Your phone is tracking your every move

Your phone can reveal all of your physical activities to Google and the apps you use.

The sensors inside it can monitor, understand and disclose your real-world movements, based on what’s happening to the phone itself.

It can tell, for instance, if you’re standing up, or if you’ve just lifted your phone off a desk, or if you’ve started
walking.

An Android permission called “Activity Recognition”, which was discussed on Reddit and highlighted by DuckDuckGo last week, makes it much easier for developers to work out what you’re doing at any one time.

Shazam and SoundHound request the permission, but it isn’t completely clear why.

Though Activity Recognition isn’t new, the reaction to the Reddit and DuckDuckGo posts suggests a lot of users are unaware of it.

“The Activity Recognition API is built on top of the sensors available in a device,” says Google.

“Device sensors provide insights into what users are currently doing. However, with dozens of signals from multiple sensors and slight variations in how people do things, detecting what users are doing is not easy.

“The Activity Recognition API automatically detects activities by periodically reading short bursts of sensor data and processing them using machine learning models.”

Activity Recognition can tell developers when your phone is: in a vehicle, such as a car; on a bicycle; not moving; being tilted, due to its angle “relative to gravity” changing; on a user who’s walking or on a user who’s running.

It can even tell when you’re doing more than one thing at once, such as walking while being on a bus.

The API automatically gives its findings a likelihood rating out of 100. The higher the number, the more confident it is that you’re actually doing what it believes you’re doing.

This information is fed to the apps you’ve granted the Activity Recognition permission to.

“A common use case is that an application wants to monitor activities in the background and perform an action when a specific activity is detected,” says Google.

For instance, an app can automatically start monitoring your heartbeat when you start running, or switch to car mode when you start driving.

Though it can prove useful, it also sounds somewhat creepy.

The fact that Google categorises buries it in the “Other” category of permissions and doesn’t let you deny or disable it doesn’t help matters.

Google keeps a complete list of almost everything you’ve looked at, and what’s more, the company has made it difficult to find out which apps ask for the permission.

Right now, the only way to find out is by checking out each of your apps’ permissions one-by-one, by going to Settings, Apps, tapping an app, hitting the menu button and selecting All Permissions. It’s a slow and laborious process.

If you’re particularly concerned about Activity Recognition, it’s worth going through the effort and uninstalling any of you apps that request the permission, for peace of mind.

What can you do about Activity Recognition?

  • Read app permissions closely when you install a new app
  • Go into settings on your phone and read each existing app’s permissions
  • Delete apps that require Activity Recognition permissions

By Aatif Sulleyman for The Independent 
Image credit: Reuters

The end of the age of e-mail

E-mail and I were born at roughly the same time, and like me, it’s beginning to show its age.

ARPANET contractor Ray Tomlinson is credited with sending the first mail – to himself – around 1971. He can’t even remember what it said. “Most likely the first message was QWERTYIOP or something similar,” he’s been quoted as saying.

Tomlinson’s innovation was to allow mail to be sent to users of computers on the ARPANET; he also chose the ‘@’ sign. Forty-six years later, we’re still @ it, but some bad habits, especially in organisations, seem to have crept in along the way.

Such as checking your mail. Too often.

Or using your inbox as a planning tool.

Or using e-mail as a substitute for the telephone.

And don’t even mention the tyranny of the out-of-office reply.

By some estimates, we spend a quarter of our day dealing with e-mail, and what with all this time spent on it, it still sort of works, such as when the boss sends out a company-wide announcement, or you need to communicate with clients.

E-mail is indiscriminate. Because it’s the de facto means of communication, everything is included, and it’s only after a healthy dose of deletions that you can really get down to work. Not to say a WhatsApp group is any better; there always seems to be at least one loudmouth.

But e-mail doesn’t work very well when you have a large number of people attempting to get something done, and this is where the tools known as workstream collaboration (WSC) come in. Here, communication is based around a task, which cuts the noise to a steady hum of productivity.

According to Gartner, this market is going to achieve a compound annual growth rate of 96%, reaching about $4 931 billion by 2021, up from about $171 million as of last year.

According to the research house, WSC creates a ‘persistent, shared, conversational workspace that assists teams with initiating, organising and completing work’. All this is achieved through messaging, alerts, activity streams and content sharing, among other things.

It’s not going away

But that still doesn’t mean that e-mail is dead, even if many WSC vendors will have you believe it.

