Information Technology

Well, that didn’t take long. Google fixed multiple problems with its services this week but less than a day later network administrators and users started seeing another rash of Gmail problems.

Google confessed, “We’re aware of a problem with Gmail affecting a significant subset of users. The affected users are able to access Gmail but are seeing error messages, high latency, and/or other unexpected behavior. We will provide an update by 12/15/20, 5:30 PM [Eastern US]detailing when we expect to resolve the problem. Please note that this resolution time is an estimate and may change.”
Also: Microsoft 365 vs Google Workspace (formerly G Suite): Which productivity suite is best for your business? 
Downdtector reported a major spike at about 3 PM Eastern. 73% of the reported problems were with receiving messages. 23% of users reported having trouble logging into Gmail.
On the internet network administrator outages list, admins reported they were seeing random bounceback issues with an average of 10% bouncebacks on their test emails. Still, other administrators reported seeing bounces when sending from GSuite to consumer Gmail.
Typical bounceback error messages said “The email account that you tried to reach does not exist.”
This problem showed up mostly in the US, but it also caused failures in Europe, Australia, and New Zealand. 

There have also been scattered reports of trouble with YouTube and YouTube TV, but these have not been confirmed.
At 6:51 PM Eastern, Google reported the Gmail problem had been resolved. The company also stated: “We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better. If you are still experiencing an issue, please contact us via the Google Help Center.”
Related Stories: More

Singapore law firm Rajah & Tann has formed a joint venture with local cybersecurity vendor Resolvo Systems to offer integrated services to help businesses navigate their reliance on digital data amidst growing cyber threats. This, they say, will be increasingly important as the global pandemic has accelerated online activities alongside cybersecurity attacks. 
Called Rajah & Tann Cybersecurity (RTCyber), the joint venture was set up by the law firm’s ICT services arm Rajah & Tann Technologies, which focuses on technology-driven legal and regulatory services such as electronic discovery and data breach response. 

Global pandemic opening up can of security worms
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Read More

“RTCyber is uniquely placed to help clients protect, mitigate against cyber attacks, minimise disruptions from a security breach, and effectively deal with a breach incident,” the law firm said in a statement Wednesday, adding that the new entity would tap its knowledge in data protection and cybersecurity law as well as Resolvo’s 20 years experience in cybersecurity. 
The joint venture would provide a suite of six services, including legal tech, e-discovery, digital forensics, and contract management.
RTTech’s director Steve Tan said: “The COVID-19 pandemic has accelerated our clients’ reliance on digital data. As their transformation partner, we see ourselves providing them with a much-needed service at this most dire of times.
“It is a matter of when, not if, an organisation is hit by a data breach, especially since the number of malicious perpetrators targeting vulnerable systems, websites, and individuals continues to grow exponentially,” Tan said. “The key is to be prepared and effectively respond to a breach. Organisations have to be proactive in securing their data against loss or cyber attacks, not only for security reasons, but also to comply with data protection and other legal requirements.”
Resolvo CTO Wong Onn Chee added that the “one-stop shop” joint venture would provide both technology and legal expertise in an “expeditious and efficient manner”, which would be essential in managing cybersecurity incidents. 

Citing the World Health Organisation, Rajah & Tann said the global organisation reported a five-fold increase in cyber attacks 1.5 months into the global pandemic, while phishing attacks targeting Singapore more than doubled between March and May this year, according to Singapore’s Cyber Security Agency. 
Worldwide, 91% of enterprises reported an increase in cyber attacks as more employees working from home amidst the coronavirus outbreak, revealed a survey by VMware Carbon Black. COVID-19 inspired malware saw the highest jump, with 92% of respondents noting an increase in such threats compared to typical volumes before the outbreak.
In Singapore, 43% saw increased attack volumes over the past year, reporting an average 1.67 breaches, and 67% said such threats now were more sophisticated. OS vulnerabilities were the most common cause of breaches, as cited by 20% in the city-state, while 15% pointed to holes in third-party application that led to security breaches. 
Cybercrimes accounted for 26.8% of all crimes in Singapore last year, with e-commerce scams the most popular. Some 9,430 cybercrime cases were reported in 2019, up 51.7% from 2018 when there were 6,215 cases. 
RELATED COVERAGE More

Cryptocurrency is like a slimy green snake, hissing in a zoo.
You’re fascinated by it, but you’re not sure you want to touch it.

