SMY IT Services

Renowned auction house and brokers of art, collectibles, jewellery, and real estate Sotheby’s is selling a super-rare pair of Apple-branded trainers for a guide price of $50,000 (circa £39K).

A One-Time Giveaway In The 90s 

Sotheby’s says the Omega Sports Apple Computer Sneakers (Size 10.5 / 9.5 UK), boxed and with an alternative pair of red laces, were custom-made for Apple employees and were “a one-time giveaway at a National Sales Conference in the mid-’90s”. The trainers are white with the Apple logo on the side and an air-cushioned sole.

Explaining why they are so rare (hence the huge price tag), Sotheby’s says on its website: “Having never reached the general public, this particular pair of sneakers is one of the most obscure in existence and highly coveted on the resale market”. 

Thousands Purchased Clothing From Apple In The 80s 

What many people may not know is that more than 22,000 Apple customers purchased clothing and accessories from the brand in 1985 which were part of a short-lived 'Apple Collection’. For products outside of Apple’s zone of expertise, the company partnered with leading brands (e.g. Honda and Braun) to apply the Apple branding to a variety of white label products.

Previous Pair  

A previous pair of Apple branded trainers, believed to have been prototypes and found in 2016 at garage sale in Palo Alto, California were put up for auction with a starting bid of $30,000.

The Rare Trainers Market 

There is a booming collectables market for rare trainers with cultural significance and scarcity being the factors that boost prices. Examples of trainers fetching particularly high prices include:

– In 2021, a Nike Air Yeezy 1 prototype, worn by (rapper) Kanye West on stage at the 2008 Grammy awards were sold for a staggering $1.8 million!

– Michael Jordan’s 1998 NBA Finals Air Jordan 13 trainers sold at auction for $2.2 million. Also, a 1985 pre-production sample pair of Nike’s first shoe for former NBA basketball star Michael Jordan fetched $560,000 at auction in 2020.

Why? 

The market for rare trainers as investments and collectables is thought to have come about because, as generations from the 80s and 90s have become successful, trainers have become the cultural assets that they remember and value.

What Does This Mean For Your Business? 

Apple was one of the earliest pioneers of a tech industry and from very humble beginnings has grown to become a $2.82 trillion company and one of the most recognisable brands, and traditionally has its own fan-like user base. As such, any of its early products have become rare and valuable commodities with a cultural significance. This value extends to its non-tech related branded products such as these trainers and the fact that that it’s unlikely that any other pairs have survived gives them a rarity boost in price, even though they were originally a free giveaway.

Scarcity and cultural significance are huge value-boosters in the rare trainer market which is part of an expanding range of investments for predominantly younger investors who value collectable products like trainers and sports cards which may only be a few decades old. In the digital world for example, newer investments have widened to include non-fungible tokens (NFTs) and, no doubt, other markets will develop in the near future for other products as wealthier people from advancing generations seek out collections and investments that have cultural significance and memories for them from relatively recent times.

Google has announced the introduction of real-time, privacy-preserving URL protection to Google Safe Browsing for those using Chrome on desktop or iOS (and Android later this month).

Why? 

Google says with attacks constantly evolving, and with the difference between successfully detecting a threat or not now perhaps being just a “matter of minutes,” this new measure has been introduced “to keep up with the increasing pace of hackers.” 

Not Even Google Will Know Which Websites You’re Visiting 

Google says because this new capability uses encryption and other privacy-enhancing techniques, the level of privacy and security is such that no one, including Google, will know what website you’re visiting.

What Was Happening Before? 

Prior to the addition of the new real-time protection, Google’s Standard protection mode of Safe Browsing relied upon a list stored on the user’s device to check if a site or file was known to be potentially dangerous. The list was updated every 30 to 60 minutes. However, as Google now admits, the average malicious site only actually exists for less than 10 minutes – hence the need for a real-time, server-side list solution.

Another challenge that has necessitated the introduction of a server-side real-time solution is the fact that Safe Browsing’s list of harmful websites continues to grow rapidly and not all devices have the resources necessary to maintain this growing list, nor to receive and apply the required updates to the list.

Extra Phishing Protection 

Google says it expects this new real-time protection capability to be able to block 25 per cent more phishing attempts.

Partnership With Fastly 

Google says that the new enhanced level of privacy between Chrome and Safe Browsing has been achieved through a partnership with edge computing and security company Fastly.

Like Enhanced Mode 

In its announcement of the new capability, Google also highlighted the similarity between the new feature and Google’s existing 'Enhanced Protection Mode’ (in Safe Browsing) which also uses a real-time list to compare the URLs customers visit against. However, the opt-in Enhanced Protection also uses “AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions.” 

What Does This Mean For Your Business? 

As noted by Google, the evolving, increasing number of cyber threats, the fact that malicious sites are only around for a few minutes, and that many devices don’t have the resources on board to handle a growing security list (and updates) have necessitated a better security solution. Having the list of suspect sites server-side and offering real-time improved protection kills a few birds with one stone, allows Google a more efficient (and hopefully effective) way to increase its level of security and privacy. It’s also a way for Google to plug a security gap for those who have not taken the opportunity to opt-in to its Enhance Protection Mode since its introduction last year.

For business users and other users of Chrome, the chance to get a massive (estimated) 25 per cent increase in phishing protection without having to do much or pay extra must be attractive. For example, with phishing accounting for 60 per cent of social engineering attacks and, according to a recent Zscaler report, phishing attacks growing by a massive 47 per cent last year, businesses are likely to welcome any fast, easy, extra phishing protection they can get.

Microsoft has revealed it tracks over 600 million identity attacks per day, as cybercriminals refine their tactics and work together more closely.

In its 'Digital Defense Report 2024', Microsoft highlighted that identity-based attacks have surged due to the widespread shift to cloud services. The report noted that Microsoft Entra blocked 7,000 password attacks per second over the last year.

Despite the adoption of multi-factor authentication (MFA) by 41 per cent of its enterprise customers, attackers are using advanced techniques such as adversary-in-the-middle (AiTM) attacks to bypass MFA security measures. A significant 99 per cent of identity attacks still rely on stolen or phished passwords, underscoring the vulnerability of password-based systems.

The report also showed a stark increase in attempted ransomware attacks, with a 2.75-fold rise driven by groups like Akira, Lockbit, and Play. However, despite the spike in attempts, successful ransomware encryptions have dropped threefold, suggesting some defensive measures are proving effective. Also, the evolving threat landscape has seen a rise in hybrid warfare tactics, including cyber-attacks on operational technology (OT) and government entities in the context of global conflicts.

Businesses looking to mitigate the risk of identity-based attacks should consider a transition to passwordless authentication methods. This, coupled with enhanced AI-driven security tools, could help close the gaps exploited by increasingly sophisticated cyber threats.

Huge demands on Microsoft’s data centre servers, partly driven by a surge in Microsoft Teams user numbers has led to the tech giant opting for liquid-immersion cooling.

The Challenge

Microsoft has recognised that it has now come up against the slowdown of Moore’s Law as transistor widths have shrunk to atomic scales and are reaching a physical limit, whilst the demand for faster computer processors for high performance applications such as AI has accelerated. This has meant that more electric power is now being put through the small processors used in Microsoft’s data centres, thereby increasing the heat they produce.  According to Microsoft, this means that air cooling is no longer enough to prevent the chips from malfunctioning. The demands of a huge increase in the numbers of Teams users during lockdown and the need to maintain sustainable and energy efficient data centres have also contributed to Microsoft’s decision to try liquid cooling.

Two-Phase Immersion Cooling

Since heat transfer in liquids is more efficient than air, Microsoft’s new system of two-phase immersion cooling involves immersing servers in tanks filled with an engineered fluid (from 3M) which has dielectric properties (i.e. it is an effective insulator), thereby allowing the servers to operate normally while fully immersed in the fluid. The liquid boils at 122 degrees Fahrenheit (90 degrees lower than the boiling point of water) and this boiling effect, generated by the work the servers are doing, takes the heat away from the computer processors whilst the low-temperature boil enables the servers to operate continuously at full power without risk of failure due to overheating.

The second phase of this two-phase process refers to the vapour rising from the tanks making contact with a cooled condenser in the tank lid, thereby changing it back to liquid that rains back onto the immersed servers, creating a closed-loop cooling system.

The Result

Microsoft says that the result of it becoming the “first cloud provider that is running two-phase immersion cooling in a production environment” at its datacentre in Quincy should be the ability of the company to:

– Continue the Moore’s Law trend at the datacentre level.

– Reduce power consumption.  For example, Microsoft’s trial of using liquid two-phase immersion for cooling AI showed reduced power consumption for any given server by 5 to 15 per cent.

– Increased flexibility for the efficient management of cloud resources.

– Improved efficiency and sustainability.

– The fact that the system uses a specially developed cooling fluid, and not water, gives Microsoft the ability to meet its commitment to replenish more water than it consumes by the end of the decade.