E-mail, says Gartner, still represents the standard – though inefficient – channel for fulfilling work.

“Even if WCS tools are widely adopted, Gartner believes e-mail will continue to be a mission-critical application.”

Muggie van Staden, the MD of open source solutions provider Obsidian Systems, says everyone is getting too much e-mail, and there are more effective ways of communicating. “There’s going to be a movement soon where people are going to stop replying to e-mails, and say, ‘If you’re not connected with me on other platforms, don’t expect a reply’.”

Van Staden’s company is a solutions partner for Atlassian, which makes collaboration tools for, among others, software developers.

Since its beginnings in 2001, Lisa Schaffer, Obsidian Systems’ principal Atlassian consultant, says Atlassian has ‘eaten its own dogfood’, and they ‘understood the pains customers would have gone through’. These customers are most of the big banks and insurance companies, as well as business, finance and marketing teams. Even stockbrokers are all using the software, says Schaffer.

Companies that use Atlassian tools also end up sending fewer e-mails, she says. “You’re all working in the same space, chatting about the same things. With (another Atlassian tool) HipChat, you can quickly spin up a room and talk about the day-to-day operational stuff without having to send an e-mail.”

Earlier this year, Atlassian bought Trello, a project management app, for $425 million.

Mail trail

Schaffer says when she’s training people to use Atlassian, she suggests they use Jira, because there’s an audit trail.

“For every conversation you have around a piece of work, it will be kept within that piece of work.” This means people aren’t searching their e-mail inbox, trying to fi gure out where the mail trail started.

“If somebody changed the subject header, all of a sudden, that mail no longer belongs to that group of mails.”

Schaffer says e-mail isn’t dead, “but our clients are moving away from e-mail as a form of collaboration. They’re using tools to collaborate.”

E-mail, too, is useful for external communication, such as when a customer wants information about a product, or when you’re dealing with suppliers.

Before sending a mail, Schaffer says she’ll first go to a company’s website to see if she can find the information she’s looking for.

“I don’t think South Africa has caught on to the fact that your website is now your reception area. And if more people spent some money and time getting their websites up and running, that would reduce the amount of e-mails and phone calls they’d get.

“We’re into an age of self-service, but some people are in denial.” Schaffer says companies are realising that they can’t take a whole year to deliver value.

“My customers want value now. We live in a society of instant gratification. This is why agile is such an important part of software development because you can deliver a portion of value to your customers. They may not have the entire Ferrari, but at least they can look at the body.”

Nick Bell, the CEO of Decision Inc, a management consultancy, says increasing clients’ productivity has been a big part of their business this year.

Organisations create a lot of communication, says Bell, and if they’re able to simplify it using technology, “it generally makes it a thousand times easier for the person on the other side who has to engage the process?”

Even going on holiday becomes stressful because you know that you’re going to come back to 500 messages.

There’s also the assumption that everything needs to be done quicker, because ‘we’re a lot more impatient than we were historically’.

“Instant access and speed have become a very big part of everybody’s conversation about their business.”

Bell says Decision Inc still uses e-mail, and it’s still a large part of client communication. Some teams use Slack, and when the company moves to new offices in January, they’ll be using Skype for Business. It also makes use of WhatsApp groups when running large projects with clients, because this means more people can get visibility into the job at hand.

If you’re fortunate, the nature of work is also becoming more collaborative.

“In the old days, everyone was locked in their office with the door closed. Now we want teams near one another, so rather than the traditional inefficiency of sending an e-mail and waiting for a response, you can collaborate and communicate with the person and get the answer immediately.”

Bell says many people are overwhelmed by the number or e-mails they get every day.

“Even going on holiday becomes stressful because you know that you’re going to come back to 500 messages.

“We’ve got to get out of that particular way of working.”

By Matthew Burbige for Brainstorm

How the gig economy could shake up employment law

The gig economy has taken over the world, with most people not fully realising its impact. Put simply, the gig economy is a labour market characterised by freelance, flexible, on-demand work rather than the more traditional nine-to-five working model. Instead of being paid a regular salary, workers are paid for each “gig” they do, such as a car journey, food delivery or a cleaning job.

Typically, workers in the gig economy find jobs by registering on websites or apps and signing up for what they want to do. Around 15.6% of the UK’s workforce make up the gig economy. The figure is 34% in the US and expected to rise to 43% by the year 2020. South Africa will, no doubt, follow suit.

