Duncan McArdle

About Duncan McArdle

Duncan is a Head of Android and Web Development at Isosec. Duncan is a self-confessed film and TV addict who loves to get out on the mountain bike when he can. An amateur author in his spare time, Duncan also enjoys heading over to Europe, America and Australia whenever possible.

The WannaCry ransomware and how it (doesn’t) affect us

There’s been a great deal in the news over the past few days about the already infamous “WannaCry” (AKA “WannaCrypt”, “WanaCrypt0r”, “Wanna Decryptor” etc.) malware that’s spread like wildfire across the world, most notably infecting numerous NHS trusts. You may not already know that Isosec was built from a security background, we have cybersecurity expertise spanning 50 years. With this in mind we thought we’d let you know just what on earth is going on, how it might affect you, and how it, thankfully, doesn’t affect Isosec (despite the similarities in the name of other companies involved!).

What is it?

First and foremost we go onto the question that’s on most people’s minds; just what exactly is this thing? Well, “WannaCrypt” is a type of malware (malicious software) known as “ransomware”, which is software that will encrypt all of your most important files and folders, and then quite literally hold them ransom, asking you to make a payment in order to decrypt them for use (which more often than not is the worst possible thing you can do).

Now that the technical jargon is out of the way, a practical example. You receive an email with an attachment, you open this attachment and it runs a program on your computer, this program locks away all of your files with a password you don’t know, and then demands a sum of money in return for that password. Sound bad? It is! Ransomware has been around for many years in various forms, but what’s getting worse is not so much the programs themselves, but the way in which they spread.

In the case of “WannaCry”, the evidence thus far suggests that it’s capable of spreading across the entirety of a local network with ease, infecting every other computer on the network that isn’t up to date enough to protect against the vulnerability. Now if the “not up to date” part of that spiked your interest, that’s for good reason…

Staying safe

Whilst the usual security principles come into play here – always run an active anti-virus and keep a malware scanner to hand, don’t open unknown attachments, stay away from unfamiliar websites etc. – there is one that rises above all others in terms of importance; keep your computer up to date. The vulnerability in Microsoft’s Windows product that allowed the “WannaCry” attack to take place was fixed back in March of this year, meaning that the average computer was already safe by the time the attack began. But if you don’t regularly update – and don’t have automatic updates switched on – then you were, and possibly still are, at risk.

How this (doesn’t) affect Isosec

Due to the nature of Ransomware, attacks such as these are unlikely to affect us as a company. Our internal security policies keep us out of harms reach, and the fact we ship software rather than hardware means we’re not in the crosshairs of these sorts of attacks. But that doesn’t mean we can wash our hands of any responsibility, instead, it’s important to look at how we can help you to prevent these problems from happening.

Let’s use MIA Maternity as an example. MIA Maternity is completely offline-capable, and while that’s important for midwives who use our software in areas of limited or no connectivity, it’s even more important when a large scale cyber attack such as this one occurs.

This is because even though the Trust owned servers that hold the all important patient data might be compromised, the mobile devices remain functional, with a recent copy of all the patient data required to work. Midwives can continue to work without issue, and patient care isn’t compromised. Better yet, there’s no need to revert to older paper-based backups, midwives can continue to enter data into MIA Maternity, and it will be sent back to the server once the issue has been resolved by the Trust.

 

Here at Isosec we take security very seriously. It’s baked into how we make software, and is something on the minds of everyone here constantly.

Google Cloud Next London 2017

Introducing Google Cloud Next London 2017

Last week I was lucky enough to be able to attend Google Cloud’s annual “Next” event hosted in London’s fantastic ExCel exhibition centre. Peeling myself away from all of the exciting work going on around our newly announced Virtual Smartcard solution was difficult, but for a developer and technology enthusiast such as myself the event made for an exciting opportunity, and I couldn’t wait to see what Google’s Cloud Platform (GCP) had in store for a forward-thinking tech company like Isosec.

