Archive for January 6, 2018

Apple Legal Nemesis Files “BatteryGate” Lawsuit…. Should Apple Be Scared?

Posted in Commentary with tags on January 6, 2018 by itnerd

Law firm Hagens Berman has filed a class action lawsuit against Apple over the fact that they “secretly” installed a “feature to intentionally slow down” the iPhone. Now Hagens Berman are the same guys who scored a $450 million victory over Apple when it came to the infamous iBooks price fixing case. Thus Apple may be a bit worried.

Another thing that may worry Apple is the fact that Hagens Berman have decided to make a different argument than those who have filed the other lawsuits against Apple. It seems to focus more on how Apple silently rolled out the feature without consent rather than the actual slowdown itself. While there are still broad claims of planned obsolesce, the suit relates those claims to the lack of information consumers were given regarding why their iPhones were performing slowly. It’s an interesting argument that I suspect that Apple’s iLawyers may have a tough time defending against. Thus should Apple be scared? I would argue that they should be.

I think that things just got a whole lot more interesting on the “BatteryGate” front.

Leave a comment »

Guest Post: More On Meltdown and Spectre vulnerabilities From ISA

Posted in Commentary with tags on January 6, 2018 by itnerd

By Bryan Pollitt, Vice-President, Professional Services at ISA

These vulnerabilities are different than most we see, because they are tied to hardware and not to an application or operating system. Hardware vulnerabilities are far rarer. The Meltdown and Spectre vulnerabilities that were discovered by a team of independent researchers including Google’s Project Zero are likely to be the worst processor bugs ever discovered.

The first of these vulnerabilities has been dubbed “Meltdown” because it essentially melts the security boundaries normally enforced by hardware. It takes advantage of a feature on almost all modern processors called “speculative execution” or “out-of-order execution” which allows the processor to execute instructions in a non-sequential manner so that the CPU spends less time idle. It leverages a race condition between instruction execution and privilege checking in order to read memory mapped data that it should not be able to.

The second of these vulnerabilities is called “Spectre” which has been described by researchers as a whole class of potential vulnerabilities in modern processors. Spectre focuses on “branch prediction”, which is a part of speculative execution. Unlike the Meltdown vulnerability, Spectre does not rely on a specific feature of the processor memory management and protection system. It is a more generalized idea that has so far been demonstrated to work against user level programs.

Since the vulnerabilities were made public this week, we’ve been working with our clients to help them understand what they can do to secure themselves. The key point here is these vulnerabilities make attacks very hard to detect. It’s very difficult from a forensics perspective to see an attack was successful.

In order to take advantage of the vulnerabilities, a cybercriminal would need a user’s device to run code. One way an attacker might execute code is to get someone to browse a website the attacker set up that uses Javascript. If an organization runs Web filtering technologies, it should strengthen policies around what sites users can visit to prevent them from visiting known bad sites, or unknown sites. Many organizations have very liberal policies on their Web filtering that don’t offer strong protection.

Organizations should also be more diligent around their e-mail policies. For example, HTML e-mail should not automatically resolve the URLs in e-mail messages. Users should also be told not to run attachments unless they are certain they are safe. It’s key that organizations ensure executable code that takes advantage of the vulnerabilities does not get into their environment.

In terms of remediation, Microsoft has released a security patch for all currently supported Windows versions to address the Meltdown vulnerability. We recommend organizations test and deploy the patch as soon as possible.

Leave a comment »

Next-Gen Phones To Fuel Used Device Market: Flipsy

Posted in Commentary with tags on January 6, 2018 by itnerd

There’s a lot of buzz surrounding upcoming smartphone releases, and Flipsy.com anticipates a flood of used devices to hit the market over the next couple of months due to:

  • The 20-million-plus phones purchased over the holiday season, which displaced old phones that can be sold for cash (did you know online buyback companies pay an average of 30% more than carriers?)
  • The launch of new phones at the Consumer Electronics Show (CES), to be held in Las Vegas Jan. 9 through 12. Phones that could make an appearance include the Samsung Galaxy X – rumored to be a bendable phone – plus the Samsung Galaxy A8, the LG G7 and a new Sony Xperia flagship
  • New phones to be introduced at Mobile World Congress (MWC), to be held in Barcelona Feb. 26 through March 1. Phones rumored to debut at MWC 2018 include the Samsung Galaxy S9 and S9 Edge, the Huawei P11 and a suite of new Nokia phones

At Flipsy.com, their mission is to help people get more money for their used phones. They constantly analyze the market so they can provide free tools like instant online buyback price comparisons and phone blue book values.

Leave a comment »

Guest Post: How To Develop My B2B Business Into E-Commerce

Posted in Commentary with tags on January 6, 2018 by itnerd

If your B2B business isn’t on the Internet yet, you’ve possibly run out of excuses not to be by now. It’s no longer a novelty for businesses — considering B2B businesses — to have an e-commerce existence, and those that don’t are missing out on some noteworthy opportunities. More than half of Internet users have conveyed making a purchase online in 2016, including your B2B customers.

As significant as developing into e-commerce can be for your B2B business, the procedure needs to be handled with care. It isn’t enough to merely slap together a website just for the sake of being on the Internet. An e-commerce site needs to be built to make the process of purchasing your services or products online as fitting as possible for customers. That means being well-informed of the finest practices in terms of implementing technology, designing the site and optimizing the customer experience to attain the best results.

For example, your e-commerce site’s technology needs to include scalability so that the site is easy to navigate — no matter what type of device your customers use to view it. A strong web analytics platform built into your site also will give you a good source of actionable data you can use to track conversions and optimize your site. Your site’s design must conform to best practices for e-commerce, incorporating professionally sourced content such as photos and copy, as well as a carefully organized structure that is easily searchable.

Making a user-friendly e-commerce site also means building in protections for your customers to keep their sensitive data safe. This includes the use of security certificates, data backup systems and security software to avoid cyber attacks. These and other tips can help you build an e-commerce existence that will likely improve your business and help you better serve your customers. It’s time for your B2B business to make the leap into the digital world: The accompanying guide from CDI Technology covers these and various other tips to help bring your B2B business into the world of e-commerce without making some of the most common mistakes that can trip up companies making the conversion.


Created by: CDI Technology, E-commerce for JD Edwards provider

 

Leave a comment »

97% Will Continue To Use Scrum: Scrum Alliance

Posted in Commentary with tags on January 6, 2018 by itnerd

Scrum Alliance, the largest certifying body in the Agile community, today released State of Scrum 2017-2018, an annual report that this year shows Agile transformation firmly on the horizon for organizations around the world.

Approximately half of respondents – 53 percent – report current involvement in an Agile transformation, and of those not currently involved in an Agile transformation, 56 percent anticipate one in the future.

Respondents reported the primary catalyst for implementing a full-scale Agile transformation was the issue of process. As digital transformation has steadily increased demand for faster turnarounds, user-friendly platforms and flexible goals, modern business demands ever more Agile workflows.

While many respondents anticipate change to come and suggest it is necessary to reach business goals including improved satisfaction with products delivered, better time to market, better quality and improved staff morale, 57 percent say organizational design and culture is what holds Agile transformation back.

More than 2,000 Scrum professionals responded to the 2017-2018 survey, representing 91 countries and 27 industries. Virtually all – 97 percent – say they will continue to use Scrum in the future.

To learn more about Scrum Alliance and the State of Scrum, please visit http://info.scrumalliance.org/State-of-Scrum-2017-18.html

Leave a comment »