Tech News : Biometrics Could Assist the Taliban

Human Rights groups fear that the Taliban could soon be able to use collected biometric data to identify contractors and locals working with the US military.

What Biometric Data?

It has been reported that, over time, while on operations in Afghanistan, the US military collected biometric data such as fingerprints and retina scans using a handheld device called HIIDE (Handheld Interagency Identity Detection Equipment).  The plan was to collect the data of 80 percent of the population (25 million people) in the hope that it would enable the identification of bomb-makers, as well as those working with and helping the US military.

Also, the Afghan government has collected biometric data (including fingerprints and iris scans) for its e-Tazkira biometric identity card, and for voter registration in the 2019 elections (facial recognition). At the beginning of this year, the Afghan government had also planned to conduct biometric registration of students and staff of madrassas around the country, in a bid to prevent misuse of the schools, and to help in the move towards a single source curriculum.

What Could Happen?

The fear is this; now that the whole biometric infrastructure is in the hands of the Taliban, the Taliban could obtain and use biometric readers, the HIDE devices, or find other ways to use the collected data to identify and punish anyone who worked with/for the Americans.  Unfortunately, it has been reported that HIDE devices are already in Taliban hands and that the Taliban have been making house-to-house inspections using a biometrics machine.

Social Media Profile Fears – Facebook Takes Action

Facebook has announced that in response to concerns that friends lists in Facebook profiles could be used by the Taliban, it has launched a one-click tool for people in Afghanistan to quickly lock down their account, thereby preventing those who aren’t their friends from downloading or sharing their profile photo or seeing posts on their timeline. Facebook is also reported to be continuing a ban on Taliban content on its platform.

Although the new Facebook feature will provide some peace of mind and protection, it will not stop the Taliban from using confiscated/stolen devices to access friends lists.

Other Social Media Companies

Twitter has responded to accusations that the Taliban has been using its platform by saying that its rules don’t allow groups that promote terrorism or violence against civilians.  Also, LinkedIn has said that it has taken some measures to limit the visibility of connections for its members in Afghanistan.

What Does This Mean For Your Business?

This story highlights the importance of data security and particularly how access to personal data can be a two-edged sword in certain situations. In ordinary circumstances, the worst that can happen with data breaches or inadequate privacy or security measures for data storage / devices / social media platforms is theft (identity, money, and more personal data), or damage to a company and its reputation, in a war situation, data can viewed in a whole new light. Just as the accuracy of the collected biometric data could have been used to protect the Americans, their contractors, and Afghan citizens, now that the data (and the readers) are in Taliban hands, the data can mean the difference between life and death. In modern warfare, personal data can be a valuable weapon in itself and lessons learned in Afghanistan could have implications for how biometric data is stored in other countries.

Featured Article: Legal Bot : From Motoring Fines to Asylum Applications

In this article, we take a brief look at the many different ways that technology is increasingly being used by legal professionals and by those seeking legal services, and how advancement such as AI are making a valuable contribution.

DoNotPay

DoNotPay (https://donotpay.com/), described as “the world’s first robot lawyer”, is an app/chatbot program that helps users to draft legal letters.  The app, which dates back to London in 2015 (when its writer, Joshua Browder, was still a student in London), was originally designed to help users to get out of parking or speeding tickets. Mr Browder was inspired to develop the program after his own experiences of receiving tickets as a young driver and got information about the best way to contest tickets from his own research and multiple freedom of information requests. Mr Browder decided that using software to create documents was easier than copying and pasting the same document multiple times.

How It Works – Machine Learning

Users type their side of an argument into the app, in their own words, and DoNotPay uses a machine learning tool to provide the legal language for drafting their argument.

Emergency Housing & Refugee Legal Help

Back in August 2016, Mr Browder altered the DoNotPay app from helping drivers, to helping those in need of emergency housing. In March 2017, and based on the fact that his grandmother was a refugee from Austria during the Holocaust, Mr Browder changed the app again so that it could be used to provide refugees with legal advice and help. At the time, the app was focused on helping refugees to the UK and the US to complete their immigration applications with the legal information coming from working with the help of lawyers in both countries. DoNotPay was made available to users through the Facebook Messenger app.

Expanded

The number of legal situations now covered by DoNotPay has been expanded so that the list of legal matters that the app can now help users with includes, compensation for victims of crime, copyright protection, creating a Power of Attorney, insurance claims, cancelling any subscription, getting money back on a holiday you can’t go on, cancelling gym membership, and even connecting with an inmate in a US jail!

Success Rate

The DoNotPay app, which has 150,000 paying subscribers, has been reported to have an 80 percent overall success rate, but a 65 percent success rate for parking tickets.

Other Legal Apps

There are many other types of legal help apps, including:

Fastcase (US)  – an app to help users find and save cases of interest and details about those cases.

LegalDefence (UK) – for a monthly subscription, users get unlimited advice with any issues (from Slater and Gordon lawyers).

LawOn (UK) – a free legal advice app to help users find a good lawyer, and to answer legal questions.

LawBite (UK) – An app focused on helping small businesses to access legal advice. Businesses can choose between case-by-case fixed fee (around 50 percent of similar lawyers), or subscription packages.

Using AI and Analytics To Help With Research For Legal Cases

In the US, for example, the earliest technological help with time-consuming and complicated legal case research came in the 1970s and 1980s with PC revolution when continuously published, updated, and annotated legal databases like Westlaw and LexisNexis were introduced.

Challenges

Some of the key challenges in today’s environment for lawyers embarking on research for their legal cases are converting the raw data produced by research into something usable and finding a way to crunch is the huge increase in the amount of available information both from law on the books, and secondary sources.

Legal Search Engines

AI-based legal search programs / search engines are another way that the legal profession is using technology to help in case preparation.  For example, Westlaw Edge, a (US) search engine (and WestSearch Plus), is an example of how AI is used in a specialised search engine for legal professionals to return relevant documents, and provide responsive suggestions in answer to law questions, thereby crunching lots of legal information, saving time, and increasing the confidence of legal professionals.

Litigation Analytics

One way that lawyers can make informed decisions about which way a judge may rule on a particular type of claim and other similar facts of interest in making litigation strategy decisions is another area where technology is helping. For example, tech tools like Litigation Analytics use graphics and data visualisation to present data so that legal professionals can get a more informed insight into the likelihood of a court or judge granting a motion, or denying a motion.

Tax Appeals

In the US, the TAX-I software system is used by legal firms to analyse historical court data for tax appeal cases and can correctly predict how appeals will be determined with an estimated success rate of around 70 percent.

Disputes

Litigate (https://www.litigate.ai/) is an example of software that can create detailed chronologies related to cases, thereby saving legal professionals time, and making a positive difference to manual tasks and data analysis work.

Murder Cases

AI-based tools are now also used in research for murder trials. For example, back in December 2020, it was reported that AI was used for the first time at Old Bailey by a legal team in a trial conducted about the killing of Rikki Neave. The ‘Luminance’ technology was used to speed up the examination of evidence and search for patterns and connections that may have been unapparent or overlooked in past human inspections. AI tools like Luminance can save thousands of man-hours, spot details that could lead to solving cases and getting convictions, as well as saving tens of thousands of pounds in the costs of investigations and legal costs.

What Does This Mean For Your Business?

For businesses looking for cheaper legal advice solutions, apps can offer a convenient way forward. For legal professionals, AI-based tools can search and crunch large amounts of legal data, thereby saving time and money, and perhaps uncovering patterns and details that may be missed by humans. The success of apps like DoNotPay show that handy, accessible technology can be effective in helping with many different and common legal problems and can provide a cost-effective way for ordinary citizens with limited funds to get fast access to justice.  Also, AI-based solutions could prove to be valuable in tackling legal backlogs and helping the legal sector to cope with developing challenges going forward.

Tech Insight : How (Simple) 2FA is Being Beaten

In this article, we take a look at how two-factor authentication, introduced to help add an extra layer of security to logins, has its own vulnerabilities.

What Is 2FA?

Two-factor authentication (2FA) combines a username and password with another factor (e.g. sending an SMS or email with a code) to enable a person to login to an online account / platform / system, or website. This means that 2FA provides an additional layer of security to the username/password system

Why 2FA?