Banner for Google Cloud Next London

First and foremost however, a little background. GCP is well known amongst both Google and cloud enthusiasts alike, and has been around for a little over half a decade, with some of its individual components long predating that. It comprises some well-known cloud-based technologies such as BigQuery and App-Engine, some consumer grade facilities like Google Docs and Drive, and far more that even I – a self-confessed Google addict and cloud enthusiast – had never heard of.

Why were they doing this?

But Google have – in my opinion – been having a bit of a problem with their cloud efforts, and it comes in the form of the other well-known cloud platform currently on the market. See despite how well Microsoft’s Azure is currently regarded, and how much they’re incentivizing it financially, there simply isn’t anyone as well known in the industry as Amazon with their infamous AWS. You’ll hear about it all over the web, see it on the news, encounter it daily – even if you don’t realise it – on a tremendous amount of your favourite websites, and even run into it on popular TV shows like Mr Robot and Silicon Valley. It’s everywhere you look when it comes to the cloud, and that’s exactly what Google are trying to change.

GIF of Silicon Valley scene featuring Amazon AWS reference

AWS have frequently features in tech TV shows like HBO’s Silicon Valley

Cue Google Cloud’s Next event, where Google’s enormous marketing budget meets its tremendous technology advancements to provide something truly special. Over the course of two days – three if you took part in any of their paid bootcamps – this free event offered over 50 “breakout sessions” where the experts behind the tech demonstrated their offerings to small-ish groups ranging from tens to hundreds, or in the case of the keynotes, thousands. Of course, when you weren’t in one of the many dedicated rooms, a typically Google experience meant there were VR demonstrations, partners such as Intel, Accenture and plenty of others showcasing their various products, and the kind of free gourmet food and drink on offer that made you forget you weren’t spending the day in the company’s famed Googleplex.

Setting all the fanfare aside however, let’s get down to what’s important…

The technology

Whilst the GCP has been around for several years, its pace of innovation and change meant that almost everything felt brand new, or at least heavily polished. There was a big focus on their various levels of cloud technology, from the simplistically designed Cloud Functions to the more complex Compute and App Engines, and a huge push for their Spanner database technology and the overall architecture of their platform. This was truly an opportunity for Google to say “Here’s what we’ve done, and here’s why it’s better”, and they certainly didn’t disappoint.

Photo of main stage at Google Cloud Next London 2017

“Go big or go home” is definitely a motto at Google

Helping them get the message across were several high profile partners, some of whom featured in some of the various breakout sessions held throughout the event. Lush’s head of technology Ryan Kerry gave a fantastic talk about their migration to GCP and how they achieved it just in time for the Christmas rush, and VFX giants MPC did an incredible demonstration of their use of GCP to aid in the creation of some of Jungle Book’s awards winning animated sequences. Google did also reference Niantic, who had a famously poor launch from a technology perspective, but then I think you’d struggle to pin the blame for that on Google or the GCP.

GIF showing pre and post-animated scenes in the Jungle Book movie

MPC made use of GCP’s offerings when animating Disney’s Jungle Book

APIs are still king

What I found arguably most impressive however was not the flashy products or the big-name partners, but the APIs. Though already well known for its production and maintenance of APIs – when was the last time you used a website that didn’t have a Google Map embedded, or the option to translate its contents to a foreign language using Google Translate – Google are now looking to make the most of machine learning, artificial intelligence and the power of its infrastructure to conquer new areas. Particularly impressive were its demonstrations of its Data Loss Prevention API for understanding and automatically redacting sensitive information, Image Processing API for recognising the objects, facial expressions, locations and much more of both photos and videos, and their natural language API, which made the bane of most feedback forms – open ended questions – a cinch to analyse.

Photo of the Eiffel Tower in Las Vegas

If you thought this was a photo of Paris’ Eiffel Tower, then I’m afraid Google’s Image Processing API is smarter than you (it’s actually the one in Las Vegas)

Google being Google

Of course, it wouldn’t be a Google event if there weren’t some fun aspects, and whilst there were no slides or multi-coloured bicycles to help you get around, there were still a few elements of Google shining brightly through. The “Quick, Draw!” stand drew crowds of people – who evidently didn’t realise they could play online any time – and the Kubernetes “Whack-a-node” game gave a really fun take on high availability and service rebuild times, something I think most companies would struggle to do. Collaborative white boarding application Jamboard also got plenty of attention, and so too did Google’s Daydream VR headset, which had an unsurprising queue of people for the entirety of the event.

