Blog of the website «TechCrunch» Прогноз погоды

People

John Smith

John Smith, 49

Joined: 28 January 2014

Interests: No data

Jonnathan Coleman

Jonnathan Coleman, 32

Joined: 18 June 2014

About myself: You may say I'm a dreamer

Interests: Snowboarding, Cycling, Beer

Andrey II

Andrey II, 41

Joined: 08 January 2014

Interests: No data

David

David

Joined: 05 August 2014

Interests: No data

David Markham

David Markham, 65

Joined: 13 November 2014

Interests: No data

Michelle Li

Michelle Li, 41

Joined: 13 August 2014

Interests: No data

Max Almenas

Max Almenas, 53

Joined: 10 August 2014

Interests: No data

29Jan

29Jan, 32

Joined: 29 January 2014

Interests: No data

s82 s82

s82 s82, 26

Joined: 16 April 2014

Interests: No data

Wicca

Wicca, 37

Joined: 18 June 2014

Interests: No data

Phebe Paul

Phebe Paul, 27

Joined: 08 September 2014

Interests: No data

Артем Ступаков

Артем Ступаков, 93

Joined: 29 January 2014

About myself: Радуюсь жизни!

Interests: No data

sergei jkovlev

sergei jkovlev, 59

Joined: 03 November 2019

Interests: музыка, кино, автомобили

Алексей Гено

Алексей Гено, 8

Joined: 25 June 2015

About myself: Хай

Interests: Интерес1daasdfasf, http://apple.com

technetonlines

technetonlines

Joined: 24 January 2019

Interests: No data



Main article: Security

<< Back Forward >>
Topics from 1 to 10 | in all: 430

How much should a startup spend on security?

03:34 | 21 February

One of the questions I frequently ask startup founders is how much they’re spending on security. Unsurprisingly, everyone has a different answer.

Startups and small companies are invariably faced with the prospect that they’re either not spending enough or are spending too much on something that’s hard to quantify in terms of value. It’s a tough sell to sink money into an effort to stop something that might one day happen, particularly for bootstrapped startups that must make every cent count — yet we’re told security is a crucial investment for a company’s future.

Sorry to break it to you, but there is no easy answer.

The reality is that each company is different and there is no single recommended dollar amount to spend. But it’s absolutely certain that some investment is required. We know because we see a lot of security incidents here at TechCrunch — hacks, breaches and especially data exposures, often a result of human error.

We spoke to three security experts — a head of security, a security entrepreneur and a cybersecurity fellow — to understand the questions facing startups.

Know and understand your threat model

Every company has a different threat model — by that, we mean identifying risks and possible ways of attack before they happen. Companies that store tons of user data may be a greater target than companies that don’t. Each firm needs to evaluate which kind of risks they face and identify weaknesses.

 


0

Better know a CSO: Dropbox head of security Justin Berman

19:26 | 14 February

Justin Berman has one of the most important jobs at Dropbox .

As head of security, he oversees the company’s cybersecurity strategy, its defenses and works daily to keep its more than 600 million users’ data private and secure.

No pressure, then.

Berman joined the file storage and workspace giant a year ago during a period of transition for the company. During its early years, Dropbox was hit by a data breach that saw more than 60 million user passwords stolen during a time where tech giants were entrenched in a “move fast and break things” culture. But things have changed, particularly at Dropbox, which made good on its promise to improve the company’s security and also went far beyond what any Silicon Valley company had done before to better protect security researchers.

In this series, we’ll look at the role of the CSO — the chief security officer — at some of the biggest companies in tech to better understand the role, what it means to keep an organization secure without hindering growth and what advice startups can learn from some of the most experienced security professionals in the industry.

We start with Berman, who discussed in a recent interview what drew him to the company, what it means to be a security chief and what other companies can learn from Dropbox’s groundbreaking security policies

This interview has been edited for length and clarity.

TechCrunch: You’ve been at Dropbox since June. Before this you were at Zenefits, Flatiron Health and Bridgewater. What brought you to Dropbox?

Justin Berman: First and foremost, I think the people here are amazing. And I think the problems I get to solve here are not the ones that a lot of security leaders find themselves solving. Because the company has had a historical commitment to security, privacy, and trust and risk, I’m not coming in and having to boot the culture of security from the ground up. That culture already exists. And the question we ask ourselves is how do we use that culture to do the right level of things as opposed to just doing as much as possible where you might slow down the business?

 


0

PhotoSquared app exposed customer photos and shipping labels

18:38 | 14 February

Popular photo printing app PhotoSquared has exposed thousands of customer photos, addresses, and orders details.