That was, at least, my impression until I was confronted by a new survey that offered some mind-stroking conclusions.
Also: Cryptocurrency 101: What every business needs to know 
1,004 representative Americans were asked several searching questions about crypto. I found myself searching for a large wine glass after I’d read their answers.
You see, 45.8% of these Americans claim they already owned cryptocurrencies.
Can this possibly be? Can crypto now be as usual, normal, and popular as The Voice? Why, 46.8% of Americans voted for Donald Trump. Can crypto be almost as popular as the great populist?

This all seemed very odd to me, as other surveys estimate cryptocurrency ownership last year at between 6% and 9% of the US population. And that seems to reflect a certain sort of, well, reality.
Still I plowed forward with this study, regardless of the consequences.
What was in the souls of these particularly forward-thinking beings? Well, 95% of these claimed crypto owners said they were quite happy with it being a genuine form of currency. 31.7% said it’s a legitimate alternative to cash. A more wary 40% still favored the Benjamins. It’s not clear whether any of them still believe in American Express, or even ever did.
But here’s another result that threatened my mental equilibrium: 30.1% of these respondents said they thought Bitcoin was a safer place than a bank. Another 28.3% said it probably was, but they’d need to find out more about cryptocurrency.
Moreover, 74% of those who don’t currently own crypto said they were open to the idea of getting some in the future.
Again against my better judgment, I delved deeper.
The No. 1 answer to the question “Why would you consider using cryptocurrency?” was “It’s a good way to earn money.” Oh, is that why it’s (allegedly) so popular?
Should I be disturbed, though, by the fact that 43% of these Americans, when asked their opinion of cryptocurrency, replied “I have no opinion”?
Should I quake a little for America’s future that 31.2% of the respondents said they were planning to give crypto-related gifts for Christmas? (How do you wrap a Bitcoin?)
Or should I pause at this moment to reveal that this survey was performed on behalf of cryptocurrency hardware wallet creator SatoshiLabs? And should I wonder if it’s relevant that the minimum age of respondents was thirteen?
I’m all for modernizing the world and making things both easier and more secure. That’s been the promise of the web from the beginning and my, has it delivered.
I’d be remiss, however, not to mention my colleague Charlie Osborne’s comprehensive compendium of 2020’s worst cryptocurrency breaches, thefts, and exit scams.
It’s always good to be aware of the pitfalls. Even if you merely got your cryptocurrency under a Christmas tree.

more Technically Incorrect More

All the signs were there. If my parents knew then what parents know now, they would have been prepared. But back in the 1960s and 1970s, the maker movement was still far in the future. Robots were something you only saw in movies and awesome TV shows (or as my Mom would often put it, “What in the world are you watching?”). Telling her that Lost in Space wasn’t “in the world” tended to get me the All Powerful Glare of Motherly Annoyance.
But now, if a kid is a natural tinkerer, there are positive outlets for their inclination. There are great STEM (science, technology, engineering, and mathematics) kits and toys that can ignite a kid’s interest and focus it on learning, while at the same time making learning fun.
In this guide, we’re focusing mostly on the technology and engineering areas, providing you with some great kits and toys that teach and inspire programming and making with robots and digital technology.

