Chinese makers of network software and hardware must alert Beijing within two days of learning of a security vulnerability in their products under rules coming into force in China this year.
Details of holes cannot be publicized until the bugs are fixed. Malicious exploit code cannot be released. There are restrictions on disclosing details of flaws to foreign organizations. And vendors will be under pressure to address these vulnerabilities as soon as they can and set up bounty programs to reward researchers.
The regulations are intended to tighten up the nation’s cyber-security defenses, crack down on the handling and dissemination of bugs, and keep China’s elite up to speed on exploitable flaws present in Chinese-made communications systems, wherever in the world that technology may be deployed.
It appears these rules ensure Beijing will be among the first to know of security weaknesses in equipment and software potentially present in foreign infrastructure and networks as well as domestic deployments. The rules were issued on Tuesday, come into effect on September 1, and apply to people and organizations operating within China. The following articles stuck out to us:
Though the rules are a little ambiguous in places, judging from the spirit of them, they throw a spanner in the works for Chinese researchers who work with, or hope to work with, zero-day vulnerability brokers. These sorts of regulations matter a lot: infosec experts in the Middle Kingdom earlier pulled out of exploit contests like Pwn2Own due to changes to the law within China.
“Chinese teams stopped participating in Pwn2Own after 2017 when there were regulatory changes that no longer allowed for participation in global exploit contests,” Brian Gorenc, head of ZDI and Pwn2Own at Trend Micro, told The Register on Wednesday.
It will also complicate matters for those hoping to engage with foreign bug bounty programs, which may or may not follow China’s strict rules – particularly articles 7 and 9 – creating legal uncertainty for those participating.
“The law looks rather unclear,” Katie Moussouris, founder of Luta Security and a pioneer in designing bug bounties, told The Register. “There are Chinese bug bounty programs but whether or not Western based companies would comply is a question that needs answering. We’ll need to see a case emerge where the Chinese authorities attempt to exert the directive to see.”
Another part of the order that worries Moussouris is the central Chinese vulnerability database that will be created to house all of these reported bugs: it’s an obvious target for espionage. Then there’s the fact that two days is not long enough to triage a bug report.
“Two days isn’t enough for a thorough investigation for a flaw and certainly not enough time to make a fix that works,” she said.
“It’s also a dangerous place to be for an unpatched-vulnerabilities database, which would be an incredibly attractive target for adversaries – our people will be targeting it, I’m sure.”
Who could forget Uncle Sam’s Office of Personnel Management, which was ransacked in 2015 by Chinese cyber-spies who made off with sensitive records on more than 20 million US govt staff. Former NSA boss Michael Hayden said the United States, given the opportunity, would have done the same to a foreign power.
“If I as director of CIA or NSA would have had the opportunity to grab the equivalent from the Chinese system, I would not have thought twice, I would not have asked permission, I’d have launched the Star Fleet and we’d have brought those suckers home at the speed of light,” Hayden said.
There’s also the question of what the Chinese government will do with its haul of vulnerability reports. With some in the West hurrying to remove Chinese vendors’ kit from networks, this edict may intensify such efforts for fear a zero-day in such equipment will be exploited by Beijing. ®
Recruitment tech company Globalization Partners is doubling its staff headcount in Galway to 320 in 2022 to aid its continuing growth.
Recruitment technology company Globalization Partners has announced plans to create 160 new jobs at its Irish base in Galway. The jobs boost will see the company double its Galway staff headcount to 320 in 2022. Jobs will be available across the board at the company’s Galway office, which serves as its EMEA centre of excellence.
The announcement comes following a major funding injection for the international firm. Globalization Partners recently raised $200m in funding from Vista Credit Partners, an organisation focused on the enterprise software, data and technology markets. The investment now values Globalization Partners at $4.2bn.
While its Galway facility will benefit from a major jobs boost, the company plans to continue to expand its share in the global remote working market. As well as the Galway growth, the company will also be expanding its teams in other locations.