At least ten thousand shipping labels were stored in a public Amazon Web Services (AWS) storage bucket. There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the customer data. All too often, these AWS storage buckets are misconfigured and set to “public” and not “private.”

The exposed data included high-resolution user-uploaded photos and generated shipping labels, dating back to 2016 and was updating by the day. The app has more than 100,000 users, according to its Google Play listing.

It’s not known how long the storage bucket was left open.

One of the customer orders, including photos and the customer’s shipping address. The exposed storage bucket also had thousands of shipping labels. (Image: TechCrunch)

Security researchers provided the name of the exposed bucket to TechCrunch. We matched a number of shipping labels against existing public records, and contacted PhotoSquared on Wednesday to warn of the exposure.

Keith Miller, chief executive of Strategic Factory, which owns Photosquared, confirmed that the data was no longer exposed, but Miller declined to say if it planned to inform customers or regulators under data breach notification laws.

At the time of writing, PhotoSquared has made no reference to the security lapse on its website or its social media accounts.

 


0

Develop a serious cybersecurity strategic plan that incorporates CCM

22:52 | 10 February

Robert R. Ackerman Jr. Contributor
Robert R. Ackerman Jr. is the founder and managing director of AllegisCyber, a venture capital firm specializing in cybersecurity, and the co-founder and executive at DataTribe, a cybersecurity startup foundry which focuses on launching startups based on cyber domain expertise from the intelligence community and national laboratories.

It’s a new year and corporate concerns about cybersecurity risk are high. Which means top executives at Fortune 500 companies will do what they always do — spend big on security technology. Global cybersecurity spending is on a path to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021.

But increasing budgets each year with little strategic forethought is a corporate failing. Further, the lack of proactive monitoring of cyber risk profile almost ensures gaps and vulnerabilities that will be exploited by hackers.

Corporations that don’t formulate a thorough cybersecurity plan and monitor its implementation will encounter more breaches and increasingly become mired in scuttled M&A opportunities. Market research firm Gartner says that 60% of organizations engaging in M&A activity are already weighing a target’s cybersecurity track record, posture and strategy as a key factor in their due diligence. A company that has been hacked is a less attractive acquisition target — hardly a minor point, given that M&A activity globally, led by the U.S., has set records in recent years and is widely expected to maintain or exceed this level going forward.

The most highly publicized example of an M&A-related cybersecurity headache was Verizon’s discovery of a prior data breach at Yahoo a couple of years ago, after formulating an acquisition agreement. The discovery almost killed the deal and ultimately resulted in a $350 million reduction in Verizon’s purchase price.

Enterprises must step up to the plate once and for all and develop meaningful metrics to assess the quality of their cybersecurity protection and monitor its completeness and effectiveness. And the best way to do this is to begin taking steps to incorporate continuous controls monitoring (CCM).

 


0

Daily Crunch: Saudis probably hacked Bezos’ phone

20:47 | 22 January

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. UN calls for investigation after Saudis linked to Bezos phone hack

United Nations experts are calling for an investigation after a forensic report said Saudi officials “most likely” used a mobile hacking tool built by the NSO Group to hack into the phone of Amazon founder Jeff Bezos .

The report, carried out by FTI Consulting, said it was “highly probable” that the phone hack was triggered by a malicious video sent over WhatsApp to Bezos’ phone. Within hours, large amounts of data on Bezos’ phone had been exfiltrated.

2. Netflix adds 8.8M subscribers despite growing competition

Netflix addressed the competitive landscape in its Q4 earnings report, arguing that there’s “ample room for many services to grow as linear TV wanes,” noting that during the quarter, “our viewing per membership grew both globally and in the U.S. on a year over year basis, consistent with recent quarters.”

3. Tencent to grow gaming empire with $148M acquisition of Conan publisher Funcom in Norway

Tencent is cementing its position as one of the world’s biggest video and online gaming companies by revenue. Funcom, meanwhile, is traded publicly on the Oslo Stock Exchange, and the board has already recommended accepting the offer — which is being made at around 27% higher than Tuesday’s closing share price.

4. Google’s new experimental apps focus on reducing screen time — including one that uses a paper envelope

The new apps include a Screen Stopwatch for tracking screen time, another that lets you visualize your phone usage as bubbles and a third that lets you put your phone in an envelope. And no, that last one’s not a joke — the envelope would still allow you to make and receive calls, and to use the camera to take photos.

5. Your Sonos system will stop receiving updates if you have an old device

If you own a Zone Player, Connect, first-generation Play:5, CR200, Bridge or pre-2015 Connect:Amp, FYI: Sonos is going to stop shipping updates to those devices. And if Spotify and Apple Music update their application programming interface in the future, your devices could stop working with those services altogether.

