Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘cybersecurity’ Category

No Slackers

leave a comment »

Greetings from my South Austin bunker on a hill.

There’s an onslaught of relevant tech news this AM. First, let’s cover off the mo-nay situations.

Slack is expected to go public today, and it’s direct listing reference price has been set at $26. That would value Slack at roughly $15.7B

In case you didn’t know what a direct listing is, The Wall Street Journal explains:

In a

direct listing

, a company simply floats its existing stock onto a public exchange without raising any money or using underwriters. The company doesn’t choose an IPO price or who gets to buy in the night before trading begins, as is the case in a traditional IPO. Spotify Technology SA, which made its trading debut in April 2018, is the only other major company to go public via direct listing.

I think, therefore I Slack. All day, every day.

So, good luck, Slackers everywhere.

You know who’s not Slack? Apple, which, according to a report from Nikkei and as reconnoitered in The Verge, is looking at moving between 15 and 30 percent of its hardware production out of China and has apparently asked key partners like Foxconn, Pegatron, and Wistron to “evaluate the available options.”

The catalyst for the shift is the ongoing trade war between China and the US, which is expected to intensify at the end of this month with the

introduction of 25 percent tariffs

on devices including phones, laptops, and tablets. However, Apple reportedly wants to shift production regardless of whether the trade dispute gets resolved.

Florida’s Riviera Beach has decided to pay $600K in ransom to hackers that took over its computer system. It was a classic email spearphish attack that led to ransomware situation, and, according to a report from the AP, spokeswoman Rose Anne Brown “said Wednesday that the city of 35,000 residents has been working with outside security consultants, who recommended the ransom be paid.”

I guess that whole “We don’t negotiate with terrorists” thing is an outdated trope when it comes to the cyber realm, because it appears more and more municipalities are paying the ransom, as opposed to just saying “No.” Call me old fashioned, but just saying “Yes” simply invites more such attacks.

And yes, the payment is being made via Bitcoin.

Closing on a positive note. Fresno-based Bitwise Industries, which offers training for software developers, has raised a $27M Series A round led by Kapor Capital, which will allow the firm to potentially expand its training to other unusual suspect, underserved cities for tech (like El Paso, Texas, and Knoxville in Appalachia).

As James Fallows writes in The Atlantic:

“Some people have had opportunities by accident, and others do not,” she said [Irma Olguin, from venture firm New Voices Fund]. “We need to make those opportunities less a matter of chance and serendipity, and more a matter of deliberately creating opportunities and exposing young people to different possibilities for their lives.”

Written by turbotodd

June 20, 2019 at 10:52 am

Broad Spectrum

leave a comment »

Happy Friday.

It appears that Amazon is interested in buying prepaid mobile wireless service Boost Mobile from US carriers T-Mobile and Sprint.

According to a report in Reuters, Amazon is considering buying Boost because the deal would allow it to use the “New T-Mobile” wireless network for at least six years.

New T-Mobile is the name that T-Mobile and Sprint use to refer to the new entity that would result from their merger, one that still requires regulatory approval.

Reuters also reported that Amazon would be interested as well in any wireless spectrum that could be divested as part of the deal.

Analysts estimate that Boost has seven to eight million customers and a transaction could be valued at $4.5 billion if the deal included wireless spectrum and facilities.

Meanwhile, we’re getting some of our first public looks at Uber earnings…the company reported $3.1B in revenue in Q1, which was up 20% year-over-year, and gross bookings of $14.65B dollars, up 34% year-over-year but with a net loss of $1.01B.

From CNBC:

On a call with analysts, Uber CEO Dara Khosrowshahi said he likes “what we see on the competitor front in the U.S.,” referencing Lyft’s earnings call where executives said they are beginning to compete more on brand.
“I think that competing on brand and product is, call it, a healthier mode of competition than just throwing money at a challenge,” Khosrowshahi said.

If you’re a Chrome user and interested in security, see this piece from WIRED, one entitled “Google is finally making Chrome extensions more secure.”

The improvements come as part of a wider company push to evaluate how much user data third-party applications can access. Google launched the audit, known as Project Strobe, in October alongside an announcement that Google+ had suffered data exposuresand would be shuttered.
Later this year, Google will begin requiring that extensions only request access to the minimum amount of user data necessary to function. The company is also expanding its requirements around privacy policies: Previously, only extensions that dealt with personal and sensitive user data had to post the policies, but now extensions that handle personal communications and other user-generated content will need to articulate policies, as well. Google says it is announcing these changes now so developers have time to adapt before the new rules take effect this fall.

Some funding news: BabbleLabs, which is focused on improving speech quality, accuracy, and personalization in voice apps, has raised a $14M Series A. The round was co-led by Dell Technologies Capital and Intel Capital.

Written by turbotodd

May 31, 2019 at 11:23 am

Flipping the Flipboard

leave a comment »

And there it is…another cybersecurity breach.

This time with news aggregator service and mobile news app, Flipboard.

ZDNet reports the security incident allowed hackers to have access to internal systems there for nine months.

Nine months!

“Flipboard said hackers gained access to databases the company was using to sore customer information.”

And Flipboard said those databases stored information that included Flipboard user names, passwords, and “in some cases, emails or digital tokens that linked Flipboard profiles to accounts on third-party services.”

But good news, “not all [customer] accounts were compromised.”

FYI, the breach period was roughly June 2, 2018 to March 23, 2019, and April 21-22, 2019.

The company discovered the second intrusion on April 23.

Could be time to flip off the Flipboard.

