Blog of the website «TechCrunch» Прогноз погоды

People

John Smith

John Smith, 49

Joined: 28 January 2014

Interests: No data

Jonnathan Coleman

Jonnathan Coleman, 32

Joined: 18 June 2014

About myself: You may say I'm a dreamer

Interests: Snowboarding, Cycling, Beer

Andrey II

Andrey II, 41

Joined: 08 January 2014

Interests: No data

David

David

Joined: 05 August 2014

Interests: No data

David Markham

David Markham, 65

Joined: 13 November 2014

Interests: No data

Michelle Li

Michelle Li, 41

Joined: 13 August 2014

Interests: No data

Max Almenas

Max Almenas, 53

Joined: 10 August 2014

Interests: No data

29Jan

29Jan, 32

Joined: 29 January 2014

Interests: No data

s82 s82

s82 s82, 26

Joined: 16 April 2014

Interests: No data

Wicca

Wicca, 37

Joined: 18 June 2014

Interests: No data

Phebe Paul

Phebe Paul, 27

Joined: 08 September 2014

Interests: No data

Артем Ступаков

Артем Ступаков, 93

Joined: 29 January 2014

About myself: Радуюсь жизни!

Interests: No data

sergei jkovlev

sergei jkovlev, 59

Joined: 03 November 2019

Interests: музыка, кино, автомобили

Алексей Гено

Алексей Гено, 8

Joined: 25 June 2015

About myself: Хай

Interests: Интерес1daasdfasf, http://apple.com

technetonlines

technetonlines

Joined: 24 January 2019

Interests: No data



Main article: Password

<< Back Forward >>
Topics from 1 to 10 | in all: 147

Jam lets you safely share streaming app passwords

04:27 | 11 February

Can’t afford Netflix and HBO and Spotify and Disney+…? Now there’s an app specially built for giving pals your passwords while claiming to keep your credentials safe. It’s called Jam, and the questionably legal service launched in private beta this morning. Founder John Backus tells TechCrunch in his first interview about Jam that it will let users save login details with local encryption, add friends you can then authorize to access your password for a chosen service, and broadcast to friends which of your subscriptions have room for people to piggyback on.

Jam is just starting to add users off its rapidly growing waitlist that you can join here, but when users get access, it’s designed to stay free to use. In the future, Jam could build a business by helping friends split the costs of subscriptions. There’s clearly demand. Over 80% of 13-24 year olds have given out or used someone else’s online TV password, according a study by Hub of over 2000 US consumers.

“The need for Jam was obvious. I don’t want to find out my ex-girlfriend’s roommate has been using my account again. Everyone shares passwords, but for consumers there isn’t a secure way to do that. Why?” Backus asks. “In the enterprise world, team password managers reflect the reality that multiple people need to access the same account, regularly. Consumers don’t have the same kind of system, and that’s bad for security and coordination.”

Thankfully, Backus isn’t some amateur when it comes to security. The Stanford computer science dropout and Thiel Fellow founded identity verification startup Cognito and decentralized credit scoring app Bloom. “Working in crypto at Bloom and with sensitive data at Cognito, I have a lot of experience building secure products with cryptography at the core.

He also tells me since everything saved in Jam is locally encrypted, even he can’t see it and nothing would be exposed if the company was hacked. It uses similar protocols to 1Password, “Plaintext login information is never sent to our server, nor is your master password” and “we use pretty straightforward public key cryptography.” Remember, your friend could always try to hijack and lock you out, though. And while those protocols may be hardened, TechCrunch can’t verify they’re perfectly implemented and fully secure within Jam.

Whether facilitating password sharing is legal, and whether Netflix and its peers will send an army of lawyers to destroy Jam, remain open questions. We’ve reached out to several streaming companies for comment. When asked on Twitter about Jam helping users run afoul of their terms of service, Backus claims that “plenty of websites give you permission to share your account with others (with vary degrees of constraints) but users often don’t know these rules.” 

However, sharing is typically supposed to be amongst a customer’s own devices or within their household, or they’re supposed to pay for a family plan. We asked Netflix, Hulu, CBS, Disney, and Spotify for comment, and did not receive any on the record comments. However, Spotify’s terms of service specifically prohibit providing your password to any other person or using any other person’s username and password”. Netflix’s terms insist that “the Account Owner should maintain control over the Netflix ready devices that are used to access the service and not reveal the password or details of the Payment Method associated to the account to anyone.”

