Use Wufoo integrations and get your data to your favorite apps.

Category: Black Hat

There are 12 posts published under Black Hat.

The Best Security Defense is a Good Open Source Offense

The hackers who compromised Adobe’s network knew, when they hacked into the system, that the most valuable prize would be the one that was the most secretive – their source code.

 

Exploiting secrets is the name of the game for the hacking community, but now, the new hot secret to steal is beyond personal data, it’s the code that makes things tick.

 

In the past, companies viewed source code as their best defense. Develop a code, hold it tight to the vest, and your system would be as secure as a maximum-security prison, or so they thought. Today, many of the same organizations, which thought keeping their code closed was a best practice in security, are finding themselves in hot water and re-evaluating their security policies.

 

What’s the solution? It’s quite simple. The best security defense is a good open source offense. Instead of holding your code so close, open it up and share it with the community. Although it may seem counter-intuitive to share more, if there’s no secret, there’s nothing to steal.

 

Greater scrutiny

 

Oftentimes, rather than thinking of open source as an offensive strategy to protect against security breaches, people believe that sharing code makes you more vulnerable to security threats. The truth is that open source code goes through much more vigorous scrutiny and is, therefore, less likely to have security holes. Not only are you one step ahead of the hackers by sharing your past secrets, but you have an entire community of developers helping you to make sure that bugs are flagged and fixed faster, assuring that the code does not become vulnerable to any future attacks.

 

Quicker evolution of code

 

Open source is inherently dynamic – constantly evolving with faster releases compared to proprietary code. And, with the software quickly changing, hackers have less time to infiltrate the code. Since the hacker community is constantly looking for new ways to attack companies and software, it is important that security holes get identified quickly.  When code is open source, everyone from end-users to community developers is able to identify issues and fix them quickly. Hackers might be fast, but when there is a community evaluating code, organizations have the opportunity to be much faster.

 

Transparent solutions

 

Companies often use proprietary software from third-party vendors. As a result, they do not have a clear and transparent view of how their software works while using the code. Proprietary vendors hold on to their “secrets” and, if there is a security issue, customers are unable to get a full picture of the problem. Organizations can find themselves in a situation where they know they have a breach, but are unable to identify the source. In the meantime, their customers are waiting for them to resolve the problem. If they had chosen an open source software solution instead, they would have a much easier time identifying and understanding the issue. Open source provides a complete picture of the software and how it is integrated with the overall product, providing a tremendous advantage when answering the big question – “what went wrong?”

 

The more inter-dependencies, the bigger the issue

 

Software has several interdependencies and if one portion is hacked, it’s very likely that other parts of the product will also be affected. Open source operating systems (OS), like Linux, are modeled on UNIX – a modular OS. These systems are not only transparent to users and administrators, but also have fewer interdependencies in comparison to proprietary systems. When there is an issue with one part, it’s easier to work on fixing it without having to worry about its impact on other components. And of course, if one part is hacked, it doesn’t mean that the entire system has been compromised.

 

As we all know in the security world, hackers are always thinking of new ways to attack our systems, and open source is not going to solve all security challenges, but going on the offensive is the first step in taking back control. The characteristics of open source, such as constant evolution, quicker fixes and lesser interdependencies, can be a huge advantage when facing hackers. Evaluating security policies to understand the “secrets” in an organization’s IT vault and how they are impacting the organization is critical in assuring that the next breach is merely an inconvenience rather than a catastrophe.

 

Security cannot be taken for granted and requires constant vigilance. There are no easy fixes and substitutes for being aware of ones environment and vigilant for threats and attacks. Using open source software is one tool in an entire arsenal of protective strategy that is needed to ensure security in the modern enterprise.

295

Server Configuration Can Protect against Fast-Growing CHARGEN Attacks

Hundreds of thousands of Internet servers sit at risk of being used in a fast-growing technique to reflect and amplify distributed denial of service (DDoS) attacks, despite the fact that a simple server configuration change could eliminate the DDoS threat.

 

Incidences of DDoS attacks using the character generator CHARGEN protocol rose sharply in the third quarter of 2013, according to data reported in the Q3 2013 Global Attack Report from the Prolexic Security Engineering and Response Team (PLXsert).

 

Attacks using the CHARGEN protocol, which was noted as vulnerable to these types of attacks as early as 1999, were the fastest-growing type of DDoS attack in Q3 2013, with attackers using vulnerable servers around the world to reflect and amplify data onslaughts at target servers.