Written by turbotodd

May 29, 2019 at 9:29 am

Posted in 2019, cybersecurity

Tagged with , ,

Facebook’s Teen Problem

leave a comment »

CNBC had a story out yesterday citing data from investor analyst firm Piper Jaffray which indicated that teens are abandoning Facebook “at a staggering rate.”

But went on to say they’re still “flocking to sister app Instagram.”

Palo Alto, we have a problem.

The CNBC article indicated that just over a third of teenagers use the core Facebook platform at least once a month.

I wonder if a third of those are from Russia??

That number is “down significantly from 52 percent of teens two years ago and from close to two-thirds of teens in spring of 2016.”

On the plus side, Instagram “edged out SnapChat as the most-used social platform by teenagers for the first time” since Piper Jaffray started conducting its survey.

So, marketeers everywhere, uh, take more pictures?  

Maybe you can use that newfangled Apple iPhone XR, which is getting rave reviews across the board (and which comes in several hundred dollars less than the iPhone XS).

Speaking of Russians, The New York Times is reporting that the U.S. Cyber Command is now targeting individual Russian operatives “to try to deter them from spreading disinformation in elections.”

The campaign, which includes missions undertaken in recent days, is the first known overseas cyberoperation to protect American elections, including the November midterms.

Senior defense officials said they were not directly threatening the operatives. Still, former officials said anyone singled out would know, based on the United States government’s actions against other Russian operatives, that they could be indicted or targeted with sanctions. Even the unstated threat of sanctions could help deter some Russians from participating in covert disinformation campaigns, said Andrea Kendall-Taylor, a former intelligence official now with the Center for a New American Security.

Huh.  That only took a couple of years to get rolling.

Written by turbotodd

October 23, 2018 at 4:38 pm

Facebook Security Flaw

leave a comment »

The New York Times is reporting that Facebook said today an attack on its computer network led to the exposure of information from nearly 50 million of its users.

Facebook said it discovered the breach earlier this week, “finding that attackers had exploited a feature in Facebook code that allowed them to take over user accounts.”

The Times reports that Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack, and is in the beginning stages of its investigation.

Here’s Facebook’s detailed explanation of the exploit and the actions it says it has taken:

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

The Times goes went on to write that:

One of Facebook’s most significant challenges has been convincing its users that it is responsible enough to handle the incredible wealth of data the company handles. More than 2 billion people use Facebook every month, and another two billion separately use WhatsApp, a messaging app owned by Facebook, and Instagram, the Facebook-owned popular photo-sharing app.

You know the drill.  Check your password, change it, etc ad nauseum ad infinitum.

Written by turbotodd

September 28, 2018 at 12:22 pm

Posted in 2018, cybersecurity

Tagged with , ,

Apple AR Acquisition

leave a comment »

Happy Thursday.

Reuters is reporting that Apple has acquired a startup focused on making lenses for augmented reality glasses, a sign that Apple has ambitions to make a wearable device that would superimpose digital information on the real world.

The company, Akonia, could not be immediately reached for comment, according to Reuters. it reports the company was founded in 2012 by a group of holography scientists and had originally focused on holographic data storage before pivoting to creating displays for AR glasses.

Neither the purchase price nor the date of the acquisition was revealed, although one executive in the AR industry said the Akonia team had become “very quiet” over the past six months.

Reuter’s suggests that this acquisition is the first clear indication about Apple might handle one of the most daunting challenges in AR hardware: producing crystal clear optical displays thin and light enough to fit in the glasses similar to everyday frames with images bright enough for outdoor use and suited to mass manufacturing at a relatively low price.

Meanwhile, from The Verge we learn that Google’s Titan Security key set — which includes a USB key, a Bluetooth key, and various connectors — is now available to we mere mortals for only $50.

The Titan keys work as a second factor for a number of services, including Google Cloud customers, Facebook, Dropbox, and GitHub. But as The Verge points out, they’re built particularly for Google account logins, and, specifically, the Advanced Protection Program announced last October.

The Verge writes that “Because the keys verify themselves with a complex handshake rather than a static code, they’re far more resistant to phishing attacks than a conventional confirmtion code. The key was initially designed for internal Google use, and has been in active use within the company for more than eight months.”

Google has also indicated the production process makes the keys more resistant to supply chain attacks, because the firmware is sealed permanently Into a secure element hardware chip at production time in the chip production factory. Google says that the chip used is designed to resist physical attacks aimed at extracting firmware and secret key material.

Anything to keep the very bad people away from my data.

Written by turbotodd

August 30, 2018 at 9:49 am

The Cost of New Breaches

leave a comment »

Earlier this week IBM Security released the results of a global study examining the full financial impact of a data breach on a company’s bottom line. 

Overall, the report found that the hidden costs in data breaches — lost business, negative impact on reputation and employee time spent on recovery — are difficult and expensive to manage. One-third of the cost of “mega breaches” (1 million lost records or more) were derived from lost business.

So what was the average cost of a data breach globally? $3.86 million, which was up 6.4 percent from their 2017 report.

Based on in-depth interviews with nearly 500 companies that experienced a data breach, the study analyzes hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notiifications, legal and regulatory activities, and cost of lost business and reputation.

This year, the study also calculated those “mega breach” costs, projecting that those involving lost records ranging from 1 million to 50 million cost companies between $40 million and $350 million respectively.

Some other sound bytes:

  • Average cost of a data breach of 1 million compromised records is nearly $40 million dollars
  • At 50 million records, estimated total cost of a breach is $350 million dollars
  • The vast majority of these breaches (10 out of 11) stemmed from malicious and criminal attacks (as opposed to system glitches or human error)
  • The average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days)

You can download the 2018 Cost of a Data Breach Study here.

Written by turbotodd

July 13, 2018 at 10:14 am

%d bloggers like this: