SAP releases patches

The software maker which makes esoteric expensive business programmes which no one is really sure what they do, has patched vulnerabilities in its latest HANA software.

The holes had a high risk of giving hackers control over databases and business applications used to run big multinational firms.

Vulnerabilities in big business software are more lucrative to attackers as these tools store data and run transactions. The flaws were “zero day” vulnerabilities and were the most critical ever found in HANA.  For those who came in late, HANA runs SAP’s latest database, cloud and other more traditional business apps.

The holes were spotted by the insecurity outfit Onapsis which said that the vulnerabilities lay in a HANA component known as “User Self Service” (USS) which would allow malicious insiders or remote attackers to fully compromise vulnerable systems, without so much as valid usernames and passwords.

It reported 10 HANA vulnerabilities to SAP less than 60 days ago, which the German software maker fixed in near-record time.

The resulting patch issued by SAP on Tuesday was rated by it as 9.8 on a scale of 10, “very high” in terms of relative risk to its customers. SAP is releasing five HANA patches this week to fix a range of vulnerabilities uncovered in recent months.

Onapsis Chief Executive Mariano Nunez praised SAP for doing such a great job by releasing fixes much faster than in past situations.

 

US about to arrest Yahoo hackers

US Justice Department officials are expected to announce arrests against suspects in at least one of a series of hacking attacks on Yahoo.

The accused men live in Russia and Canada, the source said, with the Canadian far more likely to be forced across the border to face arrest. Russia has no extradition treaty with the United States and Tsar Putin is expected to be a big fan of whoever hacked Yahoo.

It could not immediately be learned whether the group was suspected in the hacking of data about one billion Yahoo users, or a separate hack of 500 million email accounts.

The indictments were first reported by Bloomberg News. The two largest hacks, and Yahoo’s much-criticised slow response and disclosure, forced a discount of $350 million in what had been a $4.83 billion deal to sell Yahoo’s main assets to Verizon Communications.

Online job sites block older workers

Illinois Attorney General Lisa Madigan has opened an investigation into allegations that online software tools that millions of Americans use to job hunt is discriminating against older workers.

The San Francisco Federal Reserve Bank found that in a widespread test using fabricated resumes, fictional older workers were 30 percent less likely to be contacted after applying for jobs.

Fictional older women had it even worse, being 47 percent less likely to get a “callback”.  Several forces are conspiring to ensure that many Americans must work well past the traditional retirement age of 65.

Because people are living longer, their retirement savings are inadequate, and Social Security reforms are almost certainly going to require it.

The San Francisco Fed says that the share of the older 65 working population is projected to rise sharply — from about 19 percent now to 29 percent in the year 2060.

But while online job-hunting tools should be making things easier for older employment seekers, online job sites seem to be cutting older workers out with age bias is built right into their software.

In a statement, Madigan said that Job seekers who try to build a profile or resume can find that it’s impossible to complete some forms because drop-down menus needed to complete tasks don’t go back far enough to let older applicants fill them out.

For example, one site’s menu options for “years attended college” stops abruptly at 1956. That could prevent someone in their late 70s from filling out the form.

Madigan’s office said it found one example that only accommodated those who had attended school after 1980, “barring anyone who is older than 52.”

Other sites used dates ranging from 1950 to 1970 as cutoffs, her office said. The Illinois’ Civil Rights Bureau has opened a probe into potential violations of the Illinois Human Rights Act and the federal Age Discrimination in Employment Act. Madigan’s office has written letters to six top jobs sites including Beyond.com, CareerBuilder, Indeed, Ladders, Monster Worldwide and Vault to ask them about their policies.

BAE sued for firing cryptographer who was looking after dying wife

A new lawsuit by cryptographer Don Davis casts the multinational defense giant BAE Systems as a rather unpleasant employer.

The Boston Globe reports that on his first day on the job, Davis explained that his wife had late-stage cancer. He would work his full work day in the office, but if he was needed nights or weekends, he’d want to work from home.

His supervisor was fine with it, but the human resources department fired him on the spot after four hours of employment.

Across the pond, the lawsuit has raised the question about whether employment law requires corporations to have the same level of decency we expect from individuals. After all you don’t slap someone about because their wife is dying.  What is telling also is that it was not that he was asking for “time off” to look after his sick wife, just not work stupid hours in the office.

Don Davis’ lawyer, Rebecca Pontikes, contends he was discriminated against because the company “requires its male employees to be the stereotypical male breadwinner and to leave family responsibilities to women”.

BAE issued a statement to The Boston Globe saying: “We do not tolerate discrimination of any kind and work hard to provide our employees with flexible working options that enable them to have a meaningful work/life balance.”

Arrested by typo

You know you are having a bad day when the police try to arrest you for paedophilia and take a rather keen interest in the contents of you hard drive – particularly if you have done nothing to warrant such attention and it is all because of a typo.

On a Saturday morning in July 2011, Nigel Lang, then aged 44, was at home in Sheffield with his partner and their two year old son when a man and two women knocked on the door.

When he opened it, the three pushed past him and one of the women, who identified herself as a police officer, told Lang and his partner he was going to be arrested on suspicion of possessing indecent images of children.

He was told that when police requested details about an IP address connected to the sharing of indecent images of children. But the coppers had typed in the wrong IP address and had raided the wrong physical location.

But it would take years, and drawn out legal processes, to get answers about why this had happened to him, to force police to admit their mistake, and even longer to begin to get his and his family’s lives back on track.