 

The CHARGEN protocol was initially created to enable testing and measurement of servers. Today, it is obsolete, and it should be disabled. Many legacy servers have it turned on by default.

 

Despite its age, the re-emergence of CHARGEN attacks within the underground DDoS-as-a-Service marketplace suggests the abuse of this internet protocol retains value to malicious actors engaging in distributed reflected denial of service (DrDoS) attacks.

 

In Q3, Prolexic observed CHARGEN DrDoS attacks against its customers in the gambling and entertainment industries. Prolexic’s experts mitigated these attacks before they affected the availability of the customers’ servers. A subsequent analysis found similar CHARGEN attack patterns in each case.

 

In the gambling industry attack, most of the reflected traffic originated from Asia, and particularly China. The attack lasted 1.5 hours and reached a peak rate of 2 Gbps.

 

In the entertainment industry incident, although much of the traffic originated in China CHARGEN servers from all continents except Antarctica were engaged in the attack, which lasted a half-hour and reached a peak rate of 2 Gbps.

 

Because vulnerable servers used to reflect CHARGEN data may respond with as much as 17 times more data than they receive, attackers find the approach  attractive. An attack launched with just one or two servers can overwhelm a standard 1GB virtual private server in a matter of seconds. In addition, the use of the UDP CHARGEN enables spoofing of IP addresses, which provides pseudo-anonymity for attackers.

 

Meanwhile, hundreds of thousands of CHARGEN servers lie susceptible to use as attack vectors, a situation that can be readily addressed with a simple change to the server configuration. Of 1,000 attack events involving CHARGEN analyzed by PLXsert, more than 99 percent were found to have taken advantage of Windows servers – from Windows NT to Windows 2008 R2.

 

Step-by-step instructions explain how to disable CHARGEN on a Windows server in a case study on new DDoS techniques, including CHARGEN attacks, available in the Q3 2013 Global Attack Report from Prolexic.

 

More information is available in the Q3 2013 Global Attack Report.

363

Top Startup and Tech News Today: 7 Things You Missed Today

1. Twitter Dishes Tantalizing Tidbits In IPO Treatise

 

On Thursday, Twitter released an 800-page filing that talked about its attempt to make money, its growth, and its intention to its IPO. The suspense surrounding Twitter’s decision to its IPO is heightened by Twitter’s keeping their IPO documents secret until management is ready to appeal to investors. Twitter’s lack of secrecy means that the company may start pitching to investors as early as Oct 24th. Twitter’s report referenced some key components about Twitter. The report relayed facts, such as how, when Twitter was first opened, management focused on attracting more users and making the service more reliable; Twitter didn’t even try to make money during its first couple of years. But, the company isn’t incredibly profitable; Twitter’s losses hit $69 million the first half of this year. Twitter is, however, getting more mobile than Facebook, and its market value could be as high as $20 billion.

 

2. iPhone 5C Price Slashed To $50 At Best Buy After Just 2 Weeks

 

Best Buy has slashed the price of the iPhone 5C in half after just two weeks. From now until October 7th, Best Buy will give iPhone 5C buyers a $50 gift card with the phone. Best Buy has offered similar deals for iPhones in the past, but this is the first time a deal has been offered for a brand-new iPhone that was only so recently launched. Analysts generally agree that Apple’s lower-costing iPhone 5C was not priced aggressively enough to appeal to consumers in emerging markets. Best Buy’s slashing of the prices in order to sell units supports this idea; we will have to wait and see if other American retailers decide to follow Best Buy’s lead.

 

3. Samsung Reports Record-High Profit for 3Q

 

Profit at Samsung hit a record-high in the 3rd quarter. This is most likely driven by large sales of Samsung’s cheaper smartphones in developing countries. Samsung said that their third-quarter operating income rose 25% over the past year to $9.4 billion. This result was slightly better than the market prediction of $9.3 billion. Third quarter sales were $55 billion. No other details of Samsung’s financial performance were disclosed.

 

There had been expectations last month of slowing growth in sales of smartphones, and while Galaxy S4 sales did plunge during the three-month period, Samsung sold more smartphones than the previous due to the sales of its cheaper smartphones.