Output of Google's photo recognition API

The facial recognition API isn’t quite there yet, but it’s getting close!

Photo of attendees playing Google's "Quick, Draw!" game

Google’s “Quick, Draw!” stand garnered a lot of interest

All in all it was a fantastic event. Google put on one hell of a show, and struck a near-perfect balance between technical demonstrations and higher level overviews. They even managed to do the entire thing without it seeming like too much of an advertisement – which of course, it was – and that alone is a fairly impressive achievement. For a Google fan such as myself, it was a privilege to be able to attend, and the new technologies and concepts I was exposed to will be featuring in Isosec products very soon.

Announcing MIA for Android

tablet devices smartcard nhs

It is with great pleasure that I can share with you some information on the Android version of our Mobile Information Access (MIA) portal, some of our most sophisticated software yet. MIA for Android utilises NHS issued Near Field Communication (NFC) enabled Smartcards to access NHS resources in both a safe and secure environment, and is compatible with both Android Smartphone and Tablet machines, bringing our software to a huge market of potential users.

In fact, 2013 showed an incredible amount of growth for Google’s Android platform, accounting for almost 80% of the worldwide Smartphone market, making for an impressive statistic of four out of every five smartphones sold worldwide running the Android platform. In addition, a surge in growth on Android’s Tablet front has also seen it capture an astounding 62% of the Tablet market, blowing well past its rivals in a year that saw it more than double total shipments. With statistics like these, it’s becoming more and more important to evaluate Android as an alternative to existing systems – Both Mobile and non-Mobile based – And so that is exactly what we here at Isosec have done.

Our Android MIA client not only enables a variety of physical Android devices to utilise the MIA product, but is fully compatible with the Android operating system back to version 4.0 (ICS), ensuring that at the time of writing, our software is compatible with an astounding 80% of all existing Android devices, according to Google themselves. And the good news doesn’t stop there, thanks to Google’s tough policy on pushing manufacturers to its newer versions, a whopping 100% of all new Android devices sold now ship with Android software that is completely compatible with MIA for Android, something we know will give all users terrific peace of mind, especially in a BYOD environment.

In addition to all of this, it’s also important we look at one of Android’s best features, its price. With NFC enabled Android Tablet’s available from as little £120 for Google’s own impressively featured Nexus 7, and a similarly feature packed Nexus 4 Smartphone available for less than £200, it’s easy to see Android devices as a fantastic alternative to some of the less portable, significantly more expensive devices in use today. In addition, thanks to the NFC technology available on so many Android devices, there’s no need for expensive accessories to allow for Smartcard integration, you simply press the card to the device, authenticate using your NHS credentials, and are then free to remove the card, no fuss, no potential for leaving a card in a device slot, no hefty card-readers to carry with you.

We’ll be demonstrating this fantastic software at HC2014 (The National Health IT Conference & Exhibition) on the 19th and 20th March in Manchester, and would like to invite any and all parties interested to drop by to the Isosec stand (Number 57) and check out this exciting new opportunity.

For now though, please browse the following screenshots, demonstrating just a few of the fantastic aspects of MIA for Android, shown on a 2013 Nexus 7 tablet running Android 4.4.

Screenshot_2014-03-10-15-21-40 Screenshot_2014-03-10-15-21-51 Screenshot_2014-03-10-15-22-17 Screenshot_2014-03-10-15-22-25 Screenshot_2014-03-10-15-22-37 Screenshot_2014-03-10-15-26-41 Screenshot_2014-03-10-15-26-48 Screenshot_2014-03-10-15-26-56 Screenshot_2014-03-10-15-28-09 Screenshot_2014-03-10-15-28-46

References