What Does This Mean For Your Business?

If your business uses Microsoft’s cloud-based services, and particularly those which involve AI and/or Teams, this switch to a new cooling technology at datacentre level should mean smooth running services with less risk of potentially costly outages and disruption going forward. For Microsoft, this may give it an advantage over cloud company competitors in terms of capacity, reliability, and sustainability credentials.

A report by Security Company 'Elevate’ has revealed that 3 per cent of users are responsible for 92 per cent of malware events for businesses, indicating that a small number of users create the most risk.

2016 to 2021   

'The Size and Shape of Workforce Risk’ report, conducted on data provided to the Cyentia Institute by Elevate Security, included events starting in January 2016 through December 2021, and took into account 15.1m unique events associated with 168k users spread across more than 3.8k organisational departments.

Key Findings 

Some startling key findings of the report were that:

– 4 per cent of users are responsible for 80 per cent of phishing incidents, some clicking as often as twice a month.

– 3 per cent of users are responsible for 92 per cent of malware events.

– 1 per cent of users will average an incident every other week.

– 12 per cent of users are responsible for 71 per cent of secure browsing incidents.

– 1 per cent will trigger 200 events per week.

What Is A Risky User, and Why Are They Risky?  

As identified by the stats in the report, the risky users are those small percentages who cause security incidents, sometimes repeatedly. For example, where phishing emails are concerned, just over half of users never receive phishing emails but some users may simply receive a lot more phishing emails than others (100s per year vs. a few). This doesn’t necessarily make them risky because for the phishing emails that aren’t blocked in the first place, most users (75 per cent) click on phishing emails less than 10 per cent of the time. The Cyentia report, however, says that there is a small group (3.9 per cent of users) who have clicked 3 or more phishing emails and who account for 80 per cent of all phishing clicks. Within this group is the 1 per cent who click more than 52 a year – once a week. As the report suggests, these are the risky users.

Also, according to the report, where malware is concerned, although 94 per cent of users never encounter malware, some experience it weekly. Out of these users, 10 per cent average more than 11 events per year, with 1 per cent as high as 27 events per year. These are the high-risk user for malware.

Similarly, where browsing is concerned, only a small percentage of users account for most of the secure browsing events – i.e. 12 per cent cause 71 per cent of the events.

What To Do   

Elevate’s report recommends several ways that businesses and organisations can minimise the security risk caused by risky users. These are:

– Start measuring to identify which users pose an outsized risk

– Check the efficacy of controls – i.e. check how many phishing emails are getting through the filters, how uniformly AV software is installed, and make sure the controls are not just in place but are working properly for everyone.

– Identify risky users. Identify who’s generating the majority of security events and understand the reasons – e.g. a user may be an outsized target for attackers or someone who has slipped through the security controls or both. Also, consider checking the browsing history of a “click-happy user”.

– Start monitoring and helping the risky users. This could be done by setting up 'guardrails’ and focused controls.

What Does This Mean For Your Business?  

This report emphasises how important it is to have blocking measures and controls in place, with employee cyber security training in the first place to stop the vast majority of phishing emails and malware (for example) from getting through. It also shows that a disproportionally small number of users may be responsible for most of the risk, but these will not be identified unless the business measures and monitors to find out who they are. The suggestion here is that, rather than subjecting all users to the same level/type of treatment, companies can put more effort into identifying the riskiest users and concentrate more help on them. This could be a smarter and more efficient way for companies to boost security.

After a new report published which says that most business leaders plan to increase investment in sustainability initiatives to protect against disruption, we look at what this means.

Report 

A recent Gartner report highlighted how 86 per cent of business leaders plan to increase their organisation’s investment in sustainability initiatives to protect against disruption and 87 per cent are already engaged in sustainability initiatives and expect to expand them in 2023 and 2024.

What Kind Of Disruption? 

The kinds of disruption to businesses, supply chains, and the wider economy that businesses need to protect themselves against include:

– Economic uncertainty. In the UK, for example, the effects of recession, inflation, rising interest rates, sluggish productivity, problems in the labour market and an IT skills gap plus a relatively weak post-pandemic recovery are all creating less certainty and a tough economic environment. For example, Office for Budget Responsibility (figures) show that the UK may not return to its pre-pandemic growth level until the end of 2024, while ONS figures show that by September, the economic output in the UK was still 0.4 per cent lower than pre-pandemic.

– Geopolitical conflict. For example, the war in Ukraine and its multiple effects, notably including high energy costs, higher commodity prices, and disrupted supply chains are causing cost pressures on a number of industries, high food prices, a squeeze on consumer (end-user) spending. This has led to uncertainty over future supply chains (especially if businesses deal in Europe), difficulty for central banks to forecast and plan, and overall uncertainty.

– Escalating materials and energy costs. Again, mainly due to the war in Ukraine, this is having a major effect on business costs and consumer spending. The soaring cost of energy could also increase data centre costs by 40 per cent which may soon mean price rises for business customers who are now very reliant on the cloud.

How? 

As highlighted in the Gartner report, the ways that business leaders plan to tackle disruption centre around re-examining all forms of business expenditure and seeking new, longer term, sustainability initiatives and new revenue streams that leave them less at risk of the uncertainty that’s part of current models, i.e. less reliance on fossil fuels such as oil and gas (and less reliance upon big oil companies).

Sustainability 

As identified by a report in October (Gartner), most investors see sustainability as the key strategic technology trend for 2023 and most CEOs see environmental and social changes as a top three priority for investors, behind profit and revenue.

In addition to getting away from expensive, volatile, and environmentally damaging fossil fuel reliance and the disruption it is currently linked to, other main drivers for business investing in sustainability initiatives include:

– Customer demand. The Gartner report shows that most business leaders (80 per cent) identified consumer pressure behind sustainability as the key reason for investing in sustainability initiatives.

– Environmental, social, and governance (ESF) expectations.

– More environmentally focused government regulations.

– Growing availability of sustainable technology.

– Opportunities to find new revenue streams, accelerate innovation, and develop new forms of customer engagement.

What Kind Of Sustainability Investment and Initiatives? 

Some examples of how businesses could use/are using sustainability investment and initiatives include:

– Investments in sustainability as regards energy consumption, and reallocating energy sources to areas with renewable energy sources.

– Software sustainability. Developing and using software that causes less environmental impact and producing new software standards that prolong devices’ lifecycles, thereby helping to reduce the amount of e-waste.

– Sustainability investments related to business travel, customer transactions, and productivity.

– Investing in more efficient hardware.

Return 

The recent Gartner report says that 83 per cent of business leader respondents said that their sustainability investments have created both short term and long-term value, and supply chain savings, and that costs for their initiatives have been outweighed by immediate efficiency improvements. There is also the key benefit of the promise of a more stable future for their companies/organisations. That said, it’s still relatively early days for many businesses that have invested in sustainability and, as such, the returns on investments are still unclear.

What Does This Mean For Your Business? 

The Gartner report appears to reveal a growing consensus among business leaders that consumer demand is a major driver for businesses investing much more in sustainability. The current economic uncertainty, geopolitical conflict, escalating materials and energy costs, increase environmentally focused government regulations, and the growing availability of sustainable technology, all alongside the climate crisis are also now major reasons why businesses are looking seriously at how sustainability investment could help. Turning to sustainability-focused solutions could help businesses not just to reduce business expenditure, but to possibly create new revenue streams and tackle the threat of disruption more effectively over time.

Leading Streamer Netflix has added more fuel to the fire in the actors and writers’ union strike by advertising for an AI product manager with a salary up to $900,000.

Could Have Paid For Actors 

With US actors and writers who are members of the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA) having been on strike for weeks, partly to protect their jobs from AI, the mega-salary job ad has been met with some criticism. For example, SAG-AFTRA has argued that 87 per cent of its membership only earn less than $26,000 a year, and some union members have added that the eye-watering $300,000 to $900,000 dollars for one AI job could have paid and supported 35 actors and their families instead.

The Reasons For The Strike 

Some of the main reasons for the dual strike of actors and writers include:

– Worries that background performers could be scanned and paid one day’s pay, while their scanned image is then owned by film companies who can use the person’s image or likeness (reproduced with AI) for unlimited projects in the future without the performer’s consent and without compensation.

– The need for wage increases.

– Streaming service like Prime, Netflix, and Disney not paying enough in “residuals” (the royalties earned from repeat broadcasts of films or TV shows).

– Concerns that AI will be used to write first drafts of scripts and screenwriters will only be hired at a lower rate to bring them up to scratch.

The Job 

The $300,000 to $900,000 salary Machine Learning Platform Manager Netflix job is in their Los Gatos office or can be remotely based on the West Coast. The advert specifies that the right candidate will be someone with “a technical background in engineering and/or machine learning”. Netflix says that “Machine Learning/Artificial Intelligence is powering innovation” with the “Machine Learning Platform (MLP)” providing “the foundation for all of this innovation” with the new Product Management role being used to “increase the leverage of our Machine Learning Platform”. 