 

4. Hackers Steal Data From 2.9 million Adobe Customers

 

Adobe Systems warns that hackers stole the credit card numbers and other information from 2.9 million of Adobe’s customers. The information stolen was believed to have included customer names, credit or debit card numbers, expiration dates, and order information. “Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving illegal access of customer information as well as source code for numerous Adobe products,” said Adobe chief security officer Brad Arkin. “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems… We deeply regret that this incident occurred… We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”

 

5. Apple Buys Cue

 

Apple has acquired Cue, a personal assistant startup app. Apple doled out around $50-$60 million for this acquisition. Cue provides mobile apps for iOS that collects relevant information from users’ email, social, and professional networking platforms (Facebook, Twitter, Linkedin, etc.) It then displays all this on the mobile screen occasionally, letting users get all the information they want from a single app. This acquisition will help Apple integrate social networking capabilities into its operating system. Google Now has similar capabilities; it is a large possibility that Apple acquired Cue in order to play catch-up with Google Now.

 

6. Google Backs Sydney Student Startups

 

INCUBATE, an award winning startup accelerator program, has launched 16 ventures from students at Sydney University. INCUBATE has found a backer in Google and is now set to expand this entrepreneurial program to universities across Australia. “With Google’s help, we want to take the accelerator program to other campuses to create Australia’s first national network of global-thinking entrepreneurs at universities,” said program manager James Alexander said.

 

Through INCUBATE, startups receive $5,000 seed funding, a co-working space on campus, office resources, internet, printing, and mentoring from some of Australia’s most experienced business minds and industry experts. INCUBATE was co-founded in 2012 by two students and developed by the University of Sydney Student Union.

 

7. Google Acquires Gesture Recognition Startup Flutter

 

Google has acquired the gesture recognition startup, Flutter. Neither companies have disclosed the financial terms and other details of this acquisition. However, it is speculated that Flutter has been acquired for roughly $40 million. Flutter was created three years ago by Navneet Dalal and Mehul Nariyawala, and is based in India. They develop gesture recognition technology that can be used to control apps such as Youtube, Pandora, and Netflix through the webcam. CEO Navneet Dalal of Flutter was quoted as saying, “Today, we are thrilled to announce that we will be continuing our research at Google. We share Google’s passion for 10x thinking, and we’re excited to add their rocket fuel to our journey.”

230

Cyber Mercenary 'Icefog' Attacks South Korean and Japanese Supply Chains

An advanced persistent threat (APT), named Icefog, has been detected; mostly targeting South Korean and Japanese supply chains, including: government institutions, military contractors, maritime and ship-building group, telecom operators, satellite operators, industrial and high technology companies and mass media.

 

Icefog, tracked by Kaspersky since 2011, was recently discovered in June 2013 following an attack sample which was retrieved from Fuji TV. Upon analysis, different variants were identified — 6 to be exact. It was also found that these attacks were essentially a newer form of an original attack on the Japanese Parliament in 2011.

 

Icefog follows an ongoing trend, consisting of a relatively small group of attackers that perform hit-and-run tasks with a focus on supply chain. The attack is done, initially, through spear-phishing emails — the victims get an email with an attachment or link to malicious sites with downloadable files. When the files are downloaded, a backdoor is dropped into the system, giving Icefog access to the machine. Then specific, sensitive information is extracted with surgical precision. Special to Icefog’s method of attack, once information has been acquired, the group moves on to another machine in sharp contrast to the usual, long-time infection that other APTs maintain.

 

So, who, in general, is susceptible to Icefog’s attack? Their attacks are done through the use of custom-made cyber espionage tools that act on Microsoft Windows and Apple Mac OSX, leaving Linux computers immune to hacking attempts. An Android variant is suspected to exist, but has not yet been found.

 

Considering some of the major tensions in East Asia, Icefog’s attack pattern begs the question “are these attacks sponsored by a state?” Usually, a state is inferred and determined based on the motivations of the campaign, which tends to last a long time. Because of the hit-and-run method of attack by Icefog, it’s hard to determine an overarching theme beyond supply chain and, thus, makes it difficult to pinpoint anyone. Though, it should be mentioned that, based on the IP addresses used to monitor and control the infrastructure, the ones that could be responsible for Icefog could be deduced to: China, South Korea, or Japan.

 

Fortunately, Kaspersky found a few command-and-control servers and sinkholed some of them — preventing access to hundreds of users. Additionally, Kaspersky is able to identify and neutralize all variants of Icefog. Despite the work being done towards these APTs, Kaspersky says that “In the future, [they] predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations, a kind of ‘cyber mercenaries’ of the modern world.”

