Sunday, 1 April 2018

Cryptojacking

You may not have heard the term Cryptojacking but it is one of the newest threats to your computer security. The good news is that it is not malicious in the sense that it won't destroy your data. The bad news is that it will most likely slow your computer down and decrease responsiveness of your system.

Cryptojacking is the use of your computer's processor (CPU) to mine crypto currencies (see my  article on crypto currencies for more info). The reason this has become such a big problem is because it is reasonably trivial for cryptojacking to occur. All it takes is for a website to load a piece of javascript through your web browser, and it will start the mining process. You will probably not even notice this initially. You can check if your CPU is spiking by opening the task manager in Windows (press ctl+shift+esc) and then click on the performance tab. If the CPU graph is showing a lot of activity then it is possibly a cryptojacking script. You can easily test web browser by going to https://cryptojackingtest.com. The site will attempt to load a cryptomining script on your web browser and will determine if your browser is vulnerable to these scripts. If your web browser is vulnerable, you can load an adblocker extension (such as ghostery ghostery.com or privacy badger eff.org/privacybadger). Test again once this is loaded to be sure it is effective. The Opera browser has built in protection for cryptojacking, so is another option.

It is not all bad news though, cryptojacking may become a useful alternative to web advertising. Instead of a site displaying ads, it may request CPU access while you are visiting the site. If this can be done in a way that obtains the reader's consent then this could be an ethical alternative to web advertising. At the moment, we are in the early stages of using this technology so it would be wise to protect your web browser from these scripts.

Thursday, 1 March 2018

Digital Self Defense

I watched a very interesting keynote speech recently by Pernille Tranberg and Steffan Heuer, authors of "Fake It!: Your Guide to Digital Self-Defense". They are journalists, so are familiar with information gathering techniques. The main thrust of their argument is that we are currently in an era where data about people is a commodity and companies are grabbing as much information about us as they can to build detailed profiles of our behaviours and preferences. They discussed how your digital identity needs to be managed in order for your privacy to be maintained. The presenters were referring to the digital persona we create online through platforms such as facebook, linkedin and other social media services.

These are publicly accessible trails of our lives, and while they may be useful tools for communicating with friends and family, the data that is able to be analysed can be very revealing. If you ever thought that you have nothing to hide, then take a look at the facebook information gathering tool stalkscan.com. This will show you everything that is publicly accessible in a person's facebook profile, from likes to posted photos, comments etc. It is in the interest of companies like facebook for individuals to have a casual attitude towards privacy, as this is the basis of the their business model. They commoditise your personal information so they can target advertising in a very specific way. Are we really prepared to give up so much information for these "free" services? We can compare attitudes towards the environment in the 1960s with today's attitude towards personal data access. It is somehow not part of our collective consciousness to be concerned about information privacy. Is this because people don't care or are simply not aware of how much information is being traded in these transactions? Would you be happy to hand over your mobile phone number when buying a groceries at a store? Most people would not like to give out this sort of information in real life but this is a common trade when using online services.

Not all is lost though as governments are realising the importance of this issue and the potential for abuse of our personal information. In Australia, the ACCC are running a digital platforms inquiry, which specifically looks at the issue of information gathering by these large corporations
(https://www.accc.gov.au/about-us/inquiries/digital-platforms-inquiry). In Europe, the EU General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 (www.eugdpr.org). This is the result of four years debate in the EU parliament and will bring into law the following protections for personal information: privacy laws will apply to companies that process information in the EU even if they are based elsewhere, penalties of up to 4% annual global turnover breaches of privacy, improvements to consent for use of personal information. In addition the following rights are being implemented: Notification of data breaches, Right to Access your personal information, Right to be Forgotten (data erasure) and Privacy by Design, a principle where platforms will build privacy into their products.

Until such time as governments can catch up with the information grab that is currently underway in the digital world, there are ways that you can defend yourself. A very thorough and useful guide can be found at the electronic frontier foundation's website ssd.eff.org. You can also get some tips from Pernille Tranberg and Steffan Heuer's website www.digital-selfdefense.com. If you would like to see their keynote speech on digital self defense go to https://youtu.be/VVibUH9Wm6w

Thursday, 1 February 2018

Real-time payments

The finance industry has been working on a platform to allow real time transfer of funds between bank accounts. Currently, payments can take a day or two to be received between different banks as they need to go through a clearing house to be processed. The New Payments Platform (NPP) has been developed by industry partners to enable real-time clearing of funds between banks. This has been under development since 2012, with the Reserve Bank aiming to achieve a real-time payment system by 2016. Last year the system was tested in a limited rollout to some financial services companies. One of the first companies to use utilise this platform is Bpay. They are rolling out a new payment service this year called Osko (https://www.bpay.com.au/osko). Individuals will be able to register their mobile number or email address with their bank which can be used as an identifier for payments to them. This will make it easier to know how to pay someone (no more bsb and bank account numbers required) and the payments can be made instantly at any time. There will be a 280 character limit for the payment description, which allows for more details to be included than is currently possible.

As the NPP becomes more widely available, companies will be able to use this for payroll and superannuation payments. This will enable payments to be received in near real time and allow documents to be included with the payments (such as payslips). Payments will no longer be restricted to  business hours, making it easier to achieve payment deadlines. This will depend on industry making the most of the NPP but this is likely to change how payments are made in Australia. Watch this space as things will be changing in 2018. For more details visit the New Payments Platform Australia website (https://www.nppa.com.au/)

Monday, 1 January 2018

Appy New Year

With Christmas and New Years celebrations over with, it is time to face the bill for the holiday excesses. For assistance with financial tasks, there is the Pocket Book app (https://getpocketbook.com). This Australian based app will help you manage your finances by linking to your banks accounts and automatically categorising your spending habits. It also has a budgeting function (called safely spend) to help you manage your cash flow. In addition, the app can notify you of upcoming bills so you can avoid late payment fees. The app is free which is nice, but also means that they use your information to make the app profitable. Their privacy policy (https://getpocketbook.com/privacy-policy/) states how they do this and if you are comfortable with sharing your information to gain access to the app then it is worth while.

If you need help with fitness goals this year then the My Fitness Pal app (https://www.myfitnesspal.com/) is highly recommended. This app makes it easy to keep track of your daily food intake. You can scan barcodes of packaged products using your phone or manually enter food portions that you consume. The app has a large database of food types and this is used to analyse the macro (carbohydrates, fats and proteins) and micro nutrients (vitamins and minerals) in your diet. The result is a comprehensive overview of not just calories consumed but also the nutritional value of your food. The app can also track exercise and show you a daily balance of the calories in versus the calories out. It integrates with activity trackers (such as Garmin or Fitbit) to determine how many calories you have expended. You can also track your weight and it will remind you to jump on the scales to keep track of your goals. The app is ad supported or you can buy a premium subscription, which also unlocks additional features. As always, check the privacy policy to ensure your are comfortable with how they use your information (https://account.underarmour.com/privacy?locale=en_US).

Good luck with your New Year's resolutions and hopefully these apps will make them easier to achieve.

Friday, 1 December 2017

Cryptocurrency

Cryptocurrency is the term used to described new forms of digital currency that can be traded on the Internet. The most popular of these is Bitcoin, which was founded in 2008. Other popular cryptocurrencies are Ethereum and Litecoin. The underpinning technology is called blockchain. This allows for transactions to be made using a ledger style system. All transactions can be viewed on the ledger, making it a transparent system. Each transaction has a digital fingerprint that can't be faked, and thereby making it a trustworthy system. Blockchain relies on decentralised processing by multiple computers using a peer to peer network, in much the same way that bittorrent shares files between computers. To perform a transaction using bitcoin, you will need a digital wallet. This is used to store your transactions and the private key, which is used to encrypt your transactions and verify your digital identity. It is the encryption that creates the trustworthy part of the system and is why these are called cryptocurrencies.

When a transaction is made, it is added to a block of transactions. Miners will mathematically verify this block and ensure it is consistent with the previous block in the chain (hence the term blockchain). The blockchain (or ledger) is verified through a mathematical fingerprint (hash). Each transaction has to be mathematically proven in order for it to be verified. This is called mining. Computers that perform the mining calculations are rewarded with bitcoins. The difficulty of the calculations (and as a result, the processing effort) increases as more transactions are made. This means more power is required to verify a block of the blockchain as the number of transactions increases. So mining was a lot easier a few years ago, but requires more processing today and is therefore a more expensive process.