Some might see Jam as ripping off the original content creators, though Backus claims that “Jam isn’t trying to take money out of anyone’s pocket. Spotify offers [family plan sharing for people under the same roof]. Many other companies offer similar bundled plans. I think people just underutilize things like this and it’s totally fair game.”

Netflix’s Chief Product Officer said in October that the company is monitoring password sharing and it’s looking at “consumer-friendly ways to push on the edges of that.” Meanwhile, The Alliance For Creativity and Entertainment that includes Netflix, Disney, Amazon, Comcast, and major film studios announced that its members will collaborate to address “piracy” including “what facilitates unauthorized access, including improper password sharing and inadequate encryption.”

That could lead to expensive legal trouble for Jam. “My past startups have done well, so I’ve had the pleasure of self-funding Jam so far” Backus says. But if lawsuits emerge or the app gets popular, he might need to find outside investors. “I only launched about 5 hours ago, but I’ll just say that I’m already in the process of upgrading my database tier due to signup growth.”

Eventually, the goal is not to monetize not through a monthly subscription like Backus expects competitors including password-sharing browser extensions might charge. Instead “Jam will make money by helping users save money. We want to make it easy fo users to track what they’re sharing and with whom so that they can settle up the difference at the end of each month” Backus explains. It could charge “either a small fee in exchange for automatically settling debts between users and/or charging a percentage of the money we save users by recommending more efficient sharing setups.” Later, he sees a chance to provide recommendations for optimizing account management across networks of people while building native mobile apps.

“I think Jam is timed perfectly to line up with multiple different booming trends in how people are using the internet”, particularly younger people says Backus. Hub says 42% of all US consumers have used someone else’s online TV service password, while amongst 13 to 24 year olds, 69% have watched Netflix on someone else’s password. “When popularity and exclusivity are combined with often ambiguous, even sometimes nonexistent, rules about legitimate use, it’s almost an invitation to subscribers to share the enjoyment with friends and family” says Peter Fondulas, the principal at Hub and co-author of the study. “Wall Street has already made its displeasure clear, but in spite of that, password sharing is still very much alive and well.”

From that perspective, you could liken Jam to sex education. Password sharing abstinence has clearly failed. At least people should learn how to do it safely.

 


0

Dumb things companies do with user security

20:30 | 4 February

After iterating on a few ideas, you’ve found something people are interested in. Users are signing up! You’ve got traction! People with money want to give you that money! Excellent.

In the rush to rapid growth, it can be easy to get caught up in what’s next, like the next new layout, feature launch or product release — the next thing that will make users happy.

Equally important to keep in mind — really, more important — is what makes users mad: getting hacked.

It’s advice we’ve heard from just about every security expert who has ever been onstage at Disrupt: Take security seriously from the start. As soon as anyone cares about your company, it’s a target, and the bigger you get, the bigger that target becomes. The more users you acquire, the more valuable your database becomes. Adding features and pushing code creates more things for hackers to poke at.

Last week, we took a look at some things you can do to help keep your employees from getting hacked. This week, we’re looking at some of what you can do to keep your users safe. It’s by no means exhaustive — but for growing teams, it’s the sort of stuff you need to have in the back of your brain, always.

 


0

Google Cloud gets a Secret Manager

23:35 | 22 January

Google Cloud today announced Secret Manager, a new tool that helps its users securely store their API keys, passwords, certificates and other data. With this, Google Cloud is giving its users a single tool to manage this kind of data and a centralized source of truth, something that even sophisticated enterprise organizations often lack.

“Many applications require credentials to connect to a database, API keys to invoke a service, or certificates for authentication,” Google developer advocate Sath Vargo and product manager Matt Driscoll not in today’s announcement. “Managing and securing access to these secrets is often complicated by secret sprawl, poor visibility, or lack of integrations.”

With Berglas, Google already offered an open-source command-line tool for managing secrets. Secret Manager and Berglas will play well together and users will be able to move their secrets from the open-source tool into Secret Manager and use Berglas to create and access secrets from the cloud-based tool as well.