Lego Robotics for kids
LEGO
If you’re talking about robotics and kids, the very best place to start is Lego. Lego has long been an innovator not only in the maker space but in robotics as well. In this guide, we kick off our exploration of goodies for geeky girls and boys with a Star Wars-themed robotics kit.
Kids can build use more than a thousand components to build R2-D2, a Gonk droid, and a Mouse droid. Then, with an app, they can program these fan favorites with a variety of different easy-to-access programming and learning tools.
$149 at Amazon

Kids build their own computer
Piper
OK, I love this thing. You’re probably going to notice me saying that a lot during this guide because I was the kid this stuff was made for. I would have been so excited had I been given this kit.
Here are the details: Your kid puts together their computer, complete with circuit connections (no soldering required) and case assembly. Then they can use the Raspberry Pi to learn and play. But you know what will fire up your kid: there’s a Raspberry Pi Mindcraft edition kids can play right on this machine. It even includes a display and a mouse.
$249 at Amazon

Play with code without a computer
Playz
I love this thing, too! First, it allows you to be geeky even if you’re on a camping trip or have a power outage. So, if you’re living through an apocalypse (what? too soon?) and still want to teach your kid to code, this is a great place to start.
Computer science and coding revolve around some basic guidelines and theories that are common across all computing. This kit shows how that works, from the basics of encryption (where your kids can make an actual cypher mechanism) to sorting algorithms. If you want your kids to get some away-from-screen time and still learn what they’re fascinated by, this is a good buy.
$23 at Amazon

Learn the basics of mechanisms
Engino
Not only do I love this thing, I want it. Yes, even now. And not just because my wife says I sometimes have the emotional maturity of a five year old.  I want it (and so will your kid) because it shows how to make things that have mechanical properties.
Here’s the thing: If you want to make something that has a linkage, a connection, a joint, or moves as part of its operation, you need to understand these concepts. This Lego-clone kit shows you how to do just that, and as a bonus, it’s under $30.
$28 at Amazon

The definitive Lego robotics kit
LEGO
I have the previous version, and I’ve built all sorts of cool programmable machines. I often use this for prototyping ideas before I decide to fabricate a more robust unit out of wood, metal, or plastic.
This is an amazing kit. It is pricey, but you get a complete robotics building experience with very few limitations. If you can budget for it, it’s definitely a gift to buy for yourself, er, your kid. Yeah, for your kid. Or buy it for yourself and get your kid a stuffed animal. That’s what I did. Of course, my kid is an 8-pound dog and he hates robots, tech, and plastic. My dreams of building him a robot car were completely dashed by his Luddite level of disinterest*, so I had to use this for other fun projects.
*Yes, we definitely see the irony in that an uber-geek’s dog, named Pixel, is completely anti-technology. But we love him so very much anyway.
$479 at Amazon

An inexpensive project that’s fun to assemble
SOMAN
If you had fun with LEGO or Erector (Meccano for those of you outside the US), this toy will be familiar. It’s not technically a robot because it has no autonomous or even remote control, and no programming. But your kid can put it together, learn about how gears work, hook up the solar panel and learn a bit about sustainable energy, all the while having a blast. 
Just a quick note: the eyes aren’t sensors. They’re decoration on a backup battery compartment. But that’s okay, ’cause they’re still cute. 
$17 at Amazon

App-enabled robot ball
Sphero
I have a couple of Sphero robots, including the BB8 version. And yes, I did buy it because I thought my little dog would have a blast chasing it, but Pixel doesn’t like it at all. Kids will, though, because — especially with this model — it’s app-enabled, allowing all sorts of interesting programming and experimenting.
Don’t discount the value of a ball as a programmable device. It can easily go up and down carpets, it’s small enough to make it through relatively narrow gaps, and it’s maneuverable as heck. It’s even waterproof.
$96 at Amazon

Arduino kit with lots of parts
Elegoo
I’ve bought three or four of these for myself over the past few years, mostly as a way to have a wide selection of parts and sensors for my Arduino projects.
This kit is not for little kids. Your kid should probably be a teenager and have some experience building things and possibly programming. The kit comes with some basic tutorials, but, to be honest, they’re not fabulous. But the selection of components is, and that’s where the magic comes. So, if you or your kid are comfortable Googling or YouTube searching for near Arduino projects and tutorials, this kit will give you the parts to make it happen. Plus, it’s under $50.
$37 at Amazon

