Random Post

Thursday, January 16, 2014
no image
target_dog

The inimitable Brian Krebs has found some interesting details about the massive Target credit card breach that exposed millions of pieces of customer data over the holidays. The hackers used a specific form of malware dedicated to grabbing sensitive data out of hardened point of sale terminals.


Shortly after news of the Target attack hit the net, someone posted a listing for a virus called POSWDS or Reedum on ThreatExpert.com. Shortly thereafter the listing was pulled but not before it was analyzed. Krebs and his sources found that the version of the software that appeared on Target computers had been specially designed to hide itself from anti-virus software and was “customized to avoid detection and for use in specific environments.”


According to Krebs, the software has been traced to a programmer called Antikiller who put it up for sale on hacker forums. The person or group responsible for selling the cards after the breach also infected Target’s computers, initially accessing the system via a compromised web server and then “hoovering up” the data as it came in.


“Further analysis of the attack has revealed the following: On December 2, the malware began transmitting payloads of stolen data to a FTP server of what appears to be a hijacked website. These transmissions occurred several times a day over a 2 week period. Also on December 2, the cyber criminals behind the attack used a virtual private server (VPS) located in Russia to download the stolen data from the FTP. They continued to download the data over 2 weeks for a total of 11 GBs of stolen sensitive customer information. While none of this data remains on the FTP server today, analysis of publicly available access logs indicates that Target was the only retailer affected. So far there is no indication of any relationship to the Neiman Marcus attack.”

Do yourself a favor and read the Krebs pieces. They are amazingly detailed and the story is chilling and fascinating and it’s great look at just how vulnerable even the most powerful commercial organizations are against a meticulous enemy.







5:09 PM

The inimitable Brian Krebs has found some interesting details about the massive Target credit card breach that exposed millions of pieces ...

Read more »
Posted by at 5:09 PM 0 comments
Labels:
no image
smart fridge

There are plenty of good reasons you might want an Internet-enabled smart refrigerator. Your friends will constantly tell you that you’re from the future! You could check how much milk is left from the store! You can… uh… tweet.. when every other more-suitable gadget in your house is dead?


But there’s also a good reason to not want one, at least until we figure this whole “Internet Of Things” (read: LETS PUT THE INTERNET IN EVERYTHING) is going to work: security is hard.


Example A: according to a new study by security firm Proofpoint, hackers have already started crackin’ away at smart appliances in hopes of further expanding their zombie spambot armies. Between December 26th, 2013 and January 6th, 2014, Proofpoint says they detected upwards of 750,000 spam emails being sent from over 100,000 compromised routers, multimedia centers, smart TVs, and, in one case, a smart fridge.


Yeah. A refrigerator.


“Who caaaares,” you might say. “They only detected one case! Who has a smart fridge anyway? What are hackers gonna do, steal my recipes?”


But it’s important to think a bit more long term.


You see, each Internet-enabled device you bring into your house is a new point of failure – another place for folks with ill intent to find their way into your world. That shiny new smart TV with the teleconferencing built right in? That’s another webcam and microphone that you’ve got to think about.


As it currently stands, a very large majority of the devices that we allow on our network are pretty locked down. The smartphones, the gaming consoles, the laptops — they’re all running on tightly guarded operating systems, and (generally) receive regular updates for years after they debut. As we gleefully stride toward the day when the Internet is in absolutely everything, how do we maintain that?


Ask someone who owns a smart TV what operating system it’s running. Chances are? They have no idea. Ask’em when it was last updated. Same deal.


Now, consider how many different TV models these manufacturers – the Samsungs, the LGs, and the Sonys of the world — cough out each year. How long does the average person keep a TV? Around five years, on the low end. How long will manufacturers actually support each TV, monitoring for potential exploits and quickly issuing patches when they arise? Does protection from security exploits end with the 2-year warranty?


Now add a million other types of smart devices into the mix. Washers and dryers. Refrigerators. Friggin’ voice-activated cooking grills .


I’m by no means denouncing this movement towards ubiquitous device connectivity. Like any other kid who grew up watching The Jetson’s, I’m ready and waiting for the house of the future.