A username password system on its own has been found to be vulnerable to attacks and breaches because:

– There has been a huge increase in cybercrime and data breaches in recent years, and increasingly sophisticated attack methods are now more widely available, many of which can be bought off-the-shelf for relatively small amounts.

– Stolen passwords from previous breaches are widely available for cyber criminals to buy/swap, so most hacking-related breaches happen due to compromised (and weak credentials); for example, three billion username/password combinations were stolen in 2016 alone.

– Passwords can now be more easily cracked using technology. For instance, a computer recently set a record by guessing 100 billion passwords per second.

– Many people still set weak passwords and share the same password between many sites/platforms/accounts, thereby increasing the risk.

– Most people can only successfully remember shorter, more uniform, or more memorable strings of characters, and consequently these often end up being partly words, names, dates, or a combination, thereby perpetuating the problem of people choosing simple easier to crack passwords.

– Legislation, compliance, reputation, and tightened security policies have meant that online sites and apps must offer tighter security (i.e. not just passwords).

Beating 2FA

Despite adding the extra second layer of security, cyber-criminals are already finding ways to beat simple 2FA.  For example:

– Using Google Play and a victim’s login credentials to install apps on a victim’s Android phone (e.g. an app that synchronises users’ notifications across different devices, thereby enabling access to a victim’s SMS 2FA messages). Also, attackers can use compromised email/password combinations for a Google account to install a message mirroring app on a victim’s smartphone via Google Play, thereby enabling 2FA code interception.

– SIM swapping. This is where the attacker contacts the target’s mobile service provider posing as the target and convinces them to switch the target’s phone number to a device of their choice, thereby allowing the attacker to intercept any verification codes.

– Exploiting a weakness in the Signal System 7 (SS7) protocol used by phone carrier networks, thereby being to intercept codes to mobile phones.

– Sending multiple ‘push to accept’ authentication to a user’s phone causing the victim to click on “accept” (even when not authenticating) to remove the notification from their screen.

– Using knowledge-based authentication (KBA) to get around KBA as a verification method.  For example, finding details of a target victim on the Web (e.g. mother’s maiden name, first pet, first car driven etc), can enable some attackers to get around KBA verification, reset a password, and take over an account.

– Supply chain attacks (like SolarWinds) where code components are infected, and the target companies download these pieces without knowing they have been compromised.

– Compromised MFA authentication workflow bypass exploited by using a denial-of-service vulnerability in the MFA module in Liferay DXP v7.3.

– So-called ‘pass-the-cookie’ attacks where hackers try to extract stored authentication data that’s held in cookies on the victim’s browser.

– Server-side forgery which uses four zero-day flaws in Exchange to nullify all authentication completely with Microsoft Exchange servers.

– Real-time or automated phishing.  For example, back in 2018 (as reported by Amnesty International), hackers sent fake but convincing security alerts (like Google or Yahoo) to journalists and activists based in the Middle East and North Africa, advising that the victim’s account had been breached, and providing a link to an official-looking fake login page to initiate a password reset. Here, the 2 FA code and other details could be stolen.

– Using reverse proxy and Modlishka with a phishing attack.  The Modlishka (meaning ‘mantis’) tool, created by Polish researcher Piotr Duszyński, sits between a user and a target website (e.g. Gmail). When the victim connects to the Modlishka server, which hosts the phishing domain, a reverse proxy component makes requests to the site it wants to impersonate, the victim receives authentic content from the legitimate site, yet all traffic to and from the victim passes through (and is recorded on) the Modlishka server. This allows an attacker to record any passwords and intercept any 2FA tokens.

What Next?

With criminals beating simple 2FA, many businesses are turning to:

– Using multi-factor authentication (i.e. using multiple methods of authentication simultaneously) and in combination as needed.

– Biometrics – fingerprint scans, face scans, iris scans, voice-recognition and more.  Some biometrics authentication systems have already been shown to be vulnerable (e.g. voice recognition systems have been tricked) plus biometrics can’t be remotely revoked; if a fingerprint is compromised, it can’t be replaced (as a password can).