What Does This Mean For Your Business? 

With actors (and writers) out on strike to essentially stop AI from replacing them and to get more residuals from streaming services. Netflix posting a high salary AI job offer, therefore, is felt by many actors to be a double kick in the teeth.

The use of AI in film and TV is already here but, at a time when the union needs to negotiate its terms between actors and the studios, the studios are focusing on how they plan to expand their use of AI. Understandably, the fears of actors about AI have been brought to a head. For example, with writer, actor and comedian Rob Delaney describing the AI job advert as “ghoulish” and actor Brian Cox being widely quoted as saying “the worst aspect is the whole idea of AI and what AI can do to us”, it’s clear that there’s still some way to go before any kind of agreement can be reached between the studios and the unions and the major disruption to the industry can be stopped.

A High Court judge has ruled that Australian computer scientist Dr Craig Wright is not the inventor of the Bitcoin cryptocurrency, despite him claiming to be so since 2016.

Real Bitcoin Inventor A Secret

The challenge with trying to conclusively identify Bitcoin’s inventor is that, from the outset, Bitcoin’s creator has only been known by the pseudonym Satoshi Nakamoto and they have chosen to keep their real identity hidden. Also, the creation and early development of Bitcoin were done under this pseudonym, with all communications conducted online via emails and forums. With the additional complications of Bitcoin being a decentralised currency (i.e. not controlled by any single entity or individual) and the fact that no definitive evidence from numerous investigations has been found linking the pseudonym to a real individual or group of individuals, it’s possible to see why many people have claimed (or suspected) to be Bitcoin’s inventor.

Dr Wright

Dr Wright, who has claimed to be Satoshi for almost 8 years (challenged many people in court who have disputed his claims) has had his evidence questioned by cryptocurrency experts for some time now.

The Court Case

The recently concluded case against Dr Wright was brought by a consortium / alliance of Bitcoin companies called the Crypto Open Patent Alliance (COPA) as a way to stop what has been described as Dr Wright’s campaign of intimidatory lawsuits against anyone challenging his claim to be Bitcoin’s creator. The case was held at the Intellectual Property Court (a division of London’s High Court). There, the judge declared that the evidence against Dr Wright being Bitcoin’s creator is “overwhelming.” The four key declarations made by the judge (prior to writing the full, lengthy ruling) were that:

1. Dr Wright is not the author of the Bitcoin White Paper.

2. Dr Wright is not the person who adopted or operated under the pseudonym Satoshi Nakamoto in the period 2008 to 2011.

3. Dr Wright is not the person who created the Bitcoin system.

4. Dr Wright is not the author of the initial versions of the Bitcoin software.

Forgery For Fraud?

COPA’s KC, Jonathan Hough, accused Dr Wright of backing his claim with forgery 'on an industrial scale’ and of trying to use the courts (through his many legal challenges) 'as a vehicle for fraud’.

So, If Dr Wright Didn’t, Invent It, Who Did?

Over the years, there’s been a great deal of speculation as to the true identity of Bitcoin’s creator(s). Figures who have been suspected (although none have been proven) include:

– Dorian Nakamoto. In March 2014, a Newsweek article identified Dorian Prentice Satoshi Nakamoto, a Japanese-American physicist and systems engineer, as the Bitcoin creator. This speculation was based on similarities in name and background. Dorian Nakamoto has since denied any involvement with Bitcoin.

– Hal Finney. Hal Finney was a cryptographic pioneer and the second person (after Satoshi) to use the Bitcoin software, file bug reports, and make improvements. He also lived only a short distance (a few streets away) from Dorian Nakamoto. Finney denied being Satoshi but suspicions about him remain due to his early and deep involvement with Bitcoin and his background in cryptography.

– Nick Szabo. A computer scientist, legal scholar, and cryptographer known for his research in digital contracts and digital currency. He developed a precursor to Bitcoin called “bit gold” in 1998, which shared many similarities with Bitcoin. Szabo has consistently denied being Satoshi.

– Wei Dai. Another figure linked to Bitcoin’s creation is Wei Dai, the creator of “b-money,” an early proposal for an autonomous digital currency mentioned in the Bitcoin whitepaper. Dai’s involvement in the cypherpunk movement and his innovative ideas about digital currency led some to speculate about his possible involvement with Bitcoin. However, Dai has denied being Satoshi.

What Does This Mean For Your Business?

As highlighted in COPA’s comments after the ruling against DR Wright, developers in the Bitcoin community may have felt for many years as though they were being bullied and intimidated by Dr Wright and his financial backers’ many challenges to those who questioned his assertion that he was Satoshi Nakamoto. The ruling, therefore, is likely to have brought them some satisfaction and some peace, plus the hope that the legal challenges will now cease. Also, some see the ruling against Dr Wright as a win not just for the truth, but for the whole open-source community which is known for its focus on collaboration transparency, freedom, and inclusivity.

It’s also been noted that the judge’s willingness to comment on the outcome prior to the full written judgement being released is unusual and may be taken as a sign of how solid and sure the judgement was in this case.

Possible reasons why Bitcoin’s real creator has chosen to remain anonymous could include avoiding legal and personal repercussions, maintaining the decentralised ethos of the currency, and protecting their privacy and security. It may have been all part of what appears to be some very successful original planning on their part.

The culmination of the case coincided with Bitcoin reaching its highest value of $69,000 recently which the real inventor of the currency is, no doubt, privately enjoying.

Apple is set to release a new wave of AI-powered features in its upcoming iOS 18.2 update, with a focus on enhancing Siri and other key apps through advanced intelligence tools.

The new “Apple Intelligence” features will be available on supported devices later this year, with iOS 18.2 marking the introduction of several key enhancements. While some features will roll out in iOS 18.1, the more highly anticipated tools, such as advanced image generation and personalised Siri requests, are expected in later updates.

Among the standout features arriving in iOS 18.2 or later is “Genmoji”, which allows users to create custom emojis through a simple text description. There’s also ChatGPT integration, which will enable more intuitive and natural responses from Siri, as well as the use of AI writing tools. Another exciting feature is the “Image Playground”, which offers users the ability to generate original images in various styles. This set of tools could fundamentally reshape the way users interact with their devices.

Siri is also receiving significant upgrades. For example, users will soon be able to reference personal context in requests, like asking about a specific meeting or book recommendation. A new “Siri on-screen awareness” feature will allow Siri to act on the information currently displayed on the screen, making it even more intuitive. Also, hundreds of new in-app and cross-app actions will enhance Siri’s versatility, giving users more control over their apps.

The iOS 18.2 update will also introduce better organisation features in the Mail app, with automatic sorting of emails based on their content into different categories. On the visual intelligence front, iPhone 16 users will benefit from “Camera Control”, a tool capable of identifying real-world objects and providing key details.

Looking ahead, Apple has committed to expanding its Apple Intelligence features to more languages. While iOS 18.1 will only support US English, iOS 18.2 will extend this to other English-speaking regions like the UK, Australia, and South Africa. Further language support is expected to arrive in 2025.

With iOS 18.2, Apple is laying the groundwork for a more intelligent, user-centric iPhone experience. As the company plans regular updates, users can expect these AI-driven features to evolve quickly, especially for those participating in the beta programme.

OpenAI has unveiled a research preview of Codex, a cloud-based AI coding agent designed to act as a virtual teammate for software developers.

OpenAI’s Latest Bet on the Future of Coding

OpenAI says Codex is its most advanced AI-powered software engineering agent to date. Codex has been designed to integrate directly into ChatGPT in order to assist with software development tasks ranging from writing features to fixing bugs. Available to Pro, Team, and Enterprise subscribers, and with support for Plus and Edu users expected in the near future.

AI Powered Tools Market

It’s worth noting here that Codex isn’t just another chatbot extension, but actually operates as a virtual, cloud-based coding assistant that can handle multiple tasks in parallel, provide verifiable output logs, and work with live codebases, all within a secure sandboxed environment. As such, it represents a clear move by OpenAI to secure a larger stake in the fast-expanding market for AI-powered developer tools.

So, What Is Codex, And What It’s For?

Codex is powered by codex-1, a specially trained variant of OpenAI’s o3 model, optimised for software engineering through reinforcement learning on real-world development tasks. OpenAI says this model is designed to produce cleaner, more human-readable code than its predecessors, and it can iteratively run and verify its own output using tests, linters, and other standard developer tools.

Once a user connects Codex to their GitHub repository, the agent loads the relevant files into a cloud sandbox and starts work. Users can assign coding tasks by typing a natural language prompt and clicking “Code”, or ask Codex questions about their codebase with the “Ask” function. Each job runs in an isolated environment, mimicking the structure and configuration of the user’s real-world dev setup.

Codex can:

– Write new features or functions

– Refactor and rename code

– Fix bugs and debug issues

– Answer questions about unfamiliar code

– Draft documentation and pull requests

– Run and verify tests.