6. Cruise doubles down on hardware

GM subsidiary Cruise now employs more than 1,700 people, a considerable chunk of whom are software engineers. Less well-known is the company’s strategy of building out a hardware team, which will eventually take over Cruise’s 140,000-square-foot building on San Francisco’s Bryant Street.

7. Adblock Plus’s Till Faida on the shifting shape of ad blocking

Faida tells us that the company is trying to thread a fine line between conflicting interests and string together a critical mass of internet users who want to get rid of unwelcome distractions; along with digital publishers and ad purveyors who want to maximize eyeballs on their stuff — and are likely especially keen to reach a tech-savvy, ad-blocking demographic. (Extra Crunch membership required.)

 


0

Identifying opportunities in today’s saturated cybersecurity market

19:36 | 12 January

Yoav Leitersdorf is the founder of YL Ventures, a 12-year-old, Mill Valley, California.-based seed-stage venture firm that invests narrowly in Israeli cybersecurity startups and closed its fourth fund with $120 million in capital commitments last summer — a vehicle that brings the capital it now manages to $260 million.

The outfit takes a concentrated approach to investing that has seemingly been paying off. YL Ventures was the biggest shareholder in the container security startup Twistlock, for example, which sold to Palo Alto Networks last year for $410 million after raising $63 million altogether. (YL Ventures had plugged $12 million into the company over four years.) It was also the biggest outside shareholder in Hexadite, an Israeli startup that used AI to identify and protect against attacks and that sold in 2017 to Microsoft for a reported $100 million.

Still, the firm sees a lot of cybersecurity startups. It also has an advisory board that’s comprised of more than 50 security pros from heavyweight companies. For insight into what they’re shopping for this year — and how startups might grab their attention — we reached out to Leitersdorf last week to ask what he’s hearing.

 


0

Amazon has fired an employee for leaking user email addresses and phone numbers

01:22 | 11 January

Amazon has emailed an unknown number of customers saying that their email address and phone number was obtained by an Amazon employee and shared with a third-party “in violation of our policies.”

The email, seen by TechCrunch, said the employee was “terminated” and is supporting law enforcement in its prosecution.

“No other information related to your account was shared. This is not a result of anything you have done, and there is no need for you to take any action,” the email read to customers.

But little else is known about the employee, when the information was shared and with whom, and how many customers are affected.

Amazon confirmed the authenticity of the email it sent to customers on Friday, but did not comment beyond what was in the email.

It’s not the first time it’s happened. Amazon was just as vague about a similar breach of email addresses last year, which Amazon declined to comment further.

In a separate incident, Amazon said this week that it fired four employee were fired at Ring, one of its smart camera and door bell subsidiaries. Ring said it fired the employees for improperly viewing video footage from customer cameras.

 

 


0

Mozilla says a new Firefox security bug is under active attack

18:10 | 10 January

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.

The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.

But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.

Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.

Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”

Firefox users can update their browser from the settings.

 


0

BigID bags another $50M round as data privacy laws proliferate

16:30 | 6 January

Almost exactly 4 months to the day after BigID announced a $50 million Series C, the company was back today with another $50 million round. The Series D came entirely from Tiger Global Management. The company has raised a total of $144 million.

What warrants $100 million in interest from investors in just four months is BigID’s mission to understand the data a company has and manage that in the context of increasing privacy regulation including GDPR in Europe and CCPA in California, which went into effect this month.

BigID CEO and co-founder Dimitri Sirota admits that his company formed at the right moment when it launched in 2016, but says he and his co-founders had an inkling that there would be a shift in how governments view data privacy.

“Fortunately for us, some of the requirements that we said were going to be critical, like being able to understand what data you collect on each individual across your entire data landscape, have come to [pass],” Sirota told TechCrunch. While he understands that there are lots of competing companies going after this market, he believes that being early helped his startup establish a brand identity earlier than most.

Meanwhile, the privacy regulation landscape continues to evolve. Even as California privacy legislation is taking effect, many other states and countries are looking at similar regulations. Canada is looking at overhauling its existing privacy regulations.

Sirota says that he wasn’t actually looking to raise either the C or the D, and in fact still has B money in the bank, but when big investors want to give you money on decent terms, you take it while the money is there. These investors clearly see the data privacy landscape expanding and want to get involved. He recognizes that economic conditions can change quickly, and it can’t hurt to have money in the bank for when that happens.