Protection

Some simple ways to protect yourself against attacks on 2FA include:

– Checking whether your password has been compromised via sites/services such as https://haveibeenpwned.com/ .

– Using stronger passwords and a Password Manager and avoiding password sharing.

– Limiting the use of SMS as a 2FA e.g., use Google Authenticator instead.

What Does This Mean For Your Business?

Many businesses now have policies for passwords, have adopted a zero-trust approach to security and realise that there are many vulnerabilities in username/password systems. Even though 2FA provides an extra layer of security, human error, the appliance of social engineering, and the increasingly sophisticated methods used by cybercriminals mean that 2FA can (and is) being beaten. Businesses are now looking towards multi-factor authentication and biometric security solutions in the shorter term for added protection although some biometric solutions have already been beaten or shown themselves to have other disadvantages.  Many businesses accept that fight against cybercrime is ongoing and that staying one-step ahead is the most that can be expected until there is a major security breakthrough.

Tech News : Delivery Scams Top The ‘Smishing’ List

Data, published by trade association UK Finance for security provider Proofpoint, shows that parcel and package delivery scams are now the most common form of ‘smishing’ attempts.

What Is Smishing?

Smishing is where an attacker sends a text/SMS message purporting to be from a reputable company, in this case, the Royal Mail or a parcel delivery company/courier service. The idea is that the recipient (who may be expecting a parcel delivery) is fooled into clicking on the link in the text message and this either send sends the attacker personal information (credit card number or password) or downloads a malicious program/malware to the victim’s phone. The malware can be used for snooping on the user’s smartphone data or sending sensitive data silently to an attacker-controlled server.

March – Big Month for Royal Mail-Related Phishing

Research results released in April (by Check Point Software) showed that March was the biggest month in 2021 for Royal Mail-related cyber phishing attacks with a 645 percent increase on the previous two months, equating to an average of 150 per week.

Now, More Than half of Phishing & Smishing Attacks Are Parcel Delivery Scams

The new data shows that these kinds of parcel delivery scams now account for more than half of all reported text phishing, or ‘smishing’ attacks in the UK. For example, the new data shows that from 15 April to 14 July 2021, 53.2 percent of reported scam text messages were from attackers posing as postal delivery firms. Also, from 14 June and 14 July, parcel and package delivery scams accounted for 67.4 percent of all smishing attempts.

Driven By Pandemic

The increase in delivery-related smishing attacks has been driven by the big increase in online shopping that resulted from pandemic restrictions, bricks and mortar shop closures, and the need to stay at home.

How To Protect Yourself From ‘Smishing’ Attacks

Since smishing attacks basically rely upon human error (i.e. not being able to spot a smishing attack – or to report an attack if spotted to help warn others), so one of the best ways to protect yourself is to know the signs of a smishing attack. Information to help you to detect and avoid becoming a victim of smishing includes:

– Financial institutions never send text messages asking for credentials or transfer of money and credit card numbers, ATM PINs, or banking information should never be sent to someone in text messages.

– Many smishing scam messages offer quick money (e.g. from winning prizes or collecting cash after entering information) and they sometimes use coupon code offerings.

– A message received from a number with only a few digits is a sign that it probably came from an email address, which is a common sign of spam/scams.

– Avoid storing any banking information on a mobile device (in case of malware).

– Be wary of any delivery-related text messages other than the standard day/time of delivery messages.

– If you receive a smishing text, to protect other users, send the message to your telecom’s number so that it can be investigated.  Also, report such messages to Action Fraud (https://www.actionfraud.police.uk/).

What Does This Mean For Your Business?

Driven by the pandemic-fuelled increase in online ordering by consumers, it seems that attackers are shifting their focus from impersonating financial services and banks to impersonating the Royal Mail and other delivery services and couriers. This shows that the threat ecosystem has evolved over the past year towards scams based very much on human error (e.g. smishing and phishing). Businesses have also been targeted with more (sophisticated) ransomware and business email compromise (BEC) attacks. This threat evolution indicates that businesses may want to explore a more people-centric approach to cybersecurity to reduce today’s risks and, if they haven’t done so already, adopt a ‘zero trust’ approach to their cyber security. Businesses need to realise that today’s attackers would much rather log in than hack in and are, therefore, favouring the types of attacks that fool their victims into giving-up their information, rather than going through the complicated and time-consuming process of hacking in the ‘hard way’.