Let’s get away from plastic for just a little while
Smartstoy
Tired of everything being made from plastic? Want to teach your kid about sustainable materials? Consider this laser-cut solar-powered car kit. Not only is the power from the sun, but the wooden chassis is both robust and biodegradable.
You can probably just snap it together, but a little wood glue (or plain old Elmer’s) should make the car strong enough to put it through its paces.
$21 at Amazon

Build a robot with a POV camera
Yahboom
The only thing I’m not that thrilled about with this is you have to add your own Raspberry Pi because the kit doesn’t come with one. I really think they should have listed two models on Amazon, one with a Pi and one without. That way, you’re not tasked with finding your own (don’t worry, we’ll list a standalone Pi in our next listing).
In any case, this is great because it allows you to build a roving device that your kid can drive from the point of view of the robot’s camera. That seems like it would be a ton of fun.
$138 at Amazon

Put together your own little computer
CanaKit
I can’t say I love this thing because it’s not a toy, but I like it. I’ve bought a bunch of these, because I use them to drive my 3D printers. While you can get a standalone Pi for about $60, I recommend spending the extra $20 to have a power source, heat sinks, fan, and case that you know will work with the Pi. It even has an HDMI cable in the kit.
If you want that $20 back and don’t mind using a board with only 2GB of RAM instead of 4GB, then this version is for you. You’re spending just about $60 and getting all the goodies.
$83 at Amazon

All of DJI’s drone smarts in a robot kit
DJI
If you want to learn robotics and have fun doing it with primo hardware, this is your toy. At more than $500, it’s not cheap, but it comes with omni-directional wheels, a laser canon, and a canon that shoots small beads (yeah, I’m thinking of Ralphie and “You’ll shoot your eye out,” too).
You can create an instant battle bot scenario with two or more of these (just in case you want to spend thousands of dollars on robot toys), but the real meat of the product is the programmability and teaching tools. There are a bunch of exercises, and you can program with either Sketch or Python. Finally, DJI includes a full series of videos, so your kid can take a video class with hands-on use of the device. It’s just so darned cool.
$449 at Amazon
Our process
I used a very simple selection mechanism while looking for these toys. If I didn’t have an overwhelming desire to buy it, and it didn’t take a supreme act of willpower to not click the Buy Now button, I didn’t list it. Since my internal kid is about as wonder-filled and geeky as they come, I figured if I was excited by it, other kids would probably be as well.
Obviously, I stuck to the coding and robotics world, but I wanted to go beyond some of the classic robot toys like LEGO and provide toys that were not only of a wide range of capabilities but price points and even learning experiences. Let me know in the comments below if I nailed it or not.
How to choose
Normally, in these lists, I try to provide you with guidance on how to pick the product or service you need. But you know your kids far better than I. As I mentioned, I’m a doggie daddy, so I don’t have a lot of experience with what kids these days groove on. But I’ll tell you this:Choose less complex toys for kids who have less experience and more complex toys for kids who have already built or programmed more ambitious projects.
Good luck and have a happy holiday season.
Need more gift ideas?

Check out our ZDNet Recommends directory or Holiday Gifts hub for some more inspiration. 
Our sister sites also have the following gift guides: 
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. While security leaders guide their companies to respond, there’s some generalized advice for the vendor world about this. 
Attackers Continue To Exploit Product Security Weaknesses 

SolarWinds Coverage

Throughout 2020, product security failures have happened month after month, but most focused on consumer-facing products and services. Enterprise B2B vendors didn’t get quite as much attention, but the scale balanced out with the SolarWinds breach. 
Companies competing with SolarWinds on providing important infrastructure, monitoring, and security products and security vendors should focus on the following: 

Poor product security efforts risk market share for B2B firms. Forrester has a body of research around product security, which provides extensive guidance on how to establish or improve your product security initiatives. Expect this to become a major focus of procurement and legal teams as a result of this breach. 