Fast

Task completion using Codex typically takes between 1 and 30 minutes depending on complexity, and users can monitor progress and review results in real time. Once a job is done, Codex provides traceable logs of its actions and suggested changes, helping ensure transparency and accountability.

Safety

According to OpenAI Product Lead Alexander Embiricos, “a lot of the safety work from our o3 model carries over to Codex,” including the ability to reliably refuse malicious requests, such as writing malware, and restrict access to external APIs or the wider internet. This means Codex cannot be used to covertly access or manipulate live systems, though it also limits its utility for tasks requiring broader connectivity.

Who’s It For?

Right now, Codex is being rolled out to ChatGPT Pro, Enterprise, and Team subscribers worldwide. OpenAI says “generous access” will be granted initially, but usage will soon be capped by rate limits, with additional credits available for purchase. Plus and Edu users are next in line.

Tested Last Month

This preview follows months of behind-the-scenes work with early access testers. For example, companies such as Cisco, Temporal, Superhuman, and autonomous driving firm Kodiak have been helping OpenAI refine Codex in real-world settings. The use cases vary, but recurring themes include:

– Speeding up test coverage

– Automating background development tasks

– Enabling non-engineers to contribute lightweight code

– Improving developer focus and reducing context switching.

How Are The Testers Using It?

To give an idea of its real-world applications in some of these big-name tester companies, at Superhuman, Codex now helps product managers draft minor code changes without interrupting engineering teams. Also, at Kodiak (a company developing autonomous driving technology), it’s used to enhance test coverage and refactor key components in their autonomous driving stack. Also, at Temporal, which builds workflow tools for distributed applications, it supports debugging and iterative feature development.

A Follow-Up to Codex CLI

This latest launch builds on the release of Codex CLI last month, a lightweight, open-source command-line tool that lets developers interact with AI agents directly from their terminals. Codex CLI now defaults to codex-mini-latest, a variant of the o4-mini model optimised for low-latency editing and Q&A.

To streamline access, OpenAI has simplified authentication, i.e. users can now sign in via their ChatGPT accounts and instantly access API credits ($5 for Plus users, $50 for Pro) for a limited time. Pricing for codex-mini-latest is $1.50 per million input tokens and $6 per million output tokens, with a 75 per cent discount via prompt caching.

Broader Ambition

These updates appear to point to a broader vision, whereby OpenAI wants Codex to be more than just a helpful assistant, i.e. it wants Codex to function more like a trusted teammate. As Josh Tobin, OpenAI’s Agents Research Lead says – the goal is for Codex to eventually complete tasks autonomously that “take human engineers hours or even days”.

Riding the AI Coding Boom

This preview version is clearly a high-profile launch that OpenAI hopes will position it against growing rivals in the AI coding space, including Google, Microsoft, Anthropic, and a host of rapidly scaling startups. Also, more than that, it provides a glimpse into what the company sees as the future of human-AI collaboration in software engineering.

It should also be noted that the timing of Codex’s release is no accident. AI coding tools, sometimes dubbed “vibe coders”, have exploded in popularity in recent months. For example, both Google and Microsoft claim AI now contributes to around 30 per cent of their internal code output. Startups like Cursor have reached $300 million in annualised revenue and are being valued as high as $9 billion.

Meanwhile, OpenAI itself has reportedly just finalised a $3 billion deal to acquire Windsurf, the developer behind another major AI coding tool. Taken together, these moves appear to show the company is serious about expanding beyond its flagship chatbot and into the broader ecosystem of developer tools, including video generation (via Sora), research agents, and web automation.

Codex could, therefore, be a big part of that strategy. As AI capabilities advance, OpenAI seems to be envisioning a future where developers assign well-scoped tasks to multiple AI agents in parallel, review their work asynchronously, and move faster across every stage of the development lifecycle.

Challenges, Criticisms, and What Comes Next

Despite the buzz, Codex (like other AI coding agents) isn’t without its flaws. For example, a recent Microsoft study showed that even top-tier models such as Claude 3.7 Sonnet and o3-mini struggled to reliably debug software in complex environments. Codex’s own documentation notes that users must still manually review agent-generated code before integration or deployment.

Some developers have also expressed concern over workflow disruption. For example, delegating tasks to a remote agent adds latency compared to interactive editing, and current limitations, like the lack of image inputs for frontend work or the inability to mid-course correct an agent, may frustrate more advanced users.

There’s also the question of safety. While Codex runs in a secure, air-gapped environment and is trained to refuse malicious instructions, OpenAI acknowledges that balancing security with legitimate use cases (e.g. kernel-level programming) remains a work in progress.

Looking ahead, OpenAI says future versions of Codex will include more interactive features, deeper integration with developer tools (including CI systems and issue trackers), and even proactive collaboration capabilities, allowing agents to check in during a task and adapt based on new feedback. Also, if this research preview gains traction, it may change how businesses, from startups to enterprises, approach software development altogether.

What Does This Mean For Your Business?

Rather than offering a single-use tool or a generic assistant, OpenAI is positioning Codex as a foundational part of the software engineer’s toolkit, i.e. a collaborator that can work independently on defined tasks while staying closely aligned with human expectations and workflows. That positioning reflects OpenAI’s wider ambition to normalise multi-agent workflows and move towards asynchronous, AI-assisted development at scale.

For developers, especially those in high-pressure or fast-moving teams, Codex could help relieve the burden of repetitive or time-consuming tasks (refactoring code, writing tests, or updating documentation) freeing up more time for problem solving and creative development. At the same time, its ability to surface context, suggest improvements, and operate in secure containers could make it a valuable tool for navigating legacy codebases or tackling long-standing bugs. It may not be perfect, and as the documentation itself makes clear, human review is still essential, but the potential for improved focus and faster delivery could be really significant.

Businesses in particular may find this especially useful. For example, with ongoing skills shortages in the tech sector and continued demand for digital transformation, tools like Codex could help firms deliver projects faster without always needing to expand headcount. Small to medium-sized development teams, or organisations experimenting with agile methods, could see real benefits from delegating well-scoped tasks to Codex agents, either to accelerate delivery or free up senior engineers for more strategic work.

That said, the impact won’t be uniform. The very structure of Codex, i.e. running in isolated environments, without full real-time interactivity, means it will likely feel more useful for certain kinds of backend or infrastructure work than for frontend or UI-heavy tasks. Also, while Codex shows promising alignment with coding conventions and project practices, it’s still early days. Safety limitations, execution speed, and the need for well-prepared environments may restrict broader uptake until future iterations smooth out those rough edges.

For OpenAI, however, Codex is far more than a productivity tool. It’s a strategic move that places the company in direct competition with Microsoft’s GitHub Copilot, Google’s Gemini Code Assist, and Anthropic’s Claude Code. But unlike some of those offerings, Codex is being pitched not just as an assistant but as a long-term platform for agentic coding, one that could underpin an entire ecosystem of developer interactions, APIs, integrations, and workflows.

If early results hold up, Codex may well represent the next step in how code gets written, i.e. not just faster, but differently. By giving developers the tools to delegate, collaborate, and iterate with AI in the loop, OpenAI is betting on a future where productivity and creativity are amplified by intelligent software agents. And that’s a future which many UK businesses, whether they’re building the next app or maintaining critical infrastructure, may soon be part of.

People across the UK have lost jobs as a result of the pandemic. However, new features from Microsoft's LinkedIn could help the country's jobseekers. 

The challenge for jobseekers 

Many LinkedIn users may find themselves in the unemployment battlefield, trying to stand out from the rest. They may be capable of fulfilling job roles but may not have all the necessary qualifications and experience.  

As a result, LinkedIn is launching four new tools which it says will bring users' professional stories to life. 

Jobseekers' cover story 

The cover story is a feature that allows users to upload a video of themselves. According to LinkedIn, it will help members showcase their personality, communication skills and goals to employers. In addition, a cover story allows freelancers to talk about their services and attract new clients.  

Service page 

The second new tool allows users to create a dedicated 'service page' from their profile. LinkedIn says that this could give users more “reach” to its global community of nearly 740 million members.   

How creator mode will help jobseekers 

The new creator mode allows users to engage a community and build a following in a similar way to other social networks. For example, users can use hashtags to make their 'featured' and 'activity' sections more prominent. In addition to this, users can change their 'connect' button to 'follow'. 

LinkedIn users can also see when other members are broadcasting live, as their background will show when streaming begins. This feature will help increase the visibility of broadcasters' content.  

Career coach

Finally, LinkedIn's Career Coach app helps students understand their goals, interests, and transferable skills. The app helps align a user's profile with current job market trends, therefore increasing the chance of being noticed.  

The Career Coach also connects them to mentors and promotes skills, which increases their chance of successful job applications.  

Apprenticeship Connector 

Microsoft also introduced its Apprenticeship Connector, which is aimed at simplifying the apprenticeship process. It lists vacancies across Microsoft's network of partners and customers, as part of a partnership with GetMyFirstJob. 

