By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Quantum computers are not yet creating business value, but CIOs should nonetheless lose no time in getting involved. Supermarket aisles filled with fresh produce are probably not where you would expect to discover some of the first benefits of quantum computing. But Canadian grocery chain Save-On-Foods has become an unlikely pioneer, using quantum technology to improve the management of in-store logistics. In collaboration with quantum computing company D-Wave, Save-On-Foods is using a new type of computing, which is based on the downright weird behavior of matter at the quantum level. And it's already seeing promising results. The company's engineers approached D-Wave with a logistics problem that classical computers were incapable of solving. Within two months, the concept had translated into a hybrid quantum algorithm that was running in one of the supermarket stores, reducing the computing time for some tasks from 25 hours per week down to mere seconds. Save-On-Foods is now looking at expanding the technology to other stores and exploring new ways that quantum could help with other issues. "We now have the capability to run tests and simulations by adjusting variables and see the results, so we can optimize performance, which simply isn't feasible using traditional methods," a Save-On-Foods spokesperson tells ZDNet. "While the results are outstanding, the two most important things from this are that we were able to use quantum computing to attack our most complex problems across the organization, and can do it on an ongoing basis." The remarkable properties of quantum computing boil down to the behavior of qubits -- the quantum equivalent of classical bits that encode information for today's computers in strings of 0s and 1s. But contrary to bits, which can be represented by either 0 or 1, qubits can take on a state that is quantum-specific, in which they exist as 0 and 1 in parallel or superposition. Qubits, therefore, enable quantum algorithms to run various calculations at the same time, and at an exponential scale: the more qubits, the more variables can be explored, and all in parallel. Some of the largest problems, which would take classical computers tens of thousands of years to explore with single-state bits, could be harnessed by qubits in minutes. The challenge lies in building quantum computers that contain enough qubits for useful calculations to be carried out. Qubits are temperamental: they are error-prone, hard to control, and always on the verge of falling out of their quantum state. Typically, scientists have to encase quantum computers in extremely cold, large-scale refrigerators, just to make sure that qubits remain stable. That's impractical, to say the least. This is, in essence, why quantum computing is still in its infancy. Most quantum computers currently work with less than 100 qubits, and tech giants such as IBM and Google are racing to increase that number in order to build a meaningful quantum computer as early as possible. Recently, IBM ambitiously unveiled a roadmap to a million-qubit system and said that it expects a fault-tolerant quantum computer to be an achievable goal during the next ten years. Although it's early days for quantum computing, there is still plenty of interest from businesses willing to experiment with what could prove to be a significant development. "Multiple companies are conducting learning experiments to help quantum computing move from the experimentation phase to commercial use at scale," Ivan Ostojic, partner at consultant McKinsey, tells ZDNet. Certainly, tech companies are racing to be seen as early leaders. IBM's Q Network started running in 2016 to provide developers and industry professionals with access to the company's quantum processors, the latest of which, a 65-qubit device called Hummingbird, was released on the platform last month. Recently, US multinational Honeywell took its first steps on the quantum stage, making the company's trapped-ion quantum computer available to customers over the cloud. Rigetti Computing, which has been operating since 2017, is also providing cloud-based access to a 31-qubit quantum computer. Complete details are posted on OUR FORUM.