Globalization Partners provides tech to other remote-first teams all over the world. Its platform simplifies and automates entity access, payroll, time and expense management, benefits, data and reporting, performance management, employee status changes and locally compliant contract generation. Its customer base includes CoinDesk, TaylorMade and Chime. The company’s new customer acquisition increased two-and-a-half fold from 2020 to 2021.
“Globalization Partners is uniquely positioned to capitalise on the massive opportunity we see ahead of us,” said Nicole Sahin, the company’s CEO and founder.
Sahin said her company’s combination of tech with its global team of HR, legal and customer service experts “who understand the local customs, regulatory and legal requirements in each geography we serve” were key to its success.
David Flannery, president of Vista Credit Partners said that the company’s role “in transforming the remote work industry has been truly remarkable.”
Flannery said that as a customer of Globalization Partners, his organisation had “witnessed first-hand” the company’s “best-in-class legal compliance, the quality of the user experience, and the deep expertise and support they provide,”
He added that the two companies would work to “further capitalise” on the “untapped” global remote working market, expanding their platform to new customers in new markets.
“Over the past decade, we have invested hundreds of millions of dollars in our business, building our global presence and technology platform to support the evolving and complex talent needs of growing companies,” said Bob Cahill, president of Globalization Partners. “With Vista as our investment partner, we will be able to drive further growth and continue building innovative products to meet the increasing needs of our customers at scale.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
But bear in mind that with more than one device, or person, using your connection simultaneously, including updates and downloads when idle, slower broadband packages can quickly get choked.
Reposition your router
If your broadband connection is fast enough but your wifi is weak, there are things you can do. If possible, move the router closer to the centre of the house, or towards the rooms in which you need the strongest signal. Keep it in the open, not in a cabinet, and away from solid and metallic objects.
And try to position it away from dense walls, particularly those made out of concrete blockwork or with pipes and wires running through them.
Check your settings
Most modern routers will automatically select the best settings for your home, but you can manually check using the web interface of your router accessed through a browser on a computer. Consult the help pages for your ISP’s router for how to do so.
Wifi operating at 2.4GHz uses a range of frequency “channels”, only some of which do not overlap with each other. To reduce interference from your neighbours’ wifi, switch to channel 1, 6 or 11, which do not overlap, and therefore are less likely to cause or suffer interference.
If you have a connection under 200Mbps, enabling prioritisation or “quality of service” for your key devices, might help. This stops other things from sucking up all the available bandwidth – it will prevent a game download on an Xbox cutting off a video call on your laptop, for instance.
Set a strong wifi password using at least WPA2 security, not the lowest WEP option. This will make sure no wifi thieves can log on to your network and steal your bandwidth.
Check your devices
An internet slowdown may be down to your devices rather than your router. For older computers, upgrading the wifi adapter may help. USB wifi 5 adapters cost under £15, while the latest wifi 6 models cost about £50, but you will need a compatible router to take advantage of the extra speed.
For a non-portable device, such as a media streamer or a console, use an ethernet cable if it is close to the router, as this will be faster and more reliable than wifi.
If you have about 40 devices connected at once, consider disconnecting unnecessary ones to help provide more bandwidth for those you need most.
Weaker routers struggle with lots of devices connected at once.
Extend the wifi reach
If your wifi can’t reach parts of your house you can extend the signal of your current router with add-on gadgets.
Powerline networking devices use your home’s power cables to transmit data. They typically cost between £20 and £70. They plug into standard electrical sockets with one connected to the router via an ethernet cable, and others placed about the home providing ethernet ports and/or wifi for your devices. The speed you get through them is dependent on the condition of your electrical wiring.
Wifi extenders (£25-70) do a similar thing, but simply connect to your router via wifi, then rebroadcast it for other devices.
A network switch (under £20) can add more ethernet ports to your router if you need to connect more devices.