Tech Tip – Backing Up Your Chrome History

If you’ve lost your Google Chrome history and you’d like to avoid the frustration of having waste time trying to find those useful and interesting websites that you remember looking at, here’s how to back-up your history so it doesn’t happen again:

Enable Sync

Enabling sync on Google Chrome history copies your history (and bookmarks) to your other devices (where you’re logged into your Google account), thereby stopping you from losing it. To turn on sync:

– Open Google Chrome and sign in.

– In a new tab, go to the 3 dots (top-right) an select ‘Settings’ from the list.

– Click on “Turn on sync” and click yes to confirm.

Backup The History File

To backup the history file itself, so that Chrome automatically stores your browsing history in a MySQL database file on your computer so you can then store it in a secure location e.g., OneDrive or Dropbox:

– Open a browser and paste the following in (substituting your own username): C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default.

– Find the file in the list called ‘History’ and copy it and paste it into another secure directory/drive as a backup.

Featured Article : Apps & Zaps – Ideas For Automating Your Business

In this article, we look at how Zapier and other alternatives can be used to link apps together and create automated workflows that can carry out daily/weekly marketing tasks for you in the background while you get on with running your business.

Zapier

Zapier (https://zapier.com/) is a tool that can automate repetitive tasks between two or more apps, without any extra coding or human intervention being necessary. It is a way of automating workflows which tells your apps to follow this simple automated workflow command: “When this happens, do that” (known as the Zap), meaning that when an event happens in one app, Zapier can then tell another app to perform (or do) a particular action.

Zaps

Each Zap, therefore, has a trigger and one or more actions. The trigger is the event that starts a Zap, and an action is what the Zap does for you. When a Zap runs, each action it counts as one task.

Good For Certain Types of Tasks

Zapier works well for tasks that are needed frequently e.g., sending out weekly reminders as well as for any situation where information needs to be moved from one app to another e.g., adding tasks from a project management app into a personal to-do list app. Zapier also works well for the kind of tasks that don’t require much thinking e.g.  copying emails of events to spreadsheet or collecting emails from web forms on landing pages and adding them to audience lists in Mailchimp.

Working on Automated Tasks in the Background

The great thing about Zapier, therefore, is that it can be set to work on low level tasks (i.e. labour intensive but not necessarily complicated tasks) in the background, thereby freeing up valuable resources and saving time.

Templates and Customisable

Zapier users have access to templates, and actions are customisable.

Alternatives to Zapier

There are many different alternatives to Zapier in the market for automating workflows by linking apps.  Popular alternatives include Automate.io, IFTTT (free), Microsoft Flow, Integromat, CloudHQ, Actiondesk, Huginn, Workato, Elastic.io.  Each are more suitable for different types of work and have different levels of integration with apps.

Examples of What Can Be Done – Integrations

Here are some examples of what kind of automated workflow tasks (integrations of apps) that can be achieved with a few different alternatives to Zapier.

Integromat – https://www.integromat.com/

– With online ads, Integromat can be used to streamline what happens with leads from online advertising (i.e. after a lead form ad has been filled-in). Automated worklows can be set up to automatically add contacts to a CRM as leads or enrol them in an email or SMS drip campaign. 

– Using a pre-defined template, each time a new tweet is posted on Twitter, Integromat can automatically publish a new post on LinkedIn.

– Every time a new review is added to your ‘Google My Business’ location, Integromat can automatically store it in Google Sheets.

– Each time you publish a WordPress post, Integromat can be used to automatically publish the new post on LinkedIn.

– Any mp3 audio files added to Google Drive can be automatically transcribed with Google Cloud Speech and the text saved to a Google Docs document.

– Every time a Google Doc is created, it can be automatically converted to an audio file via the Google Text-to-Speech API.

– Automatically reply to a ‘Google My Business’ review depending on the rating, with a personalised response.

– Automatically create a new meeting in Zoom every time a new event is created or updated in Calendly.