Vendors should NOT use the SolarWinds breach as a marketing opportunity. Attempting to exploit the misfortune of others never makes a company look good, and in the cybersecurity industry, everyone knows that today it might be them, but tomorrow it could be you. Ambulance chasing, dunking on, or victim shaming is not just in poor taste. It’s deplorable and won’t win clients over. FireEye exhibited tremendous transparency as a result of its breach and was able to also provide one of the first detailed technical write-ups on the SolarWinds incident. 

Even a security-mature software supplier could have missed this. To identify security flaws in their supply chain, top software organizations regularly run software composition analysis to identify vulnerabilities in open source components, and they use code-signing certificates to assure the integrity of supplied code. Neither approach would have discovered this attack — the malicious code was not in an open source library, and the compromised DLL (dynamic-link library) was signed by a valid (albeit compromised) certificate. Don’t equate susceptibility with a lack of security maturity. 

SolarWinds’ degree of transparency with its customer list might need to change. SolarWinds was large and prominent enough that it was an attractive target for attackers without mentioning customer names. But the customer page on its website went as far as listing all five branches of the US military, all 10 large US telecoms, and the top five accounting firms as clients. That doesn’t mean any of those organizations are caught in the breach, but it does mean attackers have some idea of the value of SolarWinds as a target if they are successful. Third-party risk management, legal, and procurement will likely force CISOs to reevaluate if they want to be listed in the future. 

To understand the business and technology trends critical to 2021, download Forrester’s complimentary 2021 Predictions Guide here.      
This post was written by Principal Analyst Jeff Pollard, and it originally appeared here.  More

FICO has teamed up with Bitfury Group to create a cryptocurrency risk assessment solution for financial institutions. 

Announced on Wednesday, FICO said the partnership with Bitfury will focus on creating a risk management and monitoring service for banks and other organizations considering cryptocurrency-related future products. 
When cryptocurrency first began to establish itself as a major financial heavyweight, traditional banks and financial companies maintained their distance due to the decentralized nature of trading and the relatively untested technology that underpinned cryptocurrency exchanges: the blockchain. 
In recent years, the potential of blockchain technologies beyond virtual coins has prompted technology vendors and banks alike to take the market more seriously — and as cryptocurrency has proven itself to be a popular alternative to fiat currency, many financial service providers are now seeking a way to cash in. 
However, there is risk associated with cryptocurrency-related projects: the stability of the technology used, whether or not control of funds is centralized — and, therefore, potentially at risk of theft or exit scams — cybersecurity controls, money laundering, and more.
See also: The biggest hacks, data breaches of 2020 
To address these issues, FICO and Bitfury say that the new offering will focus on risk issues at the Know Your Customer (KYC) stage, a verification process used by banks to manage risk and to verify identities before a relationship is established. 

The joint solution will combine FICO’s financial crime and money laundering investigation services with Crystal blockchain analysis technologies. 
“The joint offering will help banks assess the risk of their clients’ crypto business at the onboarding stage, as well as monitor that risk on all active accounts,” the companies say. “This unique combination will enable banks to fully understand and actively manage the risk-exposure from customers — individuals and corporations alike — that engage in virtual currency transactions.”
At the onboarding stage, KYC processes will include listing cryptocurrency assets and wallets. These assets will be cross-checked with Crystal to create a risk score, based on transaction histories and other data for due diligence. 
It may also be the case that the new solution will be applied to existing clients for crypto-related monitoring; for example, the risk score may change if suspicious activity is detected.
“Cryptocurrency services are an under-utilized market for many large banks, due to the crypto-related risks and lack of transactional intelligence available,” said Sebastian Hetzler, VP of financial crimes product management at FICO. “This partnership integrates FICO’s AI-powered financial crimes detection with Crystal’s extensive blockchain analysis, providing financial institutions with an in-depth crypto-risk assessment of client activities and relationships.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