The major difference between the gig economy and traditional freelancing or contractual work is the flexibility and transparency that go with it. Gig freelancers can work from wherever they like, whenever they like and for whomever they like.

Timing of jobs is more spontaneous, and apps and websites now automatically connect people to deliver on requirements in real-time.

The major difference between the gig economy and traditional freelancing or contractual work is the flexibility and transparency that go with itBut how many of these gig workers prefer the work to permanent employment, and how many simply cannot find better pay or jobs elsewhere? With South Africa still recovering from recession and an unemployment rate of 27.7%, there’s no doubt that a lot of these “gigs” are performed because there is nothing better out there.

While some may argue that the gig economy empowers entrepreneurs, others argue that it is purely another means of exploiting workers. In most countries, only employees are entitled to the protection of employment legislation, such as being protected from unfair dismissal, and receiving minimum basic benefits such as holiday pay, sick leave and minimum working hours. Independent contractors are not offered such protection and their recourse is limited to what is contained in their service contracts.

UK test case
Last year in the UK, an employment tribunal ruled that Uber drivers are “workers”, and not self-employed contractors as their contracts stipulated. Uber has always maintained that it does not employ any drivers or own any cars. Instead, it provides the technology platform that enables the connection between driver and passenger. In the court case, judges held that the drivers are workers and should be given a basic set of rights under the law, including a national minimum wage. Uber appealed against this ruling, which was heard in September. A ruling is yet to be handed down.

In South Africa recently, the Commission for Conciliation, Mediation and Arbitration (CCMA) issued a ruling that seven Uber drivers who had been “deactivated” from the Uber platform and had subsequently referred unfair dismissal claims to the CCMA were not independent contractors but must be considered employees. This means these drivers are given employee protection in terms of the Labour Relations Act and the Basic Conditions of Employment Act. Uber South Africa has appealed the ruling and is currently awaiting judgment.

British prime minister Theresa MayWith the new world of work and the rise of the gig economy, the line between who is an employee and who is not is becoming increasingly blurred. But will this change how our courts view these types of workers in the future?

Seeming to shed light on this topic in the UK, the Taylor Review of Modern Working Practices was released in July this year with the hope of addressing the widespread deprivation of employment rights in the gig economy. Prime minister Theresa May had requested Matthew Taylor, chief executive of the Royal Society for the Arts, to conduct an independent review into how employment practices in the UK need to change to keep pace with modern business models.

Interestingly, the Taylor Review suggests that the UK government create a new category of worker, the “dependent contractor”, that sits between contractors and those in full employment, and brings with it some benefits and wage protections. It also called for the employment status to have a clearer definition that better reflects the reality of modern working arrangements.

Recommendations
Here are some of the review’s recommendations to the UK government in relation to gig workers:
It should develop legislation and guidance that adequately set out the tests that need to be met to establish employee or “dependent contractor” status.The national minimum wage legislation should be updated so that “dependent contractors” receive at least the national minimum wage, but on a piece-rate basis.

Under these rules, a gig company would have to demonstrate through its data that at times of normal demand, an average person could earn 20% more than the national minimum wage. However, if that person chose to work at a time of low demand, he or she might not earn the minimum wage; the company would have to use its real-time data to warn them of this in advance.

Government should provide maximum clarity on status and rights for all individuals, by extending the right to written particulars to all in employment. At the moment, employers only need to provide a written statement to employees that outlines their employment terms and conditions from the first day of employment. Workers are not entitled to such a statement.

The Taylor Review received a mixed response in the UK. While some have welcomed some of the proposals and agree that current legislation is no longer fit for purpose and needs updating, others have concerns that some of the proposals will materially increase costs and administration for employers.

The UK government will engage with stakeholders across the country before publishing a full response to the review later this year.

Although there are no immediate plans to revise the legislation to accommodate the gig economy, only time will tell as to whether or not a similar approach will be considered in South Africa.

By Amanda Arumugam for Tech Central

Hackers, trolls and other tech nightmares of 2017

Remember last year, when Samsung Galaxy Note 7 devices were blowing up in people’s pockets, on nightstands and even on a commercial airplane?

That seemed like a tech nightmare for the ages. Turns out that was nothing compared to what’s happened in 2017 — so far.