With KMS, Google also offers a fully managed key management system (as do Google Cloud’s competitors). The two tools are very much complementary. As Google notes, KMS does not actually store the secrets — it encrypts the secrets you store elsewhere. The secret Manager provides a way to easily store (and manage) these secrets in Google Cloud.

Secret Manager includes the necessary tools for managing secret versions and audit logging, for example. Secrets in Secret Manager are also project-based global resources, the company stresses, while competing tools often feature manage secrets on a regional basis.

The new tool is now in beta and available to all Google Cloud customers.

 


0

Google finally brings its security key feature to iPhones

17:00 | 15 January

More than half a year after Google said Android phones could be used as a security key, the feature is coming to iPhones.

Google said it’ll bring the feature to iPhones in an effort to give at-risk users, like journalist and politicians, access to additional account and security safeguards, effectively removing the need to use a physical security key like a Yubico or a Google Titan key.

Two-factor authentication remains one of the best ways to protect online accounts. Typically it works by getting a code or a notification sent to your phone. By acting as an additional layer of security, it makes it far more difficult for even the most sophisticated and resource-backed attackers to break in. Hardware keys are even stronger. Google’s own data shows that security keys are the gold standard for two-factor authentication than other options, like a text message sent to your phone.

Google said it was bringing the technology to iPhones as part of an effort to give at-risk groups greater access to tools that secure their accounts, particularly in the run-up to the 2020 presidential election, where foreign interference remains a concern.

 


0

Is your startup protected against insider threats?

21:31 | 10 December

We’ve talked about securing your startup, the need to understand phishing risks and how not to handle a data breach. But we haven’t yet discussed one of the more damaging threats that all businesses large and small face: the insider threat.

The insider threat is exactly as it sounds — someone within your organization who has malicious intent. Your employees will be one of your biggest assets, but human beings are the weakest link in the security chain. Your staff are already in a privileged position — in the sense that they are in a place where they have access to far more than they would as an outsider. That means taking data, either maliciously or inadvertently, is easier for staff than it might be for a hacker.

“Organizations need to understand that the threats coming from inside their organizations are as critical as, if not more dangerous than, the threats coming from the outside,” said Stephanie Carruthers, a social engineering expert who serves as chief people hacker at IBM X-Force Red, a division of Big Blue that looks for breaches in IoT devices before — and after — they go to market.

Insider risks can become active threats for many reasons. Some individuals may become disgruntled, some want to blow the whistle on wrongdoing and others can be approached (or even manipulated) by career criminals over debts or other matters in their private life.

There are plenty of examples, many not too far back in recent history.

 


0

Mixcloud data breach exposes over 20 million user records

22:18 | 29 November

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web.

The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to examine and verify the authenticity of the data.

The data contained usernames, email addresses, and passwords that appear to be scrambled with the SHA-2 algorithm, making the passwords near impossible to unscramble. The data also contained account sign-up dates and the last-login date. It also included the country from which the user signed up, their internet (IP) address, and links to profile photos.

We verified a portion of the data by validating emails against the site’s password reset feature.

The exact amount of data stolen isn’t known. The seller said there were 20 million records, but listed 21 million records on the dark web. But the data we sampled suggested there may have been as many as 22 million records.

The data was listed for sale for $4,000, or about 0.5 bitcoin. We’re not linking to the dark web listing.

Mixcloud last year secured a $11.5 million cash injection from media investment firm WndrCo, led by Hollywood media proprietor Jeffrey Katzenberg.

It’s the latest in a string of high profile data breaches in recent months. The breached data came from the same dark web seller who also alerted TechCrunch to the StockX breach earlier this year. The apparel trading company initially claimed its customer-wide password reset was for “system updates,” but later came clean, admitting it was hacked, exposing more than four million records, after TechCrunch obtained a portion of the breached data.

An email to Mixcloud’s press mailbox bounced, and its last listed public relations agency told TechCrunch it no longer represents the company.

As a London-based company, Mixcloud falls under U.K. and European data protection rules. Companies can be fined up to 4% of their annual turnover for violations of European GDPR rules.