Police paid Lang £73,500 in compensation last autumn after settling out of court, two years after they finally said sorry and removed the wrongful arrest from his record.

Marissa Mayer to get a $23 million “golden parachute”

Yahoo is giving its CEO Marissa Mayer a $23 million “golden parachute” and $3 million in cold hard cash in the hope that she might go away with the least amount of fuss.

The search engine has named Thomas McInerney, a former chief financial officer of IAC, as the bearer of the Yahoo poisoned chalice once the merger with Verizon becomes official.

Yahoo said that after it completes the sale of its core search business to Verizon and Mayer and co-founder David Filo step down as board members of Altaba – the new name for the remaining holdings.

Mayer’s golden parachute is the large payment for top executives if they lose their position because of a deal, would include $19.97 million in equity and more than $3 million in cash, according to a regulatory filing.

It would kick in if there is a change in control, as will be the case in the deal, and she is terminated “without cause” or “leaves for good reason” within a year.

There cannot be many people who would be upset at getting $26 million not to go to work.

Spooks warned of election gaming Russians

After successfully convincing the US public to vote for a bloke who owes his friends money, Tsar Vladimir Putin is working out a way to game the coming Euro elections to get his favourite candidates elected.

Britain’s National Cyber Security Centre (NCSC), part of the GCHQ spying agency has warned political parties to protect themselves against potential cyber-attacks.

A letter from NCSC head Ciaran Martin said that after the problems in the United States, Germany and elsewhere reminding us of the potential for hostile action against the UK political system.

“Attacks against our democratic processes go beyond (political parties) and can include attacks on parliament, constituency offices, think tanks and pressure groups and individuals’ email accounts,” it said.

The NCSC did not confirm that the main cybersecurity risk was Russia, but it was possible to guess, reading between the lines.

Foreign minister Boris Johnson said: “We have no evidence that the Russians are actually involved in trying to undermine our democratic processes at the moment… but what we do have is plenty of evidence that the Russians are capable of doing that. And there is no doubt that they’ve been up to all sorts of dirty tricks,” he told ITV television’s “Peston on Sunday”.

The French government this month dropped plans to let its citizens abroad vote electronically in legislative elections in June because of concern about the risk of cyber-attacks.

Smart meters might diddle users

Dutch boffins have tested ‘smart’ electrical meters and discovered that lots of them are giving out  false readings that in some cases can be 582 percent higher than actual energy consumption.

A study involved several tests conducted on nine different brands of “smart” meters, also referred to in the industry as “static energy meters”.

Researchers also used one electromechanical meter for reference… Experiments went on for six months, with individual tests lasting at least one week, and sometimes several weeks. Test results varied wildly, with some meters reporting errors way above their disclosed range, going from -32to +582 percent.

Researchers blamed all the issues on the design of some smart meters, and, ironically, electrical devices with energy-saving features. The latter devices, researchers say, introduced a large amount of noise in electrical current waveforms, which disrupt the smart meter sensors tasked with recording power consumption…

The researchers estimate that “potentially inaccurate meters” have been installed in the meter cabinets of at least 750,000 Dutch households and worldwide the figure is in the millions.

Some governments, especially in the EU, have pushed for smart meters to replace classic electromechanical (rotating disk) meters. We guess this is because they are helping their chums in the energy industry pad out their bottom lines.

 

Gates rubbished over robot tax idea

Software King of the World and sworn enemy of the mosquito, Sir William Gates III, has attracted much mock over his idea to tax robots.

Gates pointed out that if robots were going to do the work of a person they should be taxed. That way at least they could help pay the unemployment benefits of those who don’t have jobs because of the robots.

Former Treasury Secretary Summers wrote a Washington Post opinion piece  in which he dubbed Gates “profoundly misguided”.

“Why pick on robots?” Summers said that progress, however messy and disruptive sometimes, ultimately benefits society overall.

Mike Shedlock, a financial adviser with Sitka Pacific Capital Management in Edmonds, Washington, wrote on his bog that robot owners, who likely would pay the tax, would simply pass it along by jacking up prices.

The European Union’s parliament in February rejected a measure to impose a tax on robots, using much the same reasoning as Gates’ critics.

However, it was not all criticism. One Bloomberg columnist thought Gates was right to say that we should start thinking ahead of time about how to use policy to mitigate the disruptions of automation.” So if we’re not going to tax robots, then how should society handle the next great wave of automated labour?

Sir Tim Berners-Lee warns about a dying web

 

Sir Tim Berners-Lee, who invented the World Wide Web, said he is alarmed at what has happened to it in the past year.

He said that the world needs to step in to reverse three new trends which could kill off the Internet as a useful tool for humanity

Sir Tim cited compromised personal data, fake news and the lack of regulation in political advertising, which he says threatens democracy.

“Even in countries where we believe governments have citizens’ best interests at heart, watching everyone, all the time is simply going too far. It creates a chilling effect on free speech and stops the web from being used as a space to explore important topics, like sensitive health issues, sexuality or religion.”

When Berners-Lee submitted his original proposal for the Web, he imagined it as an open platform that would allow everyone, everywhere to share information, access opportunities and collaborate across geographic and cultural boundaries.

He said that his faith has been badly shaken by a series of high-profile hacks and the dissemination of fake news by data science and armies of bots. The scourge of fake news and cyberweapons pose a significantly greater threat.