Leadsbridge – https://leadsbridge.com/

Leadsbridge offers highly specific integrations for advertising and marketing. For example:

– Sync Facebook Custom Audiences with your Zoho CRM.

– Linking ActiveCampaign and Hubspot together e.g., to create new HubSpot contacts in forms, or create new HubSpot companies in smart lists.

Automate.io – https://automate.io/

Great for integrating cloud applications and automating your marketing, sales and business activities.  For example:

– An integration to sync between Mailchimp and Shopify that can automatically subscribe customers to a particular list in Mailchimp and send targeted emails.

– Sending an email in Gmail on a Successful Sale in PayPal.

– Scheduling Salesforce events on Google Calendar.

– Sync new Stripe payments to QuickBooks as customers.

– Get Slack notifications for new tasks on Microsoft SharePoint.

IFTT – https://ifttt.com/

IFTT, short for ‘If This Then That’, offers different ways of connecting services using Applets.  For example:

– Create an event on your iPhone’s calendar using your Google Assistant (Amazon Echo).

– Make your Instagram photos show up in your Twitter feed as a full image rather than a link (for single photo posts).

Microsoft Flow – https://flow.microsoft.com/en-us/

Microsoft Power Automate helps to streamline repetitive tasks and paperless processes. For example:

– Save all Outlook.com email attachments to a folder in your OneDrive, or save all Gmail attachments to Google Drive.

– Send an email when an item in a SharePoint list is modified.

What Does This Man For Your Business?

Zapier, Integromat, and similar platforms offer businesses the opportunity to save time and money, and make better use of their resources, and work smarter through automating workflow tasks so that they are carried out in the background. With these platforms, the existing templates mean that businesses don’t need technical expertise, APIs, custom scripts, or often unmaintainable solutions to be able to connect their different marketing tasks and get apps to communicate with each other in a way that can add value and possibly create sources of competitive advantage. At the very least, they can save a lot of time and effort and can help businesses to punch above their weight in terms of marketing processes and the level of in-house technical skills.

Tech News : Vodafone Introducing Roaming Charges From January

Vodafone has become the second big operator to announce the re-introduction of roaming charges in Europe for new and upgrading customers from January 2022.

New, Upgrading, or Changing After 11 August 2021

New customers of the network, those upgrading, and those changing their call plans after 11 August will qualify for the new daily charges for roaming in Europe. There will be no roaming charges for any Vodafone customers travelling to the Republic of Ireland.

How Much?

Depending on tariff, the charges will be £1 per day, with roaming passes for Vodafone’s Europe Zone priced at £8 for 8 days, £15 for 15 days, or £2 for just a single day pass.  Those with Unlimited or Limited Data Xtra plans won’t be charged.

Why?

Despite mobile operators originally saying, prior to Brexit, that they had no plans to re-introduce roaming charges, the Brexit trade deal from December 2020 gave UK mobile operators the ability to start charging again for roaming because, although the deal encouraged transparency reasonable rates, it didn’t impose a total ban on roaming charges.

What Are Roaming Charges?

Mobile operators apply roaming charges as a way of covering the costs of a mobile phone being used outside the range of its home network and connecting to another available ‘visitor’ network. Mobile operators have legal roaming agreements with other roaming networks that cover aspects like authentication, authorisation, and billing.

Half of Vodafone Customers Don’t Roam Beyond IRE

In the case of Vodafone, it says that roaming is a service that costs the company money, and that including it in every plan while fewer than half of its customers roamed further than the Republic of Ireland in 2019, means that half the customers are paying for something they don’t use anyway and are, therefore, paying for someone else’s roaming.

EE The First

UK operators have been allowed to introduce the charges since January 2021. However, they chose not to do so until recently, when EE broke ranks and started to charge. In June, EE became the first mobile operator that announced that for those who took out a pay monthly handset or SIM plan (from 7 July onwards), there would be a daily charge for using their mobile phone in what it defined as the “European roaming zone”. However, EE said the new roaming charges wouldn’t apply until January 2022.

What Does This Mean For Your Business?