We just have to be smart about it. We need to demand the same level of security we expect of our laptops and smartphones with every “smart” device we allow on our networks — because, really: once you start packing things like CPUs and web cams and microphones into appliances, those appliances are computers. Manufacturers need to commit to securing a device for at least the average lifespan of the product, or things could get messy fast.







5:09 PM

There are plenty of good reasons you might want an Internet-enabled smart refrigerator. Your friends will constantly tell you that you’re fr...

Read more »
Posted by at 5:09 PM 0 comments
Labels:
no image
Hand holding - zoomed in

This isn’t Google Glass in a contact lens, but it may just be Google’s first step in this direction. The company’s Google[x] lab just teased a smart contact lens on its blog that is meant to help diabetics measure their glucose levels.


The company says it is currently testing prototypes of this contact lens that use a tiny wireless chip and a miniaturized glucose sensor. These chips are embedded in between two soft layers of lens material.


In its announcement, Google notes that scientists have long looked into how certain body fluids can help them track glucose levels. Tears, it turns out, work very well, but given that most people aren’t Hollywood actors and can cry on demand, using tears was never really an option.


According to Google, the sensor can take about one reading per second and it is working on adding tiny LED lights to the lens to warn users when their glucose levels cross certain thresholds.


Google says it is working with the FDA to turn these prototypes into real products and that it is working with experts to bring this technology to market.


Updating…







4:27 PM

This isn’t Google Glass in a contact lens, but it may just be Google’s first step in this direction. The company’s Google[x] lab just teased...

Read more »
Posted by at 4:27 PM 0 comments
Labels:
no image
rdio billboard

Not to be outdone by Spotify, Beats or Pandora, Rdio is now free through its website. Mobile users still have to pay if they want access to the full Rdio experience. Users will also have to pay if they want an ad-free experience — because that’s how Rdio is making its service free.


As the announcement says, “Free listeners will hear a mix of new feature announcements, messages from partner brands, notifications about exclusive content, and other helpful tips.” So, you know, commercials.


This move isn’t that surprising for Rdio. Just yesterday, Spotify dropped its time limit on its free service, which previously limited freeloaders to unlimited streaming for six months.


On mobile, Rdio’s free version remains unchanged where it previously offered users a radio-like (or Pandora-like) experience where stations streamed for free but users could not select individual songs. Last month Spotify launched a similar service.


Rdio’s longevity has long been called into question. Recent layoffs and restructuring seems to indicate not everything is well in Rdio’s house. And the competition is about to get even more tight.


The streaming music scene is about to get a new player. Backed by AT&T, Beats Music launches on January 21st. The service is said to be sold in AT&T stores and likely bundled in some fashion with AT&T phones and included on wireless plans. Rdio, and for that matter, Spotify, need to grab all the marketshare they can before this new player enters the game. Free is a good, if desperate, way to do it, too. As Janet and Luther once proclaimed, the best things in life are free.


2:39 PM

Not to be outdone by Spotify, Beats or Pandora, Rdio is now free through its website. Mobile users still have to pay if they want access to ...

Read more »
Posted by at 2:39 PM 0 comments
Labels:
no image
housecall-1

In the wake of Exec’s sale to Handybook and Homejoy’s big $38 million round, there are still plenty of other startups doing home services on-demand from your mobile phone. Housecall, out of San Diego, is a startup that handles the long-tail of services like electrical or swimming pool work and carpet cleanings.


The team came out of Qualcomm Labs, where CEO Ian Heidt had been working on a context awareness platform called Gimbal that would infer meaning from a smartphone’s sensors.


“We wanted to start our own new thing. That initiative had done really well,” he said. “We were super intrigued by people making new mobile businesses out of these older-school ideas. With Housecall, we really wanted to accentuate that relationship between the homeowner and the service provider.”


The six-person startup currently offers more than 20 types of services including housekeeping, junk removal, plumbing, painting, locksmith work, window cleaning and so on. So while other platforms like Homejoy laser in on cleanings, Housecall has a much more expansive range of offerings. They follow in the footsteps of other web-based platforms like RedBeacon, a TechCrunch Disrupt winner that went on to be acquired by Home Depot.


housecall-2“When we launched it, it was literally just us addressing any of the places where home and technology like home automation intersect,” Heidt said. “Then we started bringing in all these other professionals from other categories.”