277

Kimsuky is a Simple Computer Virus That Targets South Korea

On September 11, Kaspersky’s research team published a report showing attacks on South Korea’s think-tanks. This cyber-espionage campaign, named Kimsuky, seemed to only target 11 South Korean and 2 Chinese groups—some of these groups include: the Sejong Institute, KIDA (Korea Institute for Defense Analysis), South Korea’s Ministry of Unification, Hyundai Merchant Marine, and supporters of the Korean Unification.

The first instance of Kimsuky’s activity was on April 3, 2013 and the first Trojan samples were found on May 5, 2013. This virus is special in that it’s pretty unsophisticated and communicated with its master using a public email server. Apparently, this is commonplace with amateur virus coders and is usually ignored. What caught the attention of the researchers was that Kimsuky used a Bulgarian email server and the code contains Hangul (Korean characters), which actually translate to “attack” and “completion.”

 

Because Kimsuky is highly limited and targeted, it is uncertain how it is being distributed. The early Trojan samples collected were delivered by spear-phishing emails. These emails have been traced to “kim” names and 10 IP addresses. These IP addresses connect this virus to the Jilin and Liaoning Network Province in China. Interestingly enough, there are lines in these provinces that connect to North Korea. Another interesting attribute of Kimsuky is that it disables the security tools of a South Korean anti-malware company, AhnLab.

 

Looking at Kimsuky’s targets and the source of the IP addresses, it seems as though the source of the malware is North Korea. Though, Kaspersky researchers say that “it is not that hard to enter arbitrary registration information and misdirect investigators to an obvious North Korean origin.” In the end, there is no clear cut evidence to point any fingers.

 

Luckily, the code is, as previously mentioned, simple—Kaspersky products are able to detect and neutralize various Kimsuky threats.

286

Top Startup and Tech News Today-7 Things You Missed Today

1. Apple No Longer Innovates, Says the Man Who Helped Steve Jobs Design the Mac

Hartmut Esslinger has quite the resume when it comes to industrial design; after all, he worked with Steve Jobs to establish the “design language” that was used on the Mac line of computers for over a decide. Esslinger’s iconolocastic firm had designed over 100 products for Sony before he signed an exclusive, $1 million deal with Apple. But the Apple that he worked with is gone, says Esselinger. The visionary founders have been replaced by leaders who can’t think beyond increasing profit.

Steve Jobs “stubbornly insisted on trying new things,” says Esslinger. Jobs knew that design could define Apple’s brand more so than any marketing campaign could. So, Esselinger’s “Snow White” design language, which integrated the Mac’s outer plastic shell with the software it contained, took off and made Macs a household item.

The re-thinking of the integration of hardware and software is one of the most important things in the near future, says Esslinger. “Flat screens have reached a level of saturation,” he says. “The cheapest way is not always the best way… There is much more freedom [in design] than we think we have.”

2. The 6 most important things Mark Zuckerberg revealed yesterday

  1. Facebook is currently at a crossroads. Hopefully, at the end of their journey, Facebook will be thriving in a world where everyone is on it.
  2. Facebook wants to become a “data map” within the next five or ten years.
  3. It’s important to stay focused on doing what you believe as right; sometimes, you’re ahead of the market and they’ll catch up. A good example would be Facebook’s mobile app; when first introduced, everyone thought it was preposterous. It turned out to be very successful.
  4. It’s tough to determine when something isn’t going to work, as opposed to it hasn’t worked yet. But this is important.
  5. Zuckerberg thinks the “government blew it” in its role to protect American citizens in terms of privacy.
  6. Zuckerberg has started teaching a middle-school class in order to gain perspective on education issues.

3. Twitter Files for IPO

Twitter, and all its 200 million users, has filed for its first public offering. This announcement came out threw a single tweet. “We’ve confidentially submitted an S-1 to the SEC for a planned IPO,” said Twitter on Thursday.

Twitter’s disclosure of its filing is a variation on the new “secret” IPO process, which comes from the recent JOBS act. This gives companies the power to file with the SEC without public scrutiny. If Twitter truly does go public and sell its shares, it will have to do disclose financial documents. Although, we already know one hint of its financial realms – to even take advantage of JOBS, the company’s annual revenue must be less than $1 billion. Thus, we know the maximum amount of money that Twitter makes.