The December Brexit deal gave the go-ahead for mobile operators to re-introduce roaming charges, probably because it simply encouraged operators to be transparent and reasonable with their rates rather than actually forcing them to, thereby leaving the door open for them to make a commercial decision. The fact that it currently only affects new and upgrading customers after a certain date and that the charges don’t come into force until next year has enabled EE and now Vodafone to soften the blow and limit the potential for negative publicity. After EE announced its re-introduction of roaming charges, Vodafone, Three and O2 said they ‘no plans’ to re-introduce the charges, so now that Vodafone appears to have changed its mind it doesn’t seem unreasonable to expect that the others may follow.

Tech News : $610 Million Hackers Return Most Of The Crypto-Cash

On 12 August, the Poly Network DeFi platform announced that, following the theft of $610 Million in digital coins, the hacker thieves had returned $342 million. However, it’s been reported that more recently, almost all of the stolen crypto has now been returned.

The Hack

The original theft, which had taken place just two days before (10 Aug), saw hackers stealing an incredible $610 million in different cryptocurrencies from the Poly Network, a decentralised finance platform (DeFi) that facilitates peer-to-peer transactions.

Returned

After calls to return the stolen currencies, amazingly, the thieves decided to return just over half the next day (11 Aug).  The returned currencies were $3.3M of Ethereum, $256M of BSC, and $1M of Ploygon. Poly Network Tweeted that this has left $269M on Ethereum, and $84M of Polygon still outstanding.

How?

According to blockchain forensics company Chainalysis, the hackers were able to exploit a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains.

For Fun & To Expose Security Issues

It has been reported that the (unknown) hackers have sent messages to say that the hack and theft were carried out for “fun” and to “expose the vulnerability”, and that it was always the plan to return the stolen currencies. There is also speculation that the hackers have (so far) returned most of what they stole because of the complications of trying to launder stolen cryptocurrencies on that scale because of the transparency of the blockchain, and the broad use of blockchain analytics by financial institutions.

DeFi Platforms

DeFi platforms, including the Poly Network, handled more than $80 billion worth of digital coins last year and are valued by people and businesses because they offer free access to financial services without having to go through the usual gatekeepers such as banks or exchanges and, therefore, help to cut costs as well as boosting economic activity.

Vulnerabilities and Previous Hacks

As highlighted by hackers in this recent $610 million hack, DeFi platforms tend to have technical flaws and weaknesses in their computer code that can make them vulnerable to attack.

For example, $530 million in digital coins was stolen from Tokyo-based exchange Coincheck in 2018. Also, the Tokyo-based Mt. Gox exchange, collapsed in 2014 after losing half a billion dollars in bitcoin.

What Does This Mean For Your Business?

There have been more positive signals about cryptocurrencies in recent years since the last bitcoin crash (e.g. Tesla allowing customers to pay in Bitcoin – before changing their minds over its environmental impact), and PayPal (previously owned by Elon Musk) saying last October that it was ready to allow its users to buy, sell, and hold Bitcoin BTC and other cryptocurrencies.  This recent hack, however, highlights an area that has held back cryptocurrencies and their trading; i.e. technical vulnerabilities / security risks. The volatility and lack of stability of cryptocurrencies, and the negative environmental impact such as the vast amounts of (mainly fossil fuel) power needed for crypto-mining have also acted as deterrents to many potential users and investors. One key technology behind them, blockchain, has, however, proven to be very useful in many different other applications across many industries. Despite the problems that crypto-currencies are having now, their development and wider and continued use going forward seems likely, and more businesses will use them as the big security, instability, and environmental issues are ironed out over time.

Tech Insight : What Is Web Accessibility?

In this article, we take a brief look at what Web accessibility is, and how it can benefit Web users and the businesses and organisations that make it a priority.

What Is It?

Web accessibility mean that websites, tools, and technologies are designed and made so that all people, regardless of their barriers, including those with disabilities can use them i.e., perceive, understand, navigate, and interact with the Web, and contribute to the Web.

Barriers and Challenges To Web Accessibility

The main barriers and challenges to Web accessibility include physical challenges: auditory, cognitive, neurological, speech, visual, and physical barriers (motor disabilities).