It is hoped the partnership will help young jobseekers, bridge the tech skills gap in the UK, and assist small businesses. 

What does this mean for jobseekers? 

These features may increase the relevance of the LinkedIn platform to employers and younger jobseekers and help the platform move more into content. 

They may also help to tie Microsoft more closely within other partnerships and opportunities related to tackling the tech skills gap. Importantly for members, they will help showcase their skills, work, and identity.  

You can read more tech news on our news page. 

In this insight we look at how hypermiling techniques and tools can help reduce fuel costs and help the environment.

What Is Hypermiling? 

Hypermiling is driving (or flying) a vehicle with techniques that maximise fuel efficiency. Hypermiling enables car drivers, for example, to drive more economically, saving costly fuel and helping the environment. Hypermiling can help drivers to exceed a vehicle manufacturer’s stated efficiency simply by modifying driving habits and techniques.

Preparation 

Effective hypermiling for petrol and diesel cars really begins before a driver has even started the engine. This happens by thinking about, making decisions, and taking measures to ensure that fuel efficiency has the best chance of being maximised. Examples of preparation to maximise hypermiling include:

- Deciding whether each journey is necessary at all and whether the same result (and other benefits) could be received by walking, cycling, or using public transport.

- Keeping a car well maintained and regularly serviced. This can at least ensure that the engine runs as effectively and, therefore, as efficiently as possible. Regularly checking tyre pressure can also help to maximise fuel efficiency.

- Making sure that the car is never carrying unnecessary weight e.g., heavy items left in the boot or on the back seat that would require the engine to work harder and burn more fuel.

- Planning routes to minimise distances, minimise contact with heavy traffic, and minimise hills/gradients can help.

Hypermiling Techniques  

Once a driver has started their journey, some of the techniques and tactics that can be used to maximise fuel efficiency include:

- Driving smoothly by trying to anticipate accelerations and breaking and using the right engine speed. Studies have shown that this kind of driving behaviour can reduce fuel consumption by as much as 25 per cent.

- Driving slowly, being gentle on the accelerator pedal, and avoiding driving with bare feet or just socks. Hypermiling experts suggest that drivers have more control when wearing shoes.

- Consider using gentle pulse and glide acceleration.

- Minimise distractions in the car while driving as concentration on the road ahead can help a driver to anticipate the events ahead, thereby helping with smooth braking.

- Avoid having the sunroof and windows wide open as this can increase drag and fuel consumption.

- Where a car has cruise control, this can help on the open road to reduce fuel consumption by enabling the driver to keep a consistent speed.

- Avoid leaving the engine running for more than a minute if stopped.

Tech Help 

There are also digital tools to help drivers to maximise fuel efficiency. Examples include miles per gallon (MPG) usage counters, fleet tracking software, and fuel economy and fuel calculator apps. Also, last October, Google announced the introduction of 'Eco-friendly Routing’ to Google Maps. Google used AI and insights from the U.S. Department of Energy’s National Renewable Energy Laboratory (NREL) to design a new routing model for Maps that not only gets users to their destination as quickly as possible, but also optimises for lower fuel consumption.

Drawbacks

There are, of course, some drawbacks to focusing too much on hypermiling. Most motorists will know that when one motorist drives very slowly this can cause tailbacks, frustration, and cause other drivers to make rash and sudden moves that can lead to accidents. Concentrating too much on what’s happening in the car can happen at the expense of noticing what’s happening out the window where most of the danger and threats are. Driving to the conditions rather than a pre-arranged, rigid plan may also be a safer option.

What Does This Mean For Your Organisation? 

With fuel prices reaching an all-time high in the UK and a climate emergency to think about, it makes sense to employ simple ways to maximise fuel economy and to use techniques and tech tools that can help. There is an argument that switching to EV would be better from an environmental view, but this is likely to be a slow transition as many find the cost of switching now prohibitive and there are concerns that the charging network is not yet developed enough. For transport and logistics businesses, some of these techniques may help although tight schedules and road congestion can prove to be a challenge to the best intentions. For individual car drivers, whether for business or pleasure, trying out hypermiling techniques and ideas may yield some surprisingly positive results in fuel cost savings at a time when it’s especially important to mitigate the effects of price rises, with the bonus of green benefits.

Following the roll-out of a range of new features for Google’s Maps, Search and shopping, we take a look at what they are and what benefits they could bring to users.

Two New Features For Shopping 

It’s the ideal time of year to introduce new features to Google Shopping, hence the roll-out of two new features now. They are:

1. AR Shopping. This feature allows users to see how beauty products would look on their face, i.e. whether a shade of foundation would suit them. To do this, Google’s AR shopping presents users with a photo library featuring 148 models representing a diverse spectrum of skin tones, skin types, ages, genders, face shapes and ethnicities.  Users can search for a foundation shade on Google across a range of prices and brands, and see what that foundation looks like on a model with a similar skin tone, including before and after shots. This can help make the decision of which one to purchase easier, more convenient, more personal, and may give the user more chance of selecting the right product. Once a foundation brand/type is selected, the user can then select a retailer to buy directly through Google. This feature is helpful for both retailers and customers, and, like several of the other new features, may encourage more of boost in Google Ads plus more engagement with Google’s services from businesses.

2. Try out products in 3D and AR. This feature allows customers to examine a product all the way around, e.g. spin and zoom, as well as see a product up close. For example, users can look at shoes in their space so they can really decide if elements like the colour, laces, tread, or sole fit their style. As of now, Google says users can look at brands like Saucony, VANS and Merrell in 3D and AR, and that other brands are on the way. To use the feature, it’s a case of typing (for example) “Shop blue VANS sneakers” and tapping “View in my space.”

Three New Features for Maps 

Originally announced in September but rolled out in time for the festive season, Google has introduced three new features for Google Maps which are:

1. Live View. Using a combination of AI, billions of Street View images and augmented reality, Google says this feature allows users to navigate a city more intuitively. For example, Google says tapping the camera icon in the search bar lets users see nearby stores, coffee shops, banks and ATMs, and AR-powered directions and arrows show which direction a user is travelling and how far away they are. Users can also tap on different place categories to explore what restaurants, bars, dessert shops, parks and transit stations are nearby. One really helpful aspect of the feature is that AR overlays key information about each spot, e.g. opening times and prices. For users who are not very familiar with the area of a city they’re in (e.g. for a shopping trip), this could be a real timesaving and value-adding feature. Google says that this feature is first being rolled out for use in London, Los Angeles, New York, Paris, San Francisco, and Tokyo (on Android and iOS).

2. Find the best charging station for your electric vehicle. Although Google Maps already gives some real-time charging point information, with the new feature, users can search for “EV charging stations” and select the “fast charge” filter. Users can also see stations with chargers 50kW or higher (to charge up faster) plus, in some cities, the feature will allow users to filter for stations that offer a particular EV plug type. One of the key challenges for EV owners is finding suitable charging points nearby which can be more of a headache if you’re not familiar with the area, so this new feature offers convenience, greater peace of mind, and saves time for users.

3. See wheelchair accessible, stair-free places. Using information from business owners and contributions from the Google Maps community, this feature can be useful not just for wheelchair users, but anyone with a pushchair, or luggage. Tapping the “Accessible Places” setting in the Google Maps app shows a wheelchair icon on the business profile if it has a wheelchair accessible entrance, plus the same icon with a strikethrough if it’s a non-accessible place. Users can also use the feature to check if a place has accessible seating, disabled toilets and suitable parking. Business owners can contribute to this; i.e. they can show that their business is accessible by finding their profile, tapping “About,” and then “Edit features.”  Although Google Maps has given accessibility information since 2020, this feature expands the scope of what users can find out in advance and could therefore be extremely helpful, save time, and save potentially poor experiences. With this feature, Google is leveraging different technologies to advance the idea of virtual shopping (similar to the Metaverse idea), handling the whole shopping process, and linking directly to retailers in Google, e.g. advertisers, thereby appealing to brands, retailers and customers as well.

Search 

Google’s core service has always been its search, and this has been expanded  again with two new features that link it with local food businesses, thereby competing with aspects of food ordering apps, and its Maps feature. The new Search features are:

1. Search for your favourite dish. Originally announced in September, this feature allows users to save time and increase the personalisation and precision of their search. Users can search for an exact dish, and where they can find it nearby by typing the dish name into search, e.g. “mac and cheese near me.”

2. Multisearch near me. The introduction of this feature means that Google Lens in the Google app can be used to snap a picture or take a screenshot of a dish or an item, and the words 'near me’ can be added to quickly find a place that sells it nearby.  Cindy Huynh, Product Manager for 'Lens’ says “This new way of searching will help me find local businesses in my community, so I can more easily support neighbourhood shops during the holidays.” 

What Does This Mean For Your Business? 

With these exciting new features, Google is funding more ways to leverage, combine, and integrate its existing services (Search, Maps, and Shopping) to create more value by focusing on improving how they can be used to link them more closely to smaller businesses for use on the go.

