evolving regulatory landscape, none more so than here in Britain,” said Chris Baker, Box senior vice president and general manager of EMEA. “With the Brexit decision pending and the impact on regulation such as GDPR unknown, UK and European businesses are searching for ways to guarantee business continuity. The UK Zone will help companies to address data sovereignty concerns and provide certainty around their content.”

If you think that the decision has anything to do with GDPR or Brexit, then you’d be wrong, according to Baker. Even if Brexit goes ahead, a possibility that’s increased in likelihood over the past few days, GDPR is likely to still apply in UK law in every way but in name, so there must be another reason for opening a UK zone.

Speaking to Cloud Pro, Baker said that the main reason for launching the UK zone was because of contracts which have certain specifications which require data to be held in a certain jurisdiction. One of the requirements of GDPR is that businesses must be certain at all times where given data resides in the world.

“I know some wealth managers, for example, who in their contracts with their clients state that their information will reside in the UK,” said Baker. “It’s not a regulatory thing, it’s just something that the client has decided to do, perhaps because that client prefers that.”

Aerospace companies in the UK sell to governments in the EU, in the Far East and into North America such the USA’s Department of Defence. Usually, when selling to these entities or responding to a request for proposal (RFP), there will be conditions that demand all related content, designs and contracts must reside in that entity’s jurisdiction. So as a UK Aerospace company, you’ll need a zone in NA in order to business there, likewise with EU governments, Baker explained.

“At Virgin Trains, we are a digital-first company with staff and offices across the UK. We are committed to ensuring that those employees have the information and tools to do their best work, even as compliance requirements continue to rapidly change,” said John Sullivan, chief information officer at Virgin Trains. “The UK zone will give choice and control over our content. It is great to see Box’s continued commitment to helping UK customers like Virgin Trainsproactively prepare our data residency strategy.”

Data residency isn’t the only factor which influenced the need for another zone. Businesses often have to visit other countries in order to take meetings, attend conferences and conduct sales and when that happens “the speed of light can be a limiting factor,” said Baker.

Latency is an issue for some customers. Box has a Singapore zone for that reason. If business people in Asia are going to the US and back, the speed of light is a limiting factor in the downloading and uploading of documents – so latency could be a reason for wanting to allocate data to a zone.”

Speaking further about the extent to which Brexit and GDPR could affect businesses and their requirements for a UK Box Zone, Baker said there is concern about divergent regulations following Brexit. It’s unclear whether the UK will change or amend GDPR’s laws which are now domestically enshrined. “This environment is only going to get more complex,” he said.

Startup receives $30 million from AWS and Samsung to fund new IoT tech


Connor Jones

15 Jan, 2019

A startup semiconductor company has just raised a further $30 million in funding from AWS and Samsung, bringing its total funding to $50 million

Williot manufactures a battery-free Bluetooth sensor tag the size of a postage stamp which is being heralded as a low-cost, high-efficiency solution for broad IoT implementation in business.

The Bluetooth tag powers itself using scavenged energy from ambient radio frequencies and can be stuck on a variety of surfaces, somewhat like an RFID tag.

“A Wiliot chip glued to a simple antenna printed on plastic or paper can authenticate the proximity of a product by transmitting an encrypted serial number along with weight and temperature data from a device the size of a postage stamp,” the company said in a press statement issued yesterday. 

By removing the need for most of the components traditionally associated with Bluetooth, it’s possible to reduce both sale and support costs significantly, according to Wiliot. 

In the real world, the tags supposedly have many use cases from business to consumer, including real-time tracking of goods through the manufacturing process, to the warehouse and from the store to the end consumer. The tags also offer opportunities to verify the successful delivery of goods and grey market verification.

The tags can also be used to tack valuables if they are lost or stolen and even communicate with connected washing machines to ensure whites never get mixed with colours using proximity sensors on all tagged items.

“We believe that disposable electronics based on battery-free, low-cost systems are the foundation for future IoT systems. We are on the edge of dramatically changing the way products are made, how they are distributed, where and when they are sold, and how they are used and recycled,” said Tal Tamir, Wiliot CEO and co-founder.

The technology may sound similar to RFID, a technology for which Wiliot already offers products, but the tags can deliver far more features than RFID, increasing their usability. 

The tags make use of recycled radiation to power themselves and can transmit information such as location, proximity, when they are picked up, their temperature or when the product they are attached to needs to e replenished. The product has “unlimited power and lifespan, so can be embedded inside of products that were previously unconnected to the Internet of Things,” Tamir added.