Why?

Reasons for making websites, Web tools, and technologies as accessible as possible include:

– Reaching more potential customers and selling more.

– To support social inclusion; e.g. for those with disabilities, older people, and people in rural areas.

– Improving usability and offering better user experiences.

– Helping businesses in other ways by overlapping with other best practices; e.g. mobile web design, device independence, usability, design for older users, search engine optimisation (SEO), and more. Accessible websites tend to have better search engine results, reduced maintenance costs, and increased audience reach.

Examples

Examples (real-life and general) of ways in which Web accessibility can be improved include:

General:

Adding alt text to images to help people who use a screen reader, adding technologies such as speech input for those who can’t use a mouse, and providing transcripts to accompany audio.

Real-Life (Recent):

Twitter recently introducing its first proprietary, new fonts called ‘Chirp’ which are designed to make reading easier when scrolling through tweets. Twitter has also just changed its colour scheme to get more contrast and reduce the amount of blue elements across the interface, thereby making photos and videos easier to spot.

In Law

Web accessibility is covered by some legislation.  For example:

– In the UK: The Equality Act 2010 which says that it is unlawful for service providers to treat disabled people less favourably because they are disabled and that, under this law, service providers must make “reasonable adjustments” not to treat disabled people unfavourably because of factors relating to their disability.

– Also, in the UK, the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations came into force in September 2018. As the name suggests, public sector web sites (for central and government local government organisations, some charities, and some non-government organisations) must meet certain accessibility standards and publish a statement saying they have been met.

– In the rest of Europe: The European Union (EU) Directive on the Accessibility of Websites and Mobile Applications requires those in EU member states to ensure that their websites and mobile apps meet common accessibility standards.

– In the US: Section 508 Amendment to the Rehabilitation Act of 1973, which stipulates that all Federal agencies’ electronic and information technology should be accessible to those with disabilities.

Guidelines

The recognised common standards for Web accessibility are the Web Content Accessibility Guidelines (WCAG), developed through the W3C® process in cooperation with individuals and organisations worldwide. The goal is to provide a single shared standard for web content accessibility that meets the needs of individuals, organisations, and governments internationally. The WCAG 2.0 guidelines were published on 11 December 2008, WCAG 2.1 on 5 June 2018, and the latest WCAG 2.2 guidelines are scheduled to be published this summer.

Tools and Resources

Some tools and resources that can help your business or organisation to get up to speed with Web accessibility include:

The W3C® Web Accessibility Evaluation Tools List: https://www.w3.org/WAI/ER/tools/

The W3C® Web Content Accessibility Guidelines (WCAG) Overview: https://www.w3.org/WAI/standards-guidelines/wcag/

TechRadar’s Best Accessibility Software of 2021: https://www.techradar.com/uk/best/web-accessibility-software

A UK Government Introduction to Making Your Service Accessible: https://www.gov.uk/service-manual/helping-people-to-use-your-service/making-your-service-accessible-an-introduction

What Does This Mean For Your Business?

There are many sound reasons for making your website(s), tools, and technologies accessible to everyone, which includes helping to give those people with disabilities equal rights and abilities in their online life, compliance (with laws and guidelines), improving search engine rankings and usability, and maximising the potential number of online enquiries and customers. It is totally reasonable to expect that physical challenges, for example, should not be a reason why some people are excluded from accessing the same services and quality of experience online as others and businesses should make reasonable efforts to ensure that this doesn’t happen. Meeting accessibility guidelines can bring many different kinds of benefits to businesses as well as benefitting the users of their website(s), tools, and technologies.

Tech Tip – All The Emojis You’ll Ever Need

Emojis can be a great tool for creating more engaging social media posts and more, so here’s a site where you can find and copy all the emojis you’ll need:

– To find the emoji you’re looking for:

– Go to https://emojipedia.org/.

– Type a name/description of the emoji required into the search field or select the category of emoji you’re looking for (left-hand column) or try the ‘Most Popular’ (middle column).

– Click on the category link and scroll down to find your emoji of choice.

– Click on the link to that emoji and click on the ‘Copy’ button. The emoji is now on your clipboard, ready for pasting.