These features are likely to be of particular interest to users at this time of year (Christmas shopping) which could in itself encourage more trial and more of a buzz about them. This combination of new features also integrates with Google My Business, Google Ads, and aspects of Search which, in turn, could make local city businesses engage more with Google’s service and could boost ad sales too. These are also a way for Google to compete with the many popular other Map apps that people now use, such as Waze, HERE WeGo, Bing Maps, MapQuest, Maps.me, OpenStreetMap, OsmAnd, and more.

The recent amendment to the Online Safety Bill which means a compulsory report must be written for Ofcom by a “skilled person” before encrypted app companies are forced to scan messages has led to even more criticism of this rather controversial bill to bypass security in apps and give the government (and therefore any number of people) more access to sensitive and personal information.

What Amendment? 

In the House of Lords debate, which was the final session of the Report Stage and the last chance for the Online Safety Bill to be amended before the Bill becomes law, Government minister Lord Parkinson amended the bill by calling for the need for a report to be written for Ofcom by a “skilled person” (appointed by Ofcom) before powers can be used to force a provider / tech company (e.g. WhatsApp or Signal), to scan its messages. The stated purpose of scanning messages using the powers of the Online Safety Bill is (ostensibly) to uncover child abuse images.

The amendment states that “OFCOM may give a notice under section 111(1) to a provider only after obtaining a report from a skilled person appointed by OFCOM under section 94(3).” 

Prior to the amendment, the report had been optional.

Why Is A Compulsory Report Stage So Important? 

The amendment says that the report is needed before companies can be forced to scan messages “to assist OFCOM in deciding whether to give a notice…. and to advise about the requirements that might be imposed by such a notice if it were to be given”. In other words, the report will be to assess the impact of scanning on freedom of expression or privacy, and to explore whether other less intrusive, less alternative technologies could be used instead.

It is understood, therefore, that the report’s findings will be used to help decide whether to force a tech firm to scan messages. Under the detail of the amendment, a summary of the report’s findings must be shared with the tech firm concerned.

Reaction 

Tech companies may be broadly in agreement of the aims of the bill. However, the detail of the bill that companies such as encrypted messages operators (e.g. WhatsApp and Signal and others) have always opposed being forced into scanning user messages before they are encrypted (client-side scanning). Operators say that this completely undermines the privacy and security of encrypted messaging, and they object to the idea of having to run government-mandated scanning services on their devices. Also, they argue that this could leave their apps more vulnerable to attack.

The latest amendment, therefore, has not changed this situation for the tech companies and has led to more criticism and more objections. Many objections have also been aired by campaign and rights groups such as Index on Censorship and The Open Rights Group, who have always opposed what they call the “spy clause” in the bill for example:

– The Ofcom appointed “skilled person” could simply be a consultant or political appointee, and having these people oversee decisions about free speech and privacy rights would not amount to effective oversight.

– Judicial oversight should be a bare minimum and a report written by just a “skilled person” wouldn’t be binding and would lack legal authority.

Other groups, however, such as the NSPCC, have broadly backed the bill in terms of finding ways to make tech firms mitigate the risks of child sexual abuse when designing their apps or adding features, e.g. end-to-end encryption.

Another Amendment 

Another House of Lords amendment to the bill requires Ofcom to look at the possible impact of the use of technology on journalism and the protection of journalistic sources. Under the amendment, Ofcom would be able to force tech companies to use what’s been termed as “accredited technology” to scan messages for child sexual abuse material.

This has also been met with similar criticisms over the idea of government-mandated scanning technology’s effects on privacy, freedom of speech, and potentially being used as a kind of monitoring and surveillance. WhatsApp, Signal, and Apple have all opposed the scanning idea, with WhatsApp and Signal reportedly indicating that they would not comply.

Breach Of International Law? 

The clause 9(2) of the Online Safety Bill which requires platforms to prevent users from “encountering” certain “illegal content” has also been soundly criticised recently. This clause means that platforms which host user-generated content will need to immediately remove any such content, which has a broad range, or face considerable fines, blocked services, or even jail for executives. Quite apart from the technical and practical challenges of being able to achieve this effectively at scale, criticisms of the clause include that it threatens free speech in the UK, and it lacks the detail for legislation.

Advice provided The Open Rights Group suggests that the clause may even be a breach of international law in that there could be “interference with freedom of expression that is unforeseeable” and goes against the current legal order on platforms.

It’s also been reported that Wikipedia could withdraw from the UK over the rules in the bill.

Investigatory Powers Act Objections (The Snooper’s Charter) 

Suggested new updates to the Investigatory Powers Act (IPA) 2016 (sometimes called the 'Snooper’s Charter’) have also come under attack from tech firms, not least Apple. For example, the government wants messaging services, e.g. WhatsApp, to clear security features with the Home Office before releasing them to customers. The update to the IPA would mean that the UK’s Home Office could demand, with immediate effect, that security features are disabled, without telling the users/the public. Currently, a review process with independent oversight (with the option of appeal by the tech company) is needed before any such action could happen.

The Response 

The response from tech companies has been and swift and negative, with Apple threatening to remove FaceTime and iMessage from the UK if the planned update to the Act goes ahead.

Concerns about granting the government the power to secretly remove security features from messaging app services include:

– It could allow government surveillance of users’ devices by default.

– It could reduce security for users, seriously affect their privacy and freedom of speech, and could be exploited by adversaries, whether they are criminal or political.

– Building backdoors into encrypted apps essentially means there is no longer end-to-end encryption.

Apple 

Apple’s specific response to the proposed updates/amendments (which will be subject to an eight-week consultation anyway) is that:

– It refuses to make changes to security features specifically for one country that would weaken a product for all users globally.

– Some of the changes would require issuing a software update, which users would have to be told about, thereby stopping changes from being made secretly.

– The proposed amendments threaten security and information privacy and would affect people outside the UK.

What Does This Mean For Your Business? 

There’s broad agreement about the aims of UK’s Online Safety Bill and IPA in terms of wanting to tackle child abuse, keep people safe, and even making tech companies take more responsibility and measures to improve safety. However, these are global tech companies where UK users represent only a small part of their total user base, and ideas like building in back doors into secure apps, running government approved scanning of user content and using reports written by consultants/political appointees to support scanning all go against ideas of privacy, one of key features of apps like WhatsApp.

Allowing governments access into apps and granting them powers to turn off security 'as and when’ raise issues and suspicions about free speech, government monitoring and surveillance, legal difficulties, and more. In short, even though the UK government want to press ahead with the new laws and amendments there is still a long way to go before there is any real agreement with the tech companies. In fact, it looks likely that they won’t comply and some, like WhatsApp have simply said they’ll pull out of the UK market, which could be very troublesome for UK businesses, charities, groups and individuals.

The tech companies also have a point in that it seems unreasonable to expect them to alter their services just for one country in a way that could negatively affect their users in other countries. As some critics have pointed out, if the UK wants to be a leading player on the global tech stage, alienating the big tech companies may not be the best way to go about it. It seems that a lot more talking and time will be needed to get anywhere near real-world workable laws and, at the moment, with the UK government being seen by many as straying into areas that are alarming rights groups, some tech companies are suggesting the government ditch their new laws and start again.

Expect continued strong resistance from tech companies going forward if the UK government doesn’t slow down or re-think many aspects of these new laws – watch this space.

In this third and final part of our series of 'DMARC Diligence’ insights, we explore the detailed process of DMARC deployment, its monitoring, optimisation, and preparing businesses for future email security challenges.

Last Week … 

Last week in part 2 of this series of 'DMARC Diligence’ articles, we looked at the crucial yet often neglected aspect of securing non-sending or “forgotten” domains against cyber threats. Here we highlighted the potential risks posed by these domains when not protected by DMARC policies, and offered some guidance on how businesses can extend their DMARC implementation to cover all owned domains, thereby preventing unauthorised use for spam or phishing attacks.

This Week … Implementing DMARC: A Step-by-Step Approach 

As noted in the previous article in this series, implementing DMARC is now critical for UK businesses to protect against threats like email spoofing and phishing.

To briefly summarise a step-by-step approach to implementing this, businesses can start by ensuring Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are correctly set up for the domain(s), as DMARC relies on these for email authentication. Next, it’s a case of creating a DMARC record with a policy of “none” to monitor traffic without affecting it. This record is added to your DNS.

Over time, it’s important to analyse your DMARC reports in order to identify any unauthorised use. Finally, gradually shift your policy to “quarantine” or “reject” to block or flag unauthenticated emails, enhancing your email security posture. Looking at this approach in a bit more detail, implementing DMARC means:

– Understanding SPF and DKIM. Before implementing DMARC, ensure you have SPF and DKIM records correctly set up for your domain. These records help in email verification and are crucial for DMARC to function effectively.

– Creating a DMARC record. Draft a DMARC TXT record for your DNS. Start with a policy of 'none’ (p=none) to monitor your email traffic without affecting it. This stage is critical for understanding your email ecosystem and preparing for stricter enforcement without impacting legitimate email delivery.

– Analysing the reports. Use the data collected from DMARC reports (Aggregate reports – RUA, and Forensic reports – RUF) to identify legitimate sources of email and potential gaps in email authentication practices.

– Gradually adjusting policy: Gradually adjust your DMARC policy from 'none’ to 'quarantine’ (p=quarantine) as you become more confident in your email authentication setup. This move will start to prevent unauthenticated emails from reaching inboxes but may still allow them to be reviewed.

– Full enforcement. Once you’re assured that legitimate emails are correctly authenticated and not negatively impacted, shift your policy to 'reject’ (p=reject). This is the final step where unauthenticated emails are actively blocked, providing full protection against phishing, and spoofing under DMARC.

– Continuous monitoring and updating. Email authentication landscapes and practices evolve, so it’s crucial to continuously monitor DMARC reports and update your SPF, DKIM, and DMARC settings as necessary to adapt to new email flows, domain changes, or security threats.

Monitoring and Reporting – The Key to Effective DMARC 

For businesses, effective DMARC implementation relies heavily on consistent monitoring and reporting.

Why? 

By analysing DMARC reports, businesses can gain insights into both legitimate and fraudulent email sources using their domain. This process not only helps in identifying authentication failures but also in refining DMARC policies over time (as suggested in the step-by-step approach above) for better security.
Remember, regular reviews of these reports is essential for adapting to new threats and ensuring email communication integrity.

Optimising DMARC Policies 

Optimising a DMARC policy involves fine-tuning it to create a balance between security against spoofing and phishing, and ensuring legitimate emails are delivered smoothly.

But How? 

The starting point (as mentioned above) is the analysis of your DMARC reports to identify authentication failures and adjust your SPF and DKIM setups accordingly.

A Phased Approach 

Taking a phased approach, i.e. gradually increasing the DMARC policy from 'none’ to 'quarantine’ and then to 'reject’ as confidence in your email authentication improves, is the way to minimise potential disruptions to legitimate email flow while maximising protection against unauthorised use of your domain.

Future-Proofing Your Email Security Strategy 

Going forward, looking at ways to future-proof your business email security strategy, these could include:

– Keeping up to date with emerging threats and trends in email security (continuous education).

– Implementing advanced security technologies like AI-driven threat detection can offer proactive protection.

– Regularly reviewing and updating your email authentication protocols (SPF, DKIM, DMARC) to adapt to changes in your email infrastructure.

– Fostering a security-aware culture within your business e.g., using training to recognising phishing attempts and safe email practices.

– Engage in industry forums and cybersecurity communities to help stay ahead of evolving email threats and to gain and share information about best practices.

What Does This Mean For Your Business? 

For UK businesses, implementing and optimising DMARC, as outlined in this final instalment, is a commitment to safeguarding email communications that benefits your business and your customers. Taking a step-by-step approach, as outlined above, from establishing SPF and DKIM records, through to DMARC policy enforcement, are now crucial for building an effective defence against email spoofing and phishing (these are now major threats). Taking the phased approach of regular monitoring and gradual policy adjustments ensures that businesses can not only react to current threats but also proactively adapt to emerging challenges. This strategic approach to email security is essential in maintaining the trust of your customers and partners, protecting your brand’s reputation, and complying with today’s data protection regulations. It’s also worth remembering that actively engaging in continuous education and leveraging advanced technologies are ways to stay ahead in the fast-evolving cybersecurity landscape.

With recent research showing that Smartphones harbour 10 times more bacteria than a toilet seat and that 74 per cent of us admit to bringing it to bed, scientists are warning that bringing a phone to bed can be hazardous to your health.

Harmful Bacteria On Your Phone 

A study from the University of Arizona found that mobile phones carry 10 times more bacteria than most toilet seats. This, coupled with stats showing 50 million Britons admit they keep their phone in their bedroom at night, with 74 per cent of them bringing it into bed (YouGov) shows how bacteria can be transferred easily from our phones to our beds.

Research has also revealed that to make matters worse, some of the harmful bacteria on mobiles can include those usually found in cockroach droppings! MattressNextDay’s 2024 report, “A Swab Report: The Most Unhygienic Sleep Tech”, highlights how this bacterium, known as Pseudomonas aeruginosa, can be harmful to your body by affecting your skin, blood, lungs plus your gastrointestinal (GI) tract. In a worst-case scenario, this can also lead to rashes, pneumonia, and even sepsis.

Why Are Our Phones Covered In Harmful Bacteria? 

Our phones are covered in harmful bacteria for several key reasons, including:

– Frequent handling. On average, people touch their phones 2,617 times a day (Dscout). This constant contact introduces bacteria from our hands to the phone’s surface, which then accumulates throughout the day.

– Exposure to contaminated environments. Phones travel with us everywhere, including highly contaminated places such as public transport, work desks, restaurants, and even bathrooms and toilets. Research from the University of Arizona revealed that mobile phones carry ten times more bacteria than a toilet seat, highlighting how easily they pick up germs from these environments

– Lack of cleaning. As highlighted by the MattressNextDay survey, despite the high risk of contamination, 51 per cent of people never clean their phones with antibacterial products, and 10 per cent only clean them once a year! Also, the same study showed that 70 per cent of smartwatch users never clean their devices, despite wearing them during activities like exercise, where sweat and bacteria are accumulated.

– Warm and moist conditions. The warm environment of pockets, bags, and especially beds, creates the perfect conditions for bacteria to thrive. Devices like smartphones, which are kept close to the body, provide the moisture and warmth needed for bacteria to multiply, including harmful ones like Pseudomonas aeruginosa, which is commonly found on phones.

Transferring Bacteria to Your Bed 

When we take our phones into bed, the bacteria they carry can easily be transferred to our bedding. If you keep your phone on your pillow or under it, bacteria will transfer to the fabric and eventually to your skin. This can result in clogged pores, acne, or more serious skin infections. MattressNextDay’s research revealed that smartphones are even dirtier than TV remotes, previously thought to be one of the dirtiest household items

Which Bacteria and How Harmful? 

Mobile phones are home to a wide range of bacteria, many of which can pose significant health risks if they are not properly cleaned. Common examples of bacteria found on phones, along with the potential harm they can cause include:

– Pseudomonas aeruginosa. As previously mentioned, this bacterium is one of the most frequently found on smartphones and is commonly linked to cockroach faeces. Pseudomonas aeruginosa thrives in warm, moist environments, such as a bed or pocket, and is particularly dangerous for individuals with compromised immune systems. It can cause a variety of infections, including skin rashes, eye infections, and more severe conditions like pneumonia, urinary tract infections, and sepsis.

– Staphylococcus aureus. Also known as “staph,” this bacterium is a common cause of skin infections and can lead to more severe conditions like abscesses, boils, or cellulitis. In some cases, Staphylococcus aureus can enter the bloodstream and cause life-threatening infections such as toxic shock syndrome or sepsis. The presence of staph on phones is concerning, especially when phones are frequently held against the face.

– Escherichia coli (E. coli). This bacterium is often associated with faecal contamination, and it can find its way onto phones from unhygienic practices like using phones in the bathroom. Some strains of E. coli are harmless, but others can cause severe gastrointestinal issues, including food poisoning, diarrhoea, and abdominal cramps. The bacteria can transfer from your phone to your hands and then to your mouth, increasing the risk of infection

– Streptococcus. This group of bacteria is responsible for a range of infections, from mild throat infections to more serious illnesses like scarlet fever and pneumonia. Some strains of streptococcus can cause skin infections, while others may lead to invasive diseases like meningitis or bloodstream infections. The frequent handling of phones and the proximity to the face make it easier for these bacteria to transfer from the phone to the body (and the bed).

Simple Steps to Reduce the Risk 

Thankfully, there are some simple measures that can be taken to reduce the risks associated with dirty phones. These include:

– Clean your phone regularly. Use antibacterial wipes or a UV sanitiser daily to reduce the number of bacteria on the surface. Research suggests that regular cleaning can significantly lower the bacterial load.

– Keep phones out of the bed. Avoid bringing your phone into bed. Instead, place it on a nightstand or another surface to prevent transferring bacteria to your bedding.

– Wash your bedding frequently. Wash your pillowcases and bed sheets once a week (fornightly at a minimum) to minimise bacteria build-up that may come from your phone or skin. If you’re ill, more frequently is advisable.

– Clean wearable tech. For those using smartwatches or fitness trackers, it’s essential to clean these devices regularly, as they come into direct contact with the skin and can harbour bacteria.

Are There Any Antibacterial Phones? 

Currently, there are no fully antibacterial phones, but there are antibacterial phone cases and coatings. For example, Tech21 produces phone cases with an embedded antimicrobial formula that it says reduces bacteria by up to 99.99 per cent within 24 hours, providing long-lasting protection by preventing bacterial growth on the case’s surface.

Also, for a more integrated approach, the CAT S42 H+ rugged phone uses Biomaster antimicrobial silver-ion technology directly on the handset, thereby inhibiting bacterial replication and maintaining effectiveness even after cleaning.

What About Antibacterial Bedding? 

If we must take bacteria-phones to bed, it’s worth noting that there are antibacterial bed sheets, quilts, and pillows available. Many of these products are made using materials treated with antimicrobial technologies like silver-ion technology, which prevents the growth of bacteria, mould, and allergens. For example, brands like Silvon and Miracle Brand offer bed sheets infused with silver, known for its natural antibacterial properties. Also, some bedding products use bamboo fabric, which naturally resists bacteria (and odour).

What Does This Mean for Your Business? 

For businesses, the takeaway from this warning about taking dirty phones to bed is a reminder that the hygiene of phones and other tech devices in the workplace is often overlooked, yet the risks are significant. Phones are used constantly in professional environments, e.g. shared desks, meetings, and even kitchens, creating opportunities for bacteria to spread. If staff regularly handle contaminated devices, the bacteria can be transferred from phone to hand, to surfaces, and potentially to colleagues. This could lead to increased illness, more sick days, and lower productivity.

The research shows that smartphones can harbour bacteria linked to serious health issues like Pseudomonas aeruginosa and Staphylococcus aureus, which are capable of causing infections that can spread quickly in an office environment. In industries like healthcare, hospitality, and food services, where hygiene is critical, the implications are even more serious. Employers need to be aware that simple negligence, such as not cleaning phones or smartwatches, can affect not just the health of individual employees, but the entire workforce.

Taking proactive steps, such as encouraging employees to regularly clean their devices, providing access to antibacterial wipes or UV sanitisers, and limiting the use of personal phones in sensitive areas like kitchens or communal workspaces, can help mitigate these risks. If your business relies on wearable tech or handheld devices, investing in antibacterial cases or antibacterial-treated handsets can offer an added layer of protection.

Taking device hygiene seriously in your business, therefore, can contribute to a healthier workplace, reduce the likelihood of bacterial transmission, and demonstrate a commitment to staff well-being. This is not just a matter of health but also of maintaining operational efficiency and reducing disruptions caused by illness in the workforce.

In our lives outside work, the research on dirty phones and wearable tech should prompt a serious reconsideration of our daily habits. It seems that although our phones are important communication tools they are also fertile breeding grounds for harmful bacteria that can transfer to our skin, face, and bedding, potentially leading to infections and health risks. Whether at home or in shared environments, our constant phone usage, coupled with infrequent cleaning, puts us at risk of transferring bacteria to others and ourselves.

Worried that a call from your bank might be a scam? Hang up and call 159, the UK-wide number that connects you safely and directly to your bank, without needing to look up phone numbers or risk calling a fraudster.

How to:

– Dial 159 from your mobile or landline.

– When prompted, say the name of your bank.

– You’ll be transferred to your bank’s official number (no searching required).

What it’s for:

If you ever get a call from someone claiming to be your bank and they ask for personal or financial info, end the call and dial 159. It’s the simplest way to check if it’s real and speak to the real fraud team if it isn’t.

Pro-Tip: Use 159 even if the call seems genuine. Scammers often spoof official numbers, but 159 always connects you to the real bank, safely.

Facebook has recently informed over 530 million users that, in 2019, they were exposed to a data breach. The criticism that followed has prompted some to ask: what is happening? 

What data breach? 

The details of 530 million Facebook users were reportedly exposed on a hacker’s forum. The data breach included phone numbers, Facebook IDs, names, and birthdates. However, it did not include financial information, health information or passwords.  

Hackers were able to gain access due to a bug in Facebook's contact importer code, according to the company. Most of the data reportedly came from US users, but 18 million records were from UK users. 

Who is to blame for it? 

Facebook appears to place the blame on the 'malicious actors’. It said the story is old news and not about a recent hack of its systems. 

After the data breach in 2019, Facebook said it made changes to the contact importer to prevent similar incidents. 

Criticism after the data breach 

With the Cambridge Analytica data still casting a shadow over Facebook, the re-surfacing of this data breach has not helped. In addition, Facebook's apparent attitude towards it has drawn a lot of criticism. 

Although Facebook sees this as old data, it may still be used by cybercriminals. If a phone number is connected to email addresses, it can be used to obtain SMS codes to sign in. 

It is unclear whether Facebook has notified all users whose data had been stolen. There is no simple way for these users to tell if they have been affected by the data breach. People do not often change their details, so they could still be at risk. 

The platform's dismissal of the data breach as 'old news' sparked an apparent culture of impunity. It also raised questions about its attitude to its users' data. 

Facebook has also faced questions on whether it should be doing more, under GDPR, to respond to European regulators. Also, there are calls for Social media companies to be more open and improve security measures. 

Other criticism includes allowing privacy and security issues to continue, because of Facebook's market dominance.  

Have you been victim? 

It is not always clear to see if you have been victim to a data breach. However, users can check if their details have been taken on HaveIBeenPwned. 

What does the data breach mean for your business? 

The size of this breach has place Facebook under the spotlight again. Many people, particularly European regulators, are calling for greater accountability. It is another blow to user trust and could fuel action in Washington.  

For users, it’s a case of not really knowing if their data has been stolen and sold on. They will feel powerless in their relationship with the social media giant as regards to their data privacy security.  Many feel that more pressure from organisations and tougher action from regulators may be the only way to force changes. 

You can find more tech insights on our news page. 

A new feature to Chrome’s built-in password manager means that users will soon be able to store notes with their passwords. The feature, currently limited to Chrome’s latest Canary release, means that:

- A “Notes” field will appear in Google Chrome’s password manager underneath the username and password fields.

- The option will appear when either editing an existing password or adding a new password.

- The new field is designed to give context to the account, and house security questions or other pieces of relevant information.

Speaking in the House of Commons, UK chancellor of the exchequer Jeremy Hunt said that Brexit “freedoms” could be leveraged to “turn Britain into the world’s next Silicon Valley.” 

How? 

Mr Hunt highlighted artificial intelligence (AI), quantum technology and robotics as key areas he believes the UK could excel in. In his speech, he drew upon 'lessons’ from a previous Conservative chancellor, Nigel Lawson, and highlighted four changes that he believes could support innovation and make the UK a major technology centre. These are:

– By the end 2022, the UK government plans to make changes to EU regulations in five growth industries: digital technology, life sciences, green industries, financial services, and advanced manufacturing. Mr Hunt suggested that these regulations changes will, helped by Sir Patrick Vallance, “support safe and fast introduction of new emerging technologies.” 

– Legislating to give the Digital Markets Unit new powers “to challenge monopolies and increase the competitive pressure to innovate.” Mr Hunt believes this could help create a more favourable competitive environment for UK tech companies.

– Increasing funding for the UK’s nine catapults (nine leading technology and innovation centres) by 35 per cent and committing to the Project Gigabit ultrafast broadband roll-out with a view to maintaining the target of 85 per cent coverage by 2025. Project Gigabit ultrafast broadband is the project to connect up 7,000 more remote properties on UK’s Jurassic coastline with fast broadband by 2025.

– Reform of R&D tax reliefs to improve the effectiveness of how public money is spent.

Challenges 

Despite Mr Hunt’s ambition and optimism, tech, communications, and business commentators have been quick to highlight challenges to this vision becoming a reality. These include:

– The effects of the recession (which may last years) and the cost-of-living crisis.

– A predicted fall in GDP, rising unemployment (predicted by the Office for Budget Responsibility / OBR).

– A tech skills gap and 60,000 vacancies in the IT sector.

– A need to give investment help more equally across the country and to close the digital divide.

– Worries that cutting R&D tax credits for small businesses could adversely affect the UK’s most innovative start-ups.

– Concerns that the UK is lagging behind other countries in terms of fast broadband provision and the rollout of 5G, thereby affecting competitiveness.

What Does This Mean For Your Business? 

Mr Hunt’s aim and vision to boost the UK’s technology industry and make it a tech centre has been welcomed by many but has echoes of previous pledges over many years to make this happen. The UK has suffered from a tech skills gap for many years and Brexit led to fears that skilled tech workers, many of whom came from overseas, would leave (which happened in many cases), leaving employers struggling to attract new skills compared to other countries. Mr Hunt’s speech highlighted his beliefs, however, that changes to regulations (which in reality, are unlikely to happen until the end of next year) and challenging monopolies could be a way to create a more favourable environment for tech innovation to flourish in the UK.

The idea of cutting R&D tax credits, however, appears to have the potential to be counter-productive to the aim of giving a boost to innovative small businesses. The recession, cost of living crisis, tech skills gap, and the UK lagging behind in terms of fast broadband provision and 5G rollout are very tough challenges that are hard to ignore and so it appears that there’s a lot of work to do to make the UK like 'Silicon Valley’ although the ambition and the vision are welcomed.