Read more:

 


0

Gift Guide: Essential security and privacy gifts to help protect your friends and family

00:37 | 28 November

 

There’s no such thing as perfect privacy or security, but there’s a lot you can do to lock down your online life. And the holiday season is a great time to encourage others to do the same. Some people are more likely to take security into their own hands if they’re given a nudge along the way.

Here we have a selection of gift ideas — from helpful security solutions to unique and interesting gadgets that will keep your information safe, but without breaking the bank.

A hardware security key for two-factor

Your online accounts have everything about you and you’d want to keep them safe. Two-factor authentication is great, but for the more security minded there’s an even stronger solution. A security key is a physical hardware key that’s even stronger than having a two-factor code going to your phone. These keys plug into your USB port on your computer (or the charger port on your phone) to prove to online services, like Facebook, Google, and Twitter, that you are who you say you are. Google’s own data shows security keys offer near-unbeatable protection against even the most powerful and resourced nation-state hackers. Yubikeys are our favorite and come in all shapes and sizes. They’re also cheap. Google also has a range of its own branded Titan security keys, one of which also offers Bluetooth connectivity.

Price: from $20.
Available from: Yubico Store | Google Store

Webcam cover

Surveillance-focused malware, like remote access trojans, can infect computers and remotely switch on your webcam without your permission. Most computer webcams these days have an indicator light that shows you when the camera is active. But what if your camera is blocked, preventing any accidental exposure in the first place? Enter the simple but humble webcam blocker. It slides open when you need to access your camera, and slides to cover the lens when you don’t. Support local businesses and non-profits — you can search for unique and interesting webcam covers on Etsy

Price: from $5 – $10.
Available from: Etsy | Electronic Frontier Foundation

A microphone blocker

Now you have you webcam cover, what about your microphone? Just as hackers can tap into your webcam, they can also pick up on your audio. Microphone blockers contain a semiconductor that tricks your computer or device into thinking that it’s a working microphone, when in fact it’s not able to pick up any audio. Anyone hacking into your device won’t hear a thing. Some modern Macs already come with a new Apple T2 security chip which prevents hackers from snooping on your microphone when your laptop’s lid is shut. But a microphone blocker will work all the time, even when the lid is open.

Price: $6.99 – $16.99.
Available from: Nope Blocker | Mic Lock

A USB data blocker

You might have heard about “juice-jacking,” where hackers plant malicious implants in USB outlets, which steal a person’s device data when an unsuspecting victim plugs in. It’s a threat that’s almost unheard of, but proof-of-concepts have shown how easy it is to implant malicious components in legitimate-looking cables. A USB data blocker essentially acts as a data barrier, preventing any information going in or out of your device, while letting power through to charge your battery. They’re cheap but effective.

Price: from $6.99 and $11.49.
Available from: Amazon | SyncStop

A privacy screen for your computer or phone

How often have you seen someone’s private messages or document as you look over their shoulder, or see them in the next aisle over? Privacy screens can protect you from “visual hacking.” These screens make it near-impossible for anyone other than the device user to snoop at what you’re working on. And, you can get them for all kinds of devices and displays — including phones. But make sure you get the right size!

Price: from about $17.
Available from: Amazon

A password manager subscription

Password managers are a real lifesaver. One strong, unique password lets you into your entire bank of passwords. They’re great for storing your passwords, but also for encouraging you to use better, stronger, unique passwords. And because many are cross-platform, you can bring your passwords with you. Plenty of password managers exist — from LastPass, Lockbox, and Dashlane, to open-source versions like KeePass. Many are free, but a premium subscription often comes with benefits and better features. And if you’re a journalist, 1Password has a free subscription for you.

Price: Many free, premium offerings start at $35.88 – $44.28 annually
Available from: 1Password | LastPass | Dashlane | KeePass

Anti-surveillance clothing

Whether you’re lawfully protesting or just want to stay in “incognito mode,” there are — believe it or not — fashion lines that can help prevent facial recognition and other surveillance systems from identifying you. This clothing uses a kind of camouflage that confuses surveillance technology by giving them more interesting things to detect, like license plates and other detectable patterns.