You may have seen in the news that Bitcoin has been reaching an all time high value. Currently it is sitting over US $10,000 per bitcoin. The cryptocurrency has gone through an exponential increase in value since 2016 when it was sitting at around US$500 per bitcoin (https://www.investing.com/currencies/btc-usd). This rapid rise can lead to swings in value as investors seek to profit and others are driven by FOMO (fear of missing out). Economists have seen this behaviour before (in the dotcom craze) and warn that this can lead to a bubble in the market. As more investors seek to buy the cryptocurrency, its value will rise, as there are only 21 million bitcoins that can be traded. The fundamental value of using a cryptocurrency is yet to be proven and only when there is mainstream support for using the cryptocurrency can it become truly useful. Some retailers are starting to offer payment with bitcoin (or other cryptocurrencies) but this is limited to a small part of the market. There is history of bitcoin trading sites getting hacked or the founders embezzling the funds. As usual it pays to be cautious when dealing with your hard earned cash. The largest trading site is coinbase.com

There are clear benefits in using a distributed transparent and trustworthy ledger system. From a banking perspective this could simplify and minimise the cost of interbank transfers. Currently it can take days for money to transfer between banks, with a block chain system this could be completed in a matter of seconds. This leads to benefits in time for the customer and cuts down on fees for the bank. There is no doubt banks are looking to use this technology but it can also be a digital disruptor to their way of working as the threat of cryptocurrencies becoming legitimised grows. For more information about cryptocurrencies take a look at the articles at www.coindesk.com/information/

Wednesday, 1 November 2017

GSuite for Small Business

Last month I wrote about Microsoft's Office 365 cloud offering for small business. Google also offer similar services with their GSuite products, which includes, email, calendar as well as apps for documents (Docs), spreadsheets (Sheets), presentations (Slides), file storage (Drive) and video conferencing, amongst many other apps. The main difference is that Google is a cloud based company first and foremost, so their services are delivered with Cloud and mobile access at their core. Google Drive operates similar to Dropbox, where files are synchronised from your local device to the cloud and back to other devices you have connected to it. You can also create a shared space where team members can share files. This is called Team Drive.

GSuite allows collaboration and sharing between members of the same organisation. Pricing is based on a monthly user subscription and the Business plan is currently $10/user per month (https://gsuite.google.com.au/pricing.html). For a small business. this is a quick way to get the services needed to run a business available, with little up front cost. The Office apps are cloud based, so do not offer as many functions as the Microsoft desktop apps, although they are compatible with the Microsoft formats. If you want the advanced functionality of Microsoft Office apps, you can either buy the Microsoft suite and still use the storage with Drive, or go with the Office 365 subscription mentioned last month. You will get similar services either way, it depends what you are familiar with.


For more information on GSuite take a look here (https://gsuite.google.com.au/).

Wednesday, 4 October 2017

Office 365 for Small Business


If you have a small business and want a more professional digital image, such as your own email domain e.g. myname@mybusiness.com.au, then you may want to consider using Office 365. The benefits of using Office 365 are enterprise level email service, team collaboration through Sharepoint document management as well as video and audio conferencing through Skype for Business and Microsoft Teams. Office 365 allows small businesses to use these enterprise level services without requiring the on premise setup of servers and equipment as these are all provided from the Cloud (using Microsoft's services). You will still need your own PCs or tablets to use these services, as well as a reasonable internet connection.

Office 365 plans are based on a subscription model and are charged per user per month. The cost will vary according services provided and the following plans are suitable for small businesses:
  • Business ($7.04/user/month) - Office apps, cloud file storage and sharing. No email.
  • Business Essentials ($13.20/user/month) - Email, cloud file storage and sharing. Video and audio conference through Skype for Business. No desktop office apps provided. 
  • Business Premium ($17.49/user/month) - Includes essentials services plus the office apps. 
Note that pricing is based on a user per month but is billed annually. A pro rata monthly rate will be slightly more expensive (https://products.office.com/en-au/compare-all-microsoft-office-products?tab=2).

Just another note on email usage. A user can have multiple email addresses (e.g. info@mybusiness.com.au, accounts@mybusiness.com.au), but all emails will go to one mailbox. It is possible to have multiple business domains E.g. myname@business1.com.au and myname@business2.com.au, but sending from both requires a bit of finessing, but is possible. If you want to keep the emails in separate mailboxes then you will need a subscription for each mailbox.

There are many benefits for small businesses to use the subscription service. Access to enterprise level services at a fraction of the setup costs are a good deal. Note that the initial setup may require a professional to configure, but once setup, should be relatively easy to maintain.