That said, Sirota says you don’t raise money to keep it in the bank. At some point, you put it to work. The company has big plans to expand beyond its privacy roots and into other areas of security in the coming year. Although he wouldn’t go into too much detail about that, he said to expect some announcements soon.

For a company that is only four years old, it has been amazingly proficient at raising money with a $14 million Series A and a $30 million Series B in 2018, followed by the $50 million Series C last year, and the $50 million round today. And Sirota said, he didn’t have to even go looking for the latest funding. Investors came to him — no trips to Sand Hill Road, no pitch decks. Sirota wasn’t willing to discuss the company’s valuation, only saying the investment was minimally diluted.

BigID, which is based in New York City, already has some employees in Europe and Asia, but he expects additional international expansion in 2020. Overall the company has around 165 employees at the moment and he sees that going up to 200 by mid-year as they make a push into some new adjacencies.

 


0

Twitter offers more support to researchers — to ‘keep us accountable’

13:07 | 6 January

Twitter has kicked off the New Year by taking the wraps off a new hub for academic researchers to more easily access information and support around its APIs — saying the move is in response to feedback from the research community.

The new page — which it’s called ‘Twitter data for academic researchers’ — can be found here.

It includes links to apply for a developer account to access Twitter’s APIs; details of the different APIs offered and links to additional tools for researchers, covering data integration and access; analysis; visualization; and infrastructure and hosting.

“Over the past year, we’ve worked with many of you in the academic research community. We’ve learned about the challenges you face, and how Twitter can better support you in your efforts to advance understanding of the public conversation,” the social network writes, saying it wants to “make it even easier to learn from the public conversation”.

Twitter is also promising “more enhancements and resources” for researchers this year.

It’s likely no accident the platform is putting a fresh lick of paint on its offerings for academics given that 2020 is a key election year in the U.S. — and concerns about the risk of fresh election meddling are riding high.

Tracking conversation flow on Twitter also still means playing a game of ‘bot or not’ — one that has major implications for the health of democracies. And in Europe Twitter is one of a number of platform giants which, in 2018, signed up to a voluntary Code of Practice on disinformation that commits it to addressing fake accounts and online bots, as well as to empowering the research community to monitor online disinformation via “privacy-compliant” access to platform data.

“At Twitter, we value the contributions of academic researchers and see the potential for them to help us better understand our platform, keeping us accountable, while helping us tackle new challenges through discoveries and innovations,” the company writes on the new landing page for researchers while also taking the opportunity to big up the value of its platform — claiming that “if it exists, it’s probably been talked about on Twitter”.

If Twitter lives up to its promises of active engagement with researchers and their needs, it could smartly capitalism on rival Facebook’s parallel missteps in support for academics.

Last year Facebook was accused of ‘transparency-washing’ with its own API for researchers, with a group of sixty academics slamming the ad archive API as as much a hinderance as a help.

Months later Facebook was still being reported to have done little to improve the offering.

 


0
<< Back Forward >>
Topics from 1 to 10 | in all: 430

Site search


Last comments

Walmart retreats from its UK Asda business to hone its focus on competing with Amazon
Peter Short
Good luck
Peter Short

Evolve Foundation launches a $100 million fund to find startups working to relieve human suffering
Peter Short
Money will give hope
Peter Short

Boeing will build DARPA’s XS-1 experimental spaceplane
Peter Short
Great
Peter Short

Is a “robot tax” really an “innovation penalty”?
Peter Short
It need to be taxed also any organic substance ie food than is used as a calorie transfer needs tax…
Peter Short

Twitter Is Testing A Dedicated GIF Button On Mobile
Peter Short
Sounds great Facebook got a button a few years ago
Then it disappeared Twitter needs a bottom maybe…
Peter Short

Apple’s Next iPhone Rumored To Debut On September 9th
Peter Short
Looks like a nice cycle of a round year;)
Peter Short

AncestryDNA And Google’s Calico Team Up To Study Genetic Longevity
Peter Short
I'm still fascinated by DNA though I favour pure chemistry what could be
Offered is for future gen…
Peter Short

U.K. Push For Better Broadband For Startups
Verg Matthews
There has to an email option icon to send to the clowns in MTNL ... the govt of India's service pro…
Verg Matthews

CrunchWeek: Apple Makes Music, Oculus Aims For Mainstream, Twitter CEO Shakeup
Peter Short
Noted Google maybe grooming Twitter as a partner in Social Media but with whistle blowing coming to…
Peter Short

CrunchWeek: Apple Makes Music, Oculus Aims For Mainstream, Twitter CEO Shakeup
Peter Short
Noted Google maybe grooming Twitter as a partner in Social Media but with whistle blowing coming to…
Peter Short