No, the terminators haven’t come for us yet, though Saudi Arabia did just grant citizenship to a robot named Sophia that literally said it would kill human beings. But it still feels like we’re in some weird alternate dimension filled with a steady stream of shocking revelations, from massive government hacking programs to troll armies ruining people’s lives to the Russian government using Facebook and Twitter to interfere in last year’s presidential election.

Don’t bother pinching yourself. It’s all real. Here’s a quick recap of the year’s most gruesome tech tales.

Nonstop hacking
You’d think mega-corporations with everything to lose from a massive hack would do anything they could to prevent attacks. Think again.

Equifax, the data collection company that has your financial information whether you want it to or not, announced in September that more than 140 million people’s information had been compromised. That includes names, addresses, Social Security numbers, bank info and so on.

Worse, it turned out that Equifax knew about the hack for weeks before telling us. And when it did, the company set up a terrible website, filled with security problems like poor passwords. And, ultimately, the site itself was also hacked.

If you think these were well-meaning mistakes and not selfish blundering, keep in mind that two high-level Equifax executives sold stock just before the announcement.

It’s no wonder Equifax CEO Richard Smith suddenly retired. But don’t worry, he made out with a pay package worth as much as $90 million.

Yahoo, already synonymous with embarrassing cybersecurity failures after revelations in 2016 that the accounts of 1 billion users had been compromised, saw Equifax’s screw-up and said: We can top that.

Yahoo’s new owner, Verizon, admitted earlier this month that the attack was even worse than we thought. It turns out every single one of the 3 billion accounts in Yahoo’s system had been compromised. All of them.

That cackling you hear? That’s former CEO Marissa Mayer, who still got her golden parachute worth more than $23 million.

Oh, and if that’s not enough to keep you up at night, we learned from a cache of documents leaked from the Central Intelligence Agency that, among other things, the government could be using our TVs to spy on us. That’s right out of the plot of George Orwell’s dystopian classic, “1984.”

Trolls taking over
Internet trolls have been having one of their best years, and politicians have finally taken notice.

Congress is summoning Google, Twitter and Facebook to Capitol Hill to talk about how their online services were used by the Russian government to interfere in the US presidential election. The meetup is starting on Halloween and continues Wednesday. Do you have your Thriller popcorn yet?

The specter of Russian interference in the 2016 presidential election has forced the once-high flying tech industry back to Earth. Facebook CEO Mark Zuckerberg has faced repeated questions after he initially dismissed concerns about Russian meddling. Twitter, meanwhile, last week began banning ads from Russian-linked sites.

Did we all dance a collective time warp back to the days of the cold war?

Unfortunately, Russia isn’t the tech industry’s only problem.

Nonstop vicious and all-encompassing online harassment was another theme this year, due in some part to the troll armies that supported Donald Trump during his rise to the presidency. Twitter has declined to have its CEO, Jack Dorsey, answer even basic questions to reporters about the service’s handling of harassment among its 330 million tweeters, leading to additional pressure for the company to meaningfully change its policies.

Fake news
What, you thought we were done talking about trolls?

Maybe the most depressing part of 2017 was how much of it we spent debating what facts even are. With some people calling real stories fake and fake conspiracies real, the tech industry has been under increasing pressure to solve the problem.

And right, these companies should. After nearly a year of nonstop drumbeat debate and promises to better weed out hoax stories, the computer programs that highlight “news” on Facebook, Twitter and Google failed during the October shootings in Las Vegas. Trolls published tweets purporting to be the shooter or missing persons even as hoax stories and irresponsibly reported pieces that misidentified the shooter were prominently displayed on Google and Facebook.

So far, Facebook and a few others have promised changes, like beefing up the teams of people who monitor bad behavior on their services. They’ve also vowed to more carefully monitor ads so they don’t give a platform to misleading info.

It’s all enough to keep me quaking in my boots until 2018.

It can’t get any worse. Right?

By Ian Sherr for CNet

5 of the biggest South African start-up deals of all time

In early October, Cape Town GetSmarter concluded a $103-million (R1.4-billion) sale to US-based technology firm, 2U, making it one of the most valuable start-ups in the South Africa’s history.

The deal, which is believed to be the biggest ever for a South African edtech company, was first announced in May, and further bolsters Cape Town’s position as a leading technology hub in the country.

As not all sale prices are reported directly, it is difficult to say exactly how GetSmarter fits in compared to South Africa’s other most valuable start-ups, but it appears that the record still belongs to Mark Shuttleworth’s Thawte which sold for $575 million in 1999.