There are times when corporations lose their temper. Well, they're people too. In Microsoft's case, it's people and politics that are driving the company crazy. I'm quite used to hearing that Microsoft has annoyed someone. Usually, it's a Windows user who's angry about Redmond's keenness to slip unwanted products onto their screens. I was rather moved, then, to hear that Microsoft itself is enduring conniptions of the most fundamental kind. You see, the company recently commissioned research company YouGov to ask 5,000 registered voters about their innermost feelings. One or two deeply felt highlights emerged. 90% of respondents admitted they're worried every time they share their information online. 70% privately pointed their fingers at the US government. They said it isn't doing enough to protect their personal data. A similar 70% said they'd like to see the next administration enact privacy legislation. How do I know this made Microsoft angry? Well, these details come from a bracingly seething blog post -- published this week -- from the company's "Corporate Vice-President For Global Privacy and Regulatory Affairs and Chief Privacy Officer." Extraordinarily, we're talking about just one person with all those titles, Julie Brill. She doesn't think the US government is doing brilliantly. Brill tried to rein in her irksome. She began by talking about the importance of data in our new, more domestically confined world. She said: "Data is critical not just in rebuilding our economy but in helping us understand societal inequalities that have contributed to dramatically higher rates of sickness and death among Black communities and other communities of color due to COVID-19. Data can also help us focus resources on rebuilding a more just, fair, and equitable economy that benefits all." A fundamental problem said Brill is the lack of trust in society today. In bold letters, she declared: "The United States has fallen far behind the rest of the world in privacy protection." I can't imagine it's fallen behind Russia, but how poetic if that was true. Still, Brill really isn't happy with our government: "In total, over 130 countries and jurisdictions have enacted privacy laws. Yet, one country has not done so yet: the United States." Brill worries our isolation isn't too splendid. She mused: "In contrast to the role our country has traditionally played on global issues, the US is not leading, or even participating in, the discussion over common privacy norms." That's like Microsoft not participating in the creation of excellent smartphones. It's not too smart. Brill fears other parts of the world will continue to lead in privacy, while the US continues to lead in inaction and chaos. It sounds like the whole company is mad as hell and isn't going to take it anymore. Yet it's not as if Microsoft has truly spent the last 20 years championing privacy much more than most other big tech companies. In common with its west coast brethren, it's been too busy making money. Brill is undeterred. She tried to offer good news. Some states are taking the matter of privacy into their own jurisdictions. And then she offers words of hope that, to this reader at least, swim in baths of sarcasm: "There are also signs of real interest among some members of Congress." Real interest among members of Congress can often feel like real sincerity. You hope it's there, but you suspect it's not. Yet I sense Brill doesn't have too much hope in governmental action. So, spurred again by the company's research, she turned to the corporate world. "The YouGov study found that significantly more people believe companies bear the primary responsibility for protecting data privacy -- not the government," she said. Yet what do those companies do? They make privacy controls your responsibility, dear citizen. Full details are posted on OUR FORUM.

This underappreciated Android gem can protect your privacy and make your phone significantly more secure, but it's up to you to dust it off and use it. It's amazing how many useful Android features get buried in the operating system and then forgotten over time. When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way. One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014. Guest Mode, in case you've also forgotten, does exactly what you'd expect: It gives you an on-demand way to switch your phone into a blank-slate-like state, where your personal apps, accounts, and data are all securely tucked away and you instead get an out-of-the-box-like experience, with only the basic preinstalled system apps in place. It's almost like an incognito mode of sorts, applied to your entire phone: All your regular stuff is gone, and nothing done in that environment has any impact on your standard smartphone setup. The implications for that are enormous. The biggest realistic threat with smartphone security, after all, isn't the coming invasion of scary-sounding malware monsters (which, as we've discussed to death 'round these parts, are more about sensationalism and security software sales than any pressing, practical danger). Nope — it's your own negligence and occasional lapse in judgment. And even if you take every possible step to protect your privacy and strengthen your phone's security, all it takes is a single, brief pass-off of your device to the wrong person to send all your best-laid efforts swirling down the drain. Whether we're talking about sensitive company data or your own personal photos, messages, and maybe even browsing history, it doesn't take long for the wrong set of eyes to see something they shouldn't — whether it's deliberate or by mistake. That's exactly the sort of slip-up Android's Guest Mode can prevent — and best of all? Once you remember that it's there, it's simple as can be to deploy. First things first, we need to make sure your phone is set up properly to support the feature, as it's often disabled by default these days. If you have a Samsung phone, unfortunately, you're out of luck here, as Samsung has for no apparent reason opted to remove this standard operating system element from its software. When you're ready to exit out of Guest Mode and get back to normal, just repeat the same first two steps from above — opening the Quick Settings panel and tapping the user profile picture — and this time, select "Remove guest" from the menu that comes up. That'll completely erase and reset everything that was done in that temporary profile and, once you put in your PIN, pattern, or password (or use biometric authentication), take you back to your own standard Android setup. A pretty useful possibility, right? The power's been right there at your fingertips all along — and now that you've got it activated and in the back of your mind, you can tap into it anytime the need arises. Visit OUR FORUM for more details and a guide on how to enable this privacy measure.

Emotet diversifies arsenal with new lures to trick users into infecting themselves. In today's cyber-security landscape, the Emotet botnet is one of the largest sources of malspam — a term used to describe emails that deliver malware-laced file attachments. These malspam campaigns are absolutely crucial to Emotet operators. They are the base that props up the botnet, feeding new victims to the Emotet machine — a Malware-as-a-Service (MaaS) cybercrime operation that's rented to other criminal groups. To prevent security firms from catching up and marking their emails as "malicious" or "spam," the Emotet group regularly changes how these emails are delivered and how the file attachments look. Emotet operators change email subject lines, the text in the email body, the file attachment type, but also the content of the file attachment, which is as important as the rest of the email. That's because users who receive Emotet malspam, besides reading the email and opening the file, they still need to allow the file to execute automated scripts called "macros." Office macros only execute after the user has pressed the "Enable Editing" button that's shown inside an Office file. Tricking users to enable editing is just as important to malware operators as the design of their email templates, their malware, or the botnet's backend infrastructure. Across the years, Emotet has developed a collection of boobytrapped Office documents that use a wide variety of "lures" to convince users to click the "Enable Editing" button. But this week, Emotet arrived from a recent vacation with a new document lure. File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button (don't press it). According to an update from the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world. Per this report, on some infected hosts, Emotet installed the TrickBot trojan, confirming a ZDNet report from earlier this week that the TrickBot botnet survived a recent takedown attempt from Microsoft and its partners. These boobytrapped documents are being sent from emails with spoofed identities, appearing to come from acquaintances and business partners. Furthermore, Emotet often uses a technique called conversation hijacking, through which it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and adding the boobytrapped Office documents as attachments. The technique is hard to pick up, especially among users who work with business emails on a daily basis, and that is why Emotet very often manages to infect corporate or government networks on a regular basis. In these cases, training and awareness is the best way to prevent Emotet attacks. Users who work with emails on a regular basis should be made aware of the danger of enabling macros inside documents, a feature that is very rarely used for legitimate purposes. Knowing how the typical Emotet lure documents look like is also a good start, as users will be able to dodge the most common Emotet tricks when one of these emails lands in their inboxes, even from a known correspondent. For more detailed information visit OUR FORUM.

A distributed denial-of-service attack (DDoS attack) sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all. While a DDoS attack is one of the least sophisticated categories of cyberattack, it also has the potential to be one of the most disruptive and most powerful by taking websites and digital services offline for significant periods of time that can range from seconds to even weeks at a time. DDoS attacks are carried out using a network of internet-connected machines – PCs, laptops, servers, Internet of Things devices – all controlled by the attacker. These could be anywhere (hence the term 'distributed') and it's unlikely the owners of the devices realize what they are being used for as they are likely to have been hijacked by hackers. Common ways in which cybercriminals take control of machines include malware attacks and gaining access by using the default user name and password the product is issued with – if the device has a password at all. Once the attackers have breached the device, it becomes part of a botnet – a group of machines under their control. Botnets can be used for all manner of malicious activities, including distributing phishing emails, malware or ransomware, or in the case of a DDoS attack, as the source of a flood of internet traffic. The size of a botnet can range from a relatively small number of zombie devices to millions of them. Either way, the botnet's controllers can turn the web traffic generated towards a target and conduct a DDoS attack. Servers, networks, and online services are designed to cope with a certain amount of internet traffic but, if they're flooded with additional traffic in a DDoS attack, they become overwhelmed. The high amounts of traffic being sent by the DDoS attack clog up or takes down the systems' capabilities, while also preventing legitimate users from accessing services (which is the 'denial of service' element).  An IP stressor is a service that can be used by organizations to test the robustness of their networks and servers. The goal of this test is to find out if the existing bandwidth and network capacity are enough to handle additional traffic. An IT department using a stressor to test their own network is a perfectly legitimate application of an IP stressor. However, using an IP stressor against a network that you don't operate is illegal in many parts of the world – because the end result could be a DDoS attack. However, there are cyber-criminal groups and individuals that will actively use IP stressors as part of a DDoS attack. What's widely regarded as the first malicious DDoS attack occurred in July 1999 when the computer network at the University of Minnesota was taken down for two days. A network of 114 computers infected with Trin00 malware all directed their traffic at a computer at the university, overwhelming the network with traffic and blocking legitimate use. No effort was made to hide the IP address of the computers launching the traffic – and the owners of the attacking systems had no idea their computers were infected with malware and were causing an outage elsewhere. The world didn't have to wait long after the University of Minnesota incident to see how disruptive DDoS attacks could be. By February 2000, 15-year-old Canadian Michael Calce – online alias MafiaBoy – had managed to take over a number of university networks, roping a large number of computers into a botnet. He used this for a DDoS attack that took down some of the biggest websites at the start of the new millennium, including Yahoo! – which at the time was the biggest search engine in the world – eBay, Amazon, CNN, and more. By the mid-2000s, it was apparent that DDoS attacks could be a potent tool in the cybercriminal arsenal, but the world was about to see a new example of how disruptive DDoS attacks could be; by taking down the internet services of an entire country. In April 2007, Estonia was – and still is – one of the most digitally advanced countries in the world, with almost every government service accessible online to the country's 1.3 million citizens through an online ID system. But from 27 April, Estonia was hit with a series of DDoS attacks disrupting all online services in the country, as well as parliament, banks, ministries, newspapers, and broadcasters. People weren't able to access the services they needed on a daily basis. For complete details visit OUR FORUM.