When you sign up with Housecall, you pick categories that you want work finished in and then you’ll see service providers. You can look up their services and prices, and then book them if they seem appealing. So far, Housecall is only available in San Diego and they’re expanding it carefully by zip code after zip code. They haven’t disclosed their fee splits with providers.


“At the outset, we were basically marketing it through our personal networks and the people they knew well,” Heidt said. “That has carried it a long way.”


The company has raised $1.5 million from investors including e.ventures and was part of EvoNexus, a pro bono technology incubotor based in San Diego.







1:09 PM

In the wake of Exec’s sale to Handybook and Homejoy’s big $38 million round , there are still plenty of other startups doing home services ...

Read more »
Posted by at 1:09 PM 0 comments
Labels:
no image
Starbucks has admitted storing users' passwords in plain text on its mobile apps, creating security and privacy risks. Anyone with access to a customer's phone could obtain that person's user name, password and email address by connecting the device to a computer and opening a file. The clear text reportedly also displays a string of geolocation data that could put customer privacy at risk. The app allows users to quickly pay for their purchases at a Starbucks outlet, without having to re-enter their password each time they use it.


1:09 PM

Starbucks has admitted storing users' passwords in plain text on its mobile apps, creating security and privacy risks. Anyone with acc...

Read more »
Posted by at 1:09 PM 0 comments
Labels:
no image
brandproject

A new seed-stage investment fund and ‘company creation’ startup called BrandProject launched today, with offices in Toronto and New York, and a team of founders who, between them, have a boatload of experience building, shipping and marketing consumer hardware and software for some of the biggest brands on the planet.


The five-person founding team includes founder and CEO Andrew Black, who’s worked with Nike, Virgin and Lego; Stanley Hainsworth, a former VP of Starbucks and in-store branding/packaging expert who invented the Gatorade bottle; Jay Bhatti, CTO and former director of a boutique search marketing firm that counted Barneys and Coach as clients; and Sarah Prevette, former founder of entrepreneurial social network Sprouter and startup publication BetaKit (disclosure: I previously worked for BetaKit when Prevette was editor in chief).


The team will be working in what Prevette described in an interview as a “betaworks“-style approach to incubating talent and early-stage companies that aim to create consumer software and physical products, sometimes investing money with the $12 million initial they’ve amassed from private investors, the founding team itself, and BDC Venture Capital.


“The model is really flexible,” Prevette explained. “We look for really exciting transformational ideals that have traction in a wide variety of consumer verticals. We look at everything from health, to fitness, to beauty, to home consumer hardware and consumer tech. We’re also always looking for phenomenal people with a track record of success, but people come to us at different stages.”


BrandProject is incubating some ideas sourced from the founders that solve problems they’ve been having themselves, for instance, and they’re seeking “industry experts who share that passion” to help build those products and bring them to market. They’ve also already quietly worked with BRIKA, Hello Products, Caffeinated Chocolate and The Coveteur via investment and assistance in growing their business.


The consumer focus with a willingness to bet on hardware, especially for an incubator and early stage investor that has one foot planted firmly in Canada, is a rare thing. The investment climate locally in Toronto seems to have become more cautious lately, which has led to some funds closing entirely, and both investors and accelerators turning their attention to more enterprise and B2B companies, which represent less risk relative to the fickle consumer market.


Prevette says to expect to start seeing more from BrandProject and the companies it’s helping build very soon, but while the concept has a solid proven foundation with the likes of betaworks and Idealab, there’s still a lot of risk inherent in the model. BrandProject does have a team with a solid history of building and selling consumer products, however, and it shouldn’t have any trouble attracted talented people on the Canadian side of the border where resources for entrepreneurs interested in chasing the consumer market are relatively few and far between.







1:09 PM

A new seed-stage investment fund and ‘company creation’ startup called BrandProject launched today, with offices in Toronto and New York, a...

Read more »
Posted by at 1:09 PM 0 comments
Labels:
Subscribe to: Comments (Atom)
 
Google Analytics Alternative