Price: $35.99.
Available from: Adversarial Fashion

Pi-hole

Think of a Pi-hole as a “hardware ad-blocker.” A Pi-hole is a essentially a Raspberry Pi mini-computer that runs ad-blocking technology as a box that sits on your network. It means that everyone on your home network benefits from ad blocking. Ads may generate revenue for websites but online ads are notorious for tracking users across the web. Until ads can behave properly, a Pi-hole is a great way to capture and sinkhole bad ad traffic. The hardware may be cheap, but the ad-blocking software is free. Donations to the cause are welcome.

Price: From $35.
Available from: Pi-hole | Raspberry Pi

And finally, some light reading…

There are two must-read books this year. NSA whistleblower Edward Snowden’s “Permanent Record” autobiography covers his time as he left the shadowy U.S. intelligence agency to Hong Kong, where he spilled thousands of highly classified government documents to reporters about the scope and scale of its massive global surveillance partnerships and programs. And, Andy Greenberg’s book on “Sandworm”, a beautifully written deep-dive into a group of Russian hackers blamed for the most disruptive cyberattack in history, NotPetya, This incredibly detailed investigative book leaves no stone unturned, unravelling the work of a highly secretive group that caused billions of dollars of damage.

Price: From $14.99.
Available from: Amazon (Permanent Record) | Amazon (Sandworm)

 


0

‘Magic: The Gathering’ game maker exposed 452,000 players’ account data

22:28 | 16 November

The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players.

The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the game’s online arena. But there was no password on the storage bucket, allowing who with the bucket’s name to access the files inside.

The bucket is not believed to have been exposed for long — since around early-September — but it was long enough for U.K. cybersecurity firm Fidus Information Security to find the database.

A review of the database file showed there were 452,634 players’ information, including about 470 email addresses associated with Wizards’ staff. The database included player names and usernames, email addresses, and the date and time of the account’s creation. The database also had user passwords, which were hashed and salted, making it difficult but not impossible to unscramble.

None of the data was encrypted. The accounts date back to at least 2012, according to our review of the data.

Fidus reached out to Wizards of the Coast but did not hear back. It was only after TechCrunch reached out that the game maker pulled the storage bucket offline.

Bruce Dugan, a spokesperson for the game developer, told TechCrunch in a statement: “We learned that a database file from a decommissioned website had inadvertently been made accessible outside the company.”

“We removed the database file from our server and commenced an investigation to determine the scope of the incident,” he said. “We believe that this was an isolated incident and we have no reason to believe that any malicious use has been made of the data,” but the spokesperson did not provide any evidence for this claim.

“However, in an abundance of caution, we are notifying players whose information was contained in the database and requiring them to reset their passwords on our current system,” he said.

Harriet Lester, Fidus’ director of research and development, said it was “surprising in this day and age that misconfigurations and lack of basic security hygiene still exist on this scale, especially when referring to such large companies with a userbase of over 450,000 accounts.”

“Our research team work continuously, looking for misconfigurations such as this to alert companies as soon as possible to avoid the data falling into the wrong hands. It’s our small way of helping make the internet a safer place,” she told TechCrunch.

The game maker said it informed the U.K. data protection authorities about the exposure, in line with breach notification rules under Europe’s GDPR regulations. The U.K.’s Information Commissioner’s Office did not immediately return an email to confirm the disclosure.

Companies can be fined up to 4% of their annual turnover for GDPR violations.

 


0

Fourteen years after launching 1Password takes a $200M Series A

17:01 | 14 November

1Password has been around for 14 years, and the founders grew the company the old-fashioned way without a dime of venture capital. But when it decided to take venture help, it went all in. Today, the company announced a $200 million Series A from Accel, the largest single investment in the firm’s 35-year history.

Dave Teare says he and his co-founder Roustem Karimov were resolving a major pain point for users around password creation and management when they launched in 2005, and that the Toronto company has been profitable from day one. That’s not something you hear from startups all that often.

Today, Jeff Shiner is CEO. He helped grow the company from 20 employees when he came on board in 2012 to 174 today. He says that as he helped foster this growth, he saw a tremendous market opportunity in front of him. That’s when he decided to finally take the plunge into venture investing.