After tearing the PlayStation 5's guts apart earlier this week, Sony confirmed nearly everything we'd like to know on Friday about how its new console, launching November 12, will interface with PS4 games via backward compatibility. We should probably start with the big news that Sony has not cleared up just yet. Today, we received our first indication that PlayStation 5 will ship with something known as "Game Boost," which its Friday news post suggests "may make [select] PS4 games run with a higher or smoother frame rate." This suggestion doesn't come with a handy footnote pointing us to a list of affected games or features, however. Sony did not immediately respond to our request for clarification, so I'm left pointing to my recent deep dive with Xbox Series X's backward compatibility suite. What I found there was compelling: Most games play nearly identically on Xbox Series X as they do on Xbox One X, since console games are typically coded with hard limits on technical aspects. But in the case of games that launched on PS4 with "unlocked" frame rates and dynamic resolutions, well, the sky might be the limit. Will PS5 let those older, uncapped games tap into the full PS5 architecture or will certain CPU and GPU aspects be limited for compatibility's sake? I found that Xbox Series X was generally quite generous to the minority of games that could tap into increased horsepower, but there's no guaranteeing Sony will treat its older games the same way, in order to prioritize compatibility over upgrades. Additionally, will current-gen PlayStation VR games see their own boosts? "PSVR" is referenced repeatedly throughout today's new document but not in the brief mention of Game Boost. Existing PlayStation VR hardware seems to be entirely compatible with PS5, with Sony confirming once again that users will need a PlayStation Camera adapter to connect to PS5—and that those adapters will be free. How exactly PSVR owners will get those adapters remains to be seen. The matter of PS5 controller compatibility is a bit more complicated than Xbox Series' pledge of total forward and backward compatibility (with the exception of Xbox One Kinect, RIP). As has previously been hinted, PS5's new DualSense controller will work with older games, but PS4's DualShock 4 gamepad will not work with PS5 games. (Yes, you can still connect a PS4 DualShock 4 to play PS4 games on PS5. Whew, that's a mouthful.) In good forward-compatibility news, if you already bought an expensive add-on controller, Sony assures you that "specialty peripherals [from the PS4 era], such as officially licensed racing wheels, arcade sticks, and flight sticks," will work with PS5 software. When playing the PS4's library of PSVR games on PS5, Sony encourages users to stick with DualShock 4 as a gamepad, suggesting that the older gamepad offers the "best experience" in PSVR. This implies, but doesn't confirm, that DualSense will not work the same way as a DualShock 4 in PSVR games like Astro Bot, which relies heavily on gamepad motion sensing via tracking elements like its "light bar." You can also use existing PlayStation Move wands in PSVR games on PS5. Certain PS4 system features have been scrapped when moving forward to PS5. The DualShock 4's "share" button now brings up the PS5's built-in "create" menu, which appears to do all the stuff that "share" did on PS4 but with a few additional button shortcuts. And PS4 social features like tournaments, "in-game live," and second-screen app functionality have all gotten the axe. Complete details are posted on OUR FORUM.