This is also the closest the country has come to having its own “unicorn” evaluation – a company valued at $1 billion, according to Jason Levin, author of a June report on the state of start-ups in the country.

“The total value of all the tech and innovation startups in Joburg and Cape Town together, is about $1.5 billion: a similar size to Melbourne’s, smaller than Lagos’, and half the size of Sao Paolo’s, said Levin.

He confirmed that Mark Shuttleworth’s Thawte is the start-up that has come the closest (its 1999 price tag of $575 million equates to about $850 million in modern money).

However South Africa has also lost out on start-ups which have chosen to move their business out of the country, said Levin.

“Mimecast, founded by South Africans Peter Bauer and Neil Murray, is a unicorn with a current market cap of $1.2 billion – but was created in 2003, a year after the pair left the country.”

BusinessTech looked at some of the other companies which have come close to this “mythical” evaluation.

Thawte – $575 million (sold in 1999)

While perhaps best known as the first South African in space, Mark Shuttleworth first made headlines for his 1999 sale of online security firm, Thawte, to Verisign for $575 million.

Run from Shuttleworths parent’s garage, Thawte was originally aimed to produce a secure server not fettered by the restrictions on the export of cryptography which had been imposed by the United States.

Using a “web of trust” model, Thawte would issue free email certificates, while the person’s identity was assured by meeting face-to-face with one or more “Thawte Notaries” who needed to see identification and keep a copy of it.

Kapa Biosystems – $445 million (sold in 2015)

Kapa Biosystems, co-founded by Trey Foskett, Paul McEwan, Ron McEwan and Chris McGuinness in 2006, pioneered the use of directed evolution to develop a suite of high-performance reagents for a range of life science applications

Their products are used by thousands of scientists around the world and cited in more than 4,000 peer-reviewed publications.

They are continuing to develop innovative solutions that accelerate genomics research that can impact the future ability to diagnose, monitor and treat cancer and complex inherited and infectious diseases.

Kapa Biosystems was bought by Roche, a Swiss multinational healthcare company, for $445 million in 2015.

GetSmarter – $103 million (sold in 2017)

GetSmarter provides short, competency based online courses to working professionals around the world in collaboration with leading universities.

Founded by brothers Rob and Sam Paddock, 2U entered an agreement to acquire the startup for approximately $103 million, with an earn-out payment of up to $20 million in cash.

It has served more than 50,000 students since inception, with course completion rates averaging 88%.

GetSmarter’s portfolio includes over 70 courses offered with its university partners, and operates under a revenue share model with the universities.

Fundamo – $110 million (sold in 2011)

Fundamo’s platform enables the delivery of mobile financial services to unbanked and under-banked consumers around the world—including person-to-person payment, airtime top-up, bill payment and branchless banking services.

The company’s vision is for a truly connected financial services ecosystem that supports the ubiquity of mobile devices.

Fundamo had some 50 deployments in over 40 countries, including 27 countries in Africa and the Middle East and another 10 globally.

Prior to its sale, Fundamo was privately held by a group of investors in South Africa that included Sanlam, Remgro Limited, and HBD Venture Capital.

Nimbula – $110 million (sold in 2013)

In March 2013, Oracle announced it has agreed to acquire Nimbula, a provider of private cloud infrastructure management software.

Nimbula’s technology helps companies manage infrastructure resources to deliver service, quality and availability, as well as workloads in private and hybrid cloud environments.

It was founded in late 2008 by Chris Pinkham and Willem Van Biljon, who had developed the Amazon Elastic Compute Cloud (EC2).

Source: Business Tech

Revealed: the real source of SA’s massive data breach

The largest data leak recorded in South Africa has been traced to a Web server registered to a real estate company based in Pretoria.

Table headings from the data leaked are as follows:

  • NEW_IDN
  • TITLE
  • FIRST_NAME
  • SURNAME
  • DECEASED_STATUS
  • CITIZENSHIP
  • GENDER
  • AGE_GROUP
  • POPULATION_GROUP
  • LOCATION
  • MARITAL_STATUS
  • LSM_GROUP
  • ESTIMATED_INCOME
  • HOMEOWNERSHIP
  • DIRECTORSHIP1
  • CIV_NET
  • MOST_RECENT_PHYSICAL_ADDR_LINE1
    MOST_RECENT_PHYSICAL_ADDR_LINE2
    MOST_RECENT_PHYSICAL_ADDR_LINE3
    MOST_RECENT_PHYSICAL_ADDR_LINE4
  • MOST_MAIL_PHYSICAL_ADDR_LINE1
    MOST_MAIL_PHYSICAL_ADDR_LINE2
    MOST_MAIL_PHYSICAL_ADDR_LINE3
    MOST_MAIL_PHYSICAL_ADDR_LINE4
    MOST_RECENT_POSTAL_ADDR_LINE1
    MOST_RECENT_POSTAL_ADDR_LINE2
    MOST_RECENT_POSTAL_ADDR_LINE3
    MOST_RECENT_POSTAL_ADDR_LINE4
  • CELL_1
    CELL_2
    CELL_3
  • WORK_1
    WORK_2
    WORK_3
  • HOME_1
    HOME_2
    HOME_3
  • EMAIL_1
    EMAIL_2
    EMAIL_3
  • OCCUPATION_1
    OCCUPATION_2
    OCCUPATION_3
  • EMPLOYER_1
    EMPLOYER_2
    EMPLOYER_3
  • PROPERTY_1_TRANSFER_DATE
    PROPERTY_ID10
    PROPERTY_1_PROVINCE
    PROPERTY_1_TOWNSHIP
    PROPERTY_1_ERF_NUMBER
    PROPERTY_1_UNIT_NUMBER
    PROPERTY_1_SALES_PRICE
    PROPERTY_1_BOND_AMOUNT
    PROPERTY_1_BOND_HOLDER
    PROPERTY_1_TITLE_DEED
  • PROPERTY_2_TRANSFER_DATE
    PROPERTY_2_PROVINCE
    PROPERTY_2_TOWNSHIP
    PROPERTY_2_ERF_NUMBER
    PROPERTY_2_UNIT_NUMBER
    PROPERTY_2_SALES_PRICE
    PROPERTY_2_BOND_AMOUNT
    PROPERTY_2_BOND_HOLDER
    PROPERTY_2_TITLE_DEED
  • PROPERTY_3_TRANSFER_DATE
    PROPERTY_3_PROVINCE
    PROPERTY_3_TOWNSHIP
    PROPERTY_3_ERF_NUMBER
    PROPERTY_3_UNIT_NUMBER
    PROPERTY_3_SALES_PRICE
    PROPERTY_3_BOND_AMOUNT
    PROPERTY_3_BOND_HOLDER
    PROPERTY_3_TITLE_DEED
  • PRIMARY KEY (NEW_IDN’)
  • KEY MOST_RECENT_PHYSICAL_ADDR_LINE3’ (MOST_RECENT_PHYSICAL_ADDR_LINE3’)
  • KEY PROPERTY_1_TOWNSHIP’ (PROPERTY_1_TOWNSHIP’)
    KEY PROPERTY_2_TOWNSHIP’ (PROPERTY_2_TOWNSHIP’)
    KEY PROPERTY_3_TOWNSHIP’ (PROPERTY_3_TOWNSHIP’)

“Whois lookup” information points to Jigsaw Holdings, a holding company for several real estate franchises, including Realty1, ERA and Aida. The misconfigured website had exceptionally lax security, and until recently allowed anyone with a small amount of technical knowledge to view or download any of the 75-million database records held there. More than 60-million of those records consisted of the personal data of South African citizens.

Contacted by TechCentral for comment on Wednesday morning, Jigsaw management requested time to investigate the issue, and on Wednesday evening neither the company nor its legal counsel was contactable.

It appears that Jigsaw had been using this data, which was likely sourced from credit bureaus, to provide a service to its estate agentsWhen the news of the huge trove of personal information was shared by information security researcher Troy Hunt on Tuesday, the initial response was that there had been a hack. But it seems that hacking wasn’t required: the information was easily available on an open Web server. Direct access to the server, had at the
time of writing late on Wednesday afternoon, been secured.

It appears that Jigsaw had been using this data, which was likely sourced from credit bureaus, to provide a service to its estate agents. Presumably this was to allow the agents to vet prospects, and get contact information for leads. It is questionable whether a real estate company should be hosting this volume of information and it is unclear what the original source of the data was.

The company initially fingered for the breach in some online articles, Dracore Data Sciences, is innocent. Initial circumstantial evidence linking the company based on some common headers on one of their own websites seems to be coincidence. Although Dracore may have been a data “enricher” for the company that leaked the data, it doesn’t seem likely that they had anything to do with the leak, and Dracore is adamant that it’s not involved.

Popi Act
Poor information control, as in this case, is one of the reasons for the introduction of the Protection of Personal Information (Popi) Act. And, had the act been fully implemented, a negligent company could be liable to up to R10-million in fines and negligent company officers jailed for up to 10 years. The ramifications of this breach probably won’t be as dire. Anyone who suffers damages due to the release of the data would have to sue for damages under common law, something that is quite difficult and complex to do.

Chris Basson, from Eighty20 business consultancy, put it like this: “Without making too many assumptions, we can say that the people responsible for building a solution which provides such uncontested access to personal information, had no business having the data in the first place.”

The credentials for these entry points were leaked via error messages from another site, and they appear to be re-using the credentials everywhere.

Basson argued that one should look beyond the ineptitude of the people who made the information so easily available, and rather ask the question: “Who was the idiot that gave them access to the data in the first place?”
The security missteps are egregious and, according to infosec consultancy SensePost’s Willem Mouton, showed an “overall lack of security awareness”.

“From a development perspective, the websites appear to be vulnerable to SQL injection… [and]… in terms of deployment, having database interfaces open to the Internet provide entry points.”

He pointed out that while examining the site, SensePost noticed that “the credentials for these entry points were leaked via error messages from another site, and they appear to be re-using the credentials everywhere”.
These leaked credentials allowed for full administrator privileges in the database, and in fact allowed full administrator access to all the databases on the server. To make matters worse, the personal data was contained in a single database in clear text.

Mouton also noted that it was concerning that nobody noticed the large volume of data leaving the network. “Multiple people pulled a 30GB file, and nobody noticed.”

He said verbose error messages and indexable Web directories were a boon to anyone who wished to hack the server.
Unfortunately, for South Africans whose personal information is now widely available, there isn’t much that they can do other than increase their vigilance for any attempts at identity theft.

By Andrew Fraser for Tech Central; PasteBin

85% of FNB customer interactions are digital

The vast majority of First National Bank’s (FNB’s) customer interactions are via digital platforms, with only 1.2% still happening face-to-face in branches.

This is according to Christoph Nieuwoudt, FNB consumer segment CEO, who says in 2016, FNB customers had over 10 billion interactions with the bank, of which only 120 million were face-to-face.

The bank says roughly 8.5 billion (85%) of interactions were purely through digital channels and the rest via point-of-sale (card swipes or online purchases) and ATM transactions.

“The number of FNB customer interactions has tripled since 2010, growing at more than 20% per annum every year, based on the growth in digital channels. Meanwhile, at branches, customers are making significant use of in-branch digital zones,” adds Nieuwoudt.
“One thing we can all agree on is that digital progress is inevitable.”

He says the implications of the use of technology by society are immensely profound, with terms such as “The Second Machine Age” or the “Fourth Industrial Revolution” being used to give this evolution a name.

“The reasons for the growth and migration of volumes to digital are obvious as almost every customer knows they can do basically any payment transaction, account or card service function and get most products…via the FNB app, online or cellphone banking,” he says.

However, Nieuwoudt says this does not mean branches will go out of business. He notes branches and branch personnel are no less critical than before, but their role has changed from performing transactions to re-focusing on sales and advising customers on how to bank.

“In spite of the powerful digital technology, today the bulk of banking consumers still want to talk to someone when opening a new account and even for most product categories.

“Additionally, consumers often need help with the new technology, even just to get going and start using it.

“In most cases, branches can be much smaller, but with more room for digital zones and self-service devices such as ATMs and ADTs (deposit-taking machines). This journey is not unique to banking – virtually every sales or service business is or will be going through some elements of digital transformation.”

Nieuwoudt also says that today only a very small percentage of credit decisions are made by people – rather statistical models are used to make fully automated decisions instantly at low cost and with accuracy not achievable by a person.

“This means your risk profile and behaviour determines your loan size and pricing. Importantly, technology has helped reduce fraud loss rates for card and digital transactions,” concludes Nieuwoudt.

Source: IT Web

Gmail add-ons launched

Google has launched Gmail add-ons, a new way to work with business apps in Gmail.

Gmail add-ons make it possible to use apps within Gmail, removing the need to toggle between your inbox and other apps.

“With Gmail add-ons, your inbox can contextually surface your go-to app based on messages you receive,” said Google.