“We’ve got the sophisticated business tooling that we built over the last five years, so that we can really go out there and just double and triple down on what we’ve been doing, and drive that much faster and further into the market, and again that market is honestly from consumers all the way up to enterprises,” Shiner explained.

While he is confident in his company’s ability to build a product people want and support its customers, it needs help with other aspects of the business to grow faster and take advantage of the market potential. “We have far less experience with things like go-to-market programs, with sales, marketing and finance teams — and things like that. And we need to grow, and grow aggressively, which is not just hiring people, but also getting the right partners, finding the right leaders to help us with that growth,” he said.

Accel has a history of investing in mature companies that haven’t taken funding before, so what it’s doing with this round isn’t all that unusual for the firm. Arun Mathew, a partner at Accel, says he doesn’t come across companies like 1Password all that often. ““Like Atlassian and Qualtrics, the 1Password team impressed us by building a business that’s not only scaling extremely quickly but also has been profitable since day one — and that’s why today we’re making the biggest single investment in Accel’s 35-year history,” Mathew said in a statement.

The founders actually stumbled onto the idea of 1Password in 2005. They were running a web development consultancy when they decided to resolve a long-standing problem of logging into multiple websites, a particularly acute issue given their day jobs.

They decided to build a tool to help, and when they put it out in the world, they found lots of other people had the same problem. They ended up closing the web consultancy to build 1Password, and the rest, as they say, is history.

 


0

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

17:43 | 7 November

Security researchers have discovered a vulnerability in Ring doorbells that exposed the password for the Wi-Fi network it was connected to.

Bitdefender said the Amazon-owned doorbell was sending its owner’s Wi-Fi password in cleartext over the internet, allowing for nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger attacks or conduct surveillance.

Amazon fixed the vulnerability in all Ring devices in September, but the vulnerability was only disclosed today.

It’s another example of smart home technology suffering from security issues. As much as smart home devices are designed to make our lives easier and homes more secure, researchers keep finding vulnerabilities that allow them to get access to the very thing they’re trying to protect.

Earlier this year, flaws in a popular smart home hub allowed researchers to break into a person’s home by triggering a smart lock to unbolt the door.

Amazon has faced intense scrutiny in recent months for Ring’s work with law enforcement. Several news outlets, including Gizmodo, have detailed the close relationship Ring has with police departments, including their Ring-related messaging.

It was reported this week that Ring had bragged on Instagram about tracking millions of trick-or-treaters this Halloween.

 


0
<< Back Forward >>
Topics from 1 to 10 | in all: 147

Site search


Last comments

Walmart retreats from its UK Asda business to hone its focus on competing with Amazon
Peter Short
Good luck
Peter Short

Evolve Foundation launches a $100 million fund to find startups working to relieve human suffering
Peter Short
Money will give hope
Peter Short

Boeing will build DARPA’s XS-1 experimental spaceplane
Peter Short
Great
Peter Short

Is a “robot tax” really an “innovation penalty”?
Peter Short
It need to be taxed also any organic substance ie food than is used as a calorie transfer needs tax…
Peter Short

Twitter Is Testing A Dedicated GIF Button On Mobile
Peter Short
Sounds great Facebook got a button a few years ago
Then it disappeared Twitter needs a bottom maybe…
Peter Short

Apple’s Next iPhone Rumored To Debut On September 9th
Peter Short
Looks like a nice cycle of a round year;)
Peter Short

AncestryDNA And Google’s Calico Team Up To Study Genetic Longevity
Peter Short
I'm still fascinated by DNA though I favour pure chemistry what could be
Offered is for future gen…
Peter Short

U.K. Push For Better Broadband For Startups
Verg Matthews
There has to an email option icon to send to the clowns in MTNL ... the govt of India's service pro…
Verg Matthews

CrunchWeek: Apple Makes Music, Oculus Aims For Mainstream, Twitter CEO Shakeup
Peter Short
Noted Google maybe grooming Twitter as a partner in Social Media but with whistle blowing coming to…
Peter Short

CrunchWeek: Apple Makes Music, Oculus Aims For Mainstream, Twitter CEO Shakeup
Peter Short
Noted Google maybe grooming Twitter as a partner in Social Media but with whistle blowing coming to…
Peter Short