One of the new features that Apple has rolled out for its App Store is app privacy. Now, when a developer submits a new app or update, it also has to submit details about its privacy practices and how it handles data.
It basically lets you see what apps learn about you, and how the developer or company behind that app uses that data. 
Must read: Best of the best gadgets of 2020
To see this information, fire up the App Store app, search for your favorite app, and then scroll down to App Privacy and then tap App Privacy.
And depending on the app, get ready for some serious scrolling.
Here’s the information for the Facebook app:
[embedded content]
That’s a long list.

Here’s the information for TikTok:
[embedded content]
Some developers — even big ones — have not yet issued privacy data.

Google has not yet issued privacy information

Amazon has not yet issued privacy information
When developers submit a new app or an update, this information will now need to be supplied.
Does this new feature make you think twice about installing and using some apps? Let me know. More

Singapore has added face verification as a two-factor authentication (2FA) option to log into SingPass, an account residents use to access e-government services. They also can choose to send their SMS one-time password (OTP) to another SingPass user’s mobile number, which is offered to help less digitally savvy users navigate the platform with external assistance. 
The two additional 2FA options were introduced as part of the government’s efforts to support a digitally inclusive society, said Government Technology Agency of Singapore (GovTech) in a statement Wednesday. The government agency is responsible for the country’s ICT and smart nation rollouts,

SingPass users will be able to log into their account first by entering their ID and password, then by scanning their face on an internet-connected computer equipped with a webcam or a mobile device with a front-facing camera. If they do not have access to any of these systems, they can visit selected public locations equipped with the service, including IRAS Taxpayer and Business Service Centre and CPFB’s Bishan Service Centre, with more locations to be added progressively.
GovTech said the face verification technology was integrated with security features to safeguard against fraud, such as liveness detection capabilities to detect and block the use of photographs, videos, or masks during the verification process.
The added option not only would be useful to support less digitally savvy users who would not need to key in additional information such as OTPs, but also could facilitate Singaporeans living abroad and might not have a locally-registered number to receive SMS OTPs, said National Digital Identity’s senior director Kwok Quek Sin. 
The need to better assist the less digitally savvy also led to the inclusion of “multi-user SMS OTP”, where SingPass users can link their account to another user’s mobile number such as their child to receive their OTPs. 
The addition of the two 2FA options follows plans to discontinue the OneKey token by the end of March next year. Some 120,000 users of the physical 2FA device, introduced in 2013, currently were being transitioned to the other options, said GovTech. 

There are four million SingPass users here who can tap their account to access 500 digital services provided by more than 180 government agencies as well as commercial entities, such as banks. 
Singapore’s Immigration & Checkpoints Authority (ICA) in October said it had been rolling out iris and facial scanners since July at all automated and manual immigration points located at the passenger halls of Singapore’s land, sea, and air checkpoints. These included Changi Airport Terminal 4, Tanah Merah Ferry Terminal, and the Tuas and Woodlands checkpoints that border Northern neighbour Malaysia. 
The systems would use travellers’ iris and facial data, replacing fingerprints, as the primary biometric identifiers for immigration clearance. 
Singapore in September inked a deal with British vendor iProov to provide face verification technology for use in the country’s national digital identity system. The security feature was launched as a pilot earlier this year, allowing SingPass users to access e-government services via biometric.
iProov’s Genuine Presence Assurance technology is touted to have the ability to determine if an individual’s face is an actual person, and not a photograph, mask or digital spoof, and authenticate that it is not a deepfake or injected video. Its agreement with the Singapore government also marked the first time the vendor’s cloud facial verification technology was used to secure a country’s national digital identity. 
RELATED COVERAGE More