Google said that because add-ons work the same across web and Android, you only need to install them once to access them on all devices.

“Click the settings wheel on the top right of your inbox and then Get add-ons to get started.”

Source: MyBroadband

Details of the super-rich exposed by hackers

A leading offshore law firm with clients including the super-rich and international corporations has revealed it suffered a “data security incident” that may result in customers’ private information being leaked.

Bermuda-based Appleby, which has offices in a number of British overseas territories, said some of its data had been “compromised” in the 2016 cyber incident.

The firm issued a statement after it was contacted by a group of investigative journalists probing allegations concerning its “business and the business conducted by some of our clients”.

Without specifying, Appleby said it had taken the allegations “extremely seriously” and after investigating the claims itself concluded “there is no evidence of any wrongdoing, either on the part of ourselves or our clients”.

According to a report by the Daily Telegraph, a number of media organisations are preparing to release details of the leaks over the coming days.

Appleby said: “We are an offshore law firm who advises clients on legitimate and lawful ways to conduct their business.

“We do not tolerate illegal behaviour. It is true that we are not infallible. Where we find that mistakes have happened, we act quickly to put things right and we make the necessary notifications to the relevant authorities.

“We are committed to protecting our clients’ data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised.

“These arrangements were reviewed and tested by a leading IT forensics team and we are confident that our data integrity is secure.”

The firm said it was “disappointed” that the media may choose to publish material “obtained illegally” and warned that it may result in “exposing innocent parties to data protection breaches”.

According to Appleby’s website, its experts advise global public and private companies, financial institutions, and “high net worth” individuals.

A profile on Chambers and Partners says its clients include financial institutions, FTSE 100 and Fortune 500 companies.

Through offices in Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, the Isle of Man, Jersey, Mauritius and the Seychelles, it helps clients “achieve practical solutions, whether in a single location or across multiple jurisdictions”.

The company, which was named offshore firm of the year by Legal 500 UK in 2015, also has a presence in Hong Kong and Shanghai.

The cyber security incident has emerged around a year after a trove of private financial information relating to hundreds of individuals, including celebrities and high-profile public figures, known as the Panama Papers was stolen from legal firm Mossack Fonseca.

By Ryan Wilkinson for The Independent 

Amazon looks to access consumers’ houses

Amazon has announced Amazon Key, a lock and camera system that users control remotely to let delivery associates slip goods into their houses.

Customers can create temporary passcodes for friends and other services professionals to enter as well.

The move may help Amazon capture sales from shoppers who can’t make it home to receive an order in person, and don’t want the package stolen from their doorstep.

Amazon has announced Amazon Key, a lock and camera system that users control remotely to let delivery associates slip goods into their houses.

Amazon Prime members can pay $249.99 (£190) and up for a cloud-controlled camera and lock that the company offers to install.

Delivery associates are told to ring a doorbell or knock when they arrive at someone’s house.

If no one greets them, they press ‘unlock’ in a mobile app, and Amazon checks its systems in an instant to make sure the right associate and package are present.

The camera then streams video to the customer who remotely can watch the in-home delivery take place.

The associate cannot proceed with other trips until the home is again locked.

It is unclear if such protections will persuade customers that the service is safe to use.

‘This is not an experiment for us,’ said Peter Larsen, Amazon vice president of delivery technology, in an interview.

‘This is a core part of the Amazon shopping experience from this point forward.’

Members of Amazon’s Prime shopping club can pay $249.99 (£190) and up for a cloud-controlled camera and lock that the company offers to install.

Delivery associates are told to ring a doorbell or knock when they arrive at someone’s house.

If no one greets them, they press ‘unlock’ in a mobile app, and Amazon checks its systems in an instant to make sure the right associate and package are present.

The camera then streams video to the customer who remotely can watch the in-home delivery take place.

The associate cannot proceed with other trips until the home is again locked.

It is unclear if such protections will persuade customers that the service is safe to use.

He added that if a problem arises, ‘You can call customer service, file a claim and Amazon will work with you to make sure it’s right,’ reimbursing customers in some cases.

Amazon’s new service goes live on 8 November in 37 US locations, and it is unclear if it will be introduced in other countries in the future. Wal-Mart Stores, Amazon’s biggest retail rival, has similar plans.

It said last month it would test delivering grocery items ‘straight into your fridge’ with August Home, a smart lock business that Assa Abloy AB said it will acquire.

By Shivali Best for Daily Mail 

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top