Upgrade to a better router
Replacing your existing router is often the most effective way to improve your wifi, but is also the most costly. Before committing to a third-party router, speak to your ISP as it may be able to provide you with a more modern one for free. Virgin and other ISPs are currently rolling out more powerful wifi 6-capable routers.
Otherwise, there are broadly two options: a beefy single router with much more powerful wifi broadcasting ability than the cheap one provided by your ISP, or a mesh system, which uses a series of satellites dotted about your home to blanket it in wifi.
Both typically use your existing router as a modem and then broadcast their own more robust wifi network.
Single unit wifi 6 routers start at about £60 but can reach the hundreds for powerful gaming-orientated devices. They connect to your old ISP box via ethernet cable, which means they are often easier to place in a more central area of your home. Running a long ethernet cable under floorboards, carpets, behind skirting boards or picture rails, or just under furniture can help keep things neat.
Good wifi 5 mesh systems start at under £100 for a triple pack of satellites, which should be enough for most homes with connections under 200Mbps. For those with faster broadband, good tri-band wifi 6 models cost about £300.
In-brief IBM has offloaded healthcare data and analytics assets from its Watson Health business, with private equity firm Francisco Partners hand over around $1bn for the privilege.
The takeover “is a clear next step as IBM becomes even more focused on our platform-based hybrid cloud and AI strategy,” Tom Rosamilia, senior vice president, IBM Software, told newswire Bloomberg. “IBM remains committed to Watson, our broader AI business, and to the clients and partners we support in healthcare IT.”
Launched in 2015, IBM Watson Health hasn’t been able to turn a profit despite the company spending $4bn in acquisitions to grow the business and its capabilities.
IBM has tried to whittle down its Watson Health division for a while, after struggling to sign hospitals as clients.
Algorithms are improving poker players’ skills but are they ruining the game?
Professional poker players are increasingly consulting specialized poker software programs to boost their chances of winning, but some believe it has made the game less fun and encourages cheating online.
PioSOLVER, available for purchase starting from $249, allows players to recreate game scenarios and calculates the optimal strategy that should be played given the cards available. Some professional poker players, described by the New York Times, use the software to replay their games to see if they played their cards correctly, others boot up PioSOLVER to learn and memorize new strategies.
Poker is seen as a mostly-solved problem in computer science. Libratus, an AI model, beat the top players in a no limit heads-up no-limit Texas competition in 2017. At the time, Tuomas Sandholm, one of Libratus’ creators, said it was unlikely people could run the complex software to cheat. But some claim that PioSOLVER is now helping mediocre poker players to rack up wins.
It’s unclear if PioSOLVER relies on similar machine learning techniques as Libratus, as little information is available about the algorithms it employs.
Doug Polk, a notable semi-retired poker player, said: “I feel like it kind of killed the soul of the game.” The game has turned from “who can be the most creative problem-solver to who can memorize the most stuff and apply it.”
PioSOLVER’s creator, Piotrek Lopusiewicz, however, said similar poker-solving programs have been available for a while and that his software is merely the latest advance in the field.
Rent a robot for less than the cost of human labour
There’s a robot that presses metal to make things like hinges or locks, and it’s cheaper to hire than human workers.
Built a company named Formic, the machine is pretty much one long mechanical arm. Its job is to pick up bits of metal and put them into a press for shaping. It can work without any breaks for its employer, Polar Hardware Manufacturing, and costs about $8 per hour – less than the minimum wage of $15 in Chicago, Wiredfirst reported.
Companies like Formic help industrial factories recruit robot workers without having to pay for the whole machine. Customers can, instead, rent the company’s metal arms to perform simple, repetitive tasks whenever they want. Its cheaper, and they don’t have to faff around with things like software or maintenance.
“Anything that can help reduce labor count or the need for labor is obviously a plus at this particular time,” said Steve Chmura, chief operating officer at Georgia Nut, a confectionery company in Illinois that also rents robots from Formic. Chmura has been able to staff up with robot workers during the pandemic; these machines can take over if human employees quit or get sick. ®