4. Why is Samsung throwing money at startups?

“The market has shifted from one where you make phones to one where you control or piggyback off an ecosystem. Samsung controls the supply chain to a greater degree than anyone else, but it has realized that it lags the leaders in software, integration, and services… Its thought process is simple: go where the innovation is happening, Silicon Valley and New York, and cozy up to these folks to get a better look at what it takes to build beautifully integrated apps.” says research director at Current Analysis Avi Greengart.

Samsung has recently announced a new venture fund made up of $1 billion. They will use this to back early-stage startups and buy talent. They’re looking to meet the hottest companies, inquire, and acquire; a different model from their VC arm. Thus, that that hang at the accelerator may become Samsung apps in a limited amount of time. This accelerator space in New York features offices and conference rooms where a young startup can grow. “I could definitely get used to working here, said Nate Gosseln, a senior manager at the startup ShareThrough. “As we look to the future, our biggest opportunities to innovate are outside of hardware,” said BK Yoon, CEO of Samsung.

5. Vodafone Hacker Accesses 2 Million Customers’ Banking Data

A hacker got into Vodafone’s server in Germany and gained access to 2 million customer’s personal details as well as banking information. Data such as names, addresses, birth dates, and bank account information were all stolen from the world’s second-biggest mobile-phone carrier. The hacker however has no access to credit card information, said Vodafone.

The attack was detected in early September, stopped, and reported to the police. Clients who are worried can check on Vodafone’s German website to see whether or not they are affected. While the data stolen is not enough for criminals to access bank accounts, Vodafone warns clients of phishing attacks. After this incident was announced, Vodafone shares fell .8% in the market.

6. J .P. Morgan’s plan to help startups stay private longer

“Come to Silicon Valley” was the message that Noah Wintroub, head of Internet and digital media banking for JP Morgan, kept telling James Lee, the bank’s vice chairman. Wintroub wanted Lee to come see that Facebook was just the tip of the iceberg; there were dozens of other maturing tech startups that could benefit from being with the bank. So, Lee came over. “Historically these companies finance themselves via venture capital and maybe a little bit of bank debt…But at some stage they don’t want more bank debt and they don’t want additional dilution. So their only real option was to go public, which they may not yet feel ready to do.” Said Lee, about growing startups.

So, Lee decided to develop and create a new system, where startups could avoid to do either. His creation, a trademarked debt product called SPL (Stay Private Longer) is a customized combination of a cash-pay coupon and a payment-in-kind note. The first company to use SPL was SurveyMonkey, the second being consumer electronics startup JawBone. “J.P. Morgan created a unique instrument designed to fill a near-term capital hole that we had,” says Jawbone CEO Hosain Rahman.”J.P. Morgan has a big war chest to put into companies, so today it is tens of millions and someday it may scale up to billions.”

7. Five Things Startups Shouldn’t Digitize

  1. Belly to Belly Contact. When you have to connect with clients or pitch an idea, do it in person. Trust is an element that is best dealt with in person.
  2. Create extraordinary brand journeys. When clients visit your showroom or product displays, make sure that each touch point is designed and cared for, and that everything elicits a positive response.
  3. Post Purchase Support. If something goes wrong, fix the problem in person. Sometimes client relationships can be further deepened when you fix a flaw.
  4. Some marketing touch points.
  5. Education.

 

159

Top Startup and Tech News Today-7 Things You Missed Today

1. Facebook’s Mark Zuckerberg on NSA Leaks: “The Government Blew It”

 

Mark Zuckerberg offered his outraged opinion when questioned about his thoughts on the fact that government is asking internet companies for user information. He says that “the government blew it” when it came to finding the balance between maintaining the civil liberties of the people and national protection. He has taken and plans to take more steps towards increasing the transparency of government requests for data.

 

Facebook joined a lawsuit asking the Obama administration to “allow it to disclose more details of its forced cooperation.” In addition, Zuckerberg plans on visiting Republican lawmakers in Washington D.C. and discuss the privacy issues.

 

2. Court Decision Means Another Look At Google Street View Case

 

Google has, once again, been accused of breaching wiretapping laws with their Street View car excursions. The U.S. Appeals Court in San Francisco does not plan on dismissing the lawsuit against the company which states that the Street View cars were taking advantage of unencrypted networks to collect digital conversations.

 

Google argues that the “internet data it was collecting was broadcast over the airwaves and was not encrypted” and that “the communications were more like radio transmissions than phone calls.” Circuit Judge Bybee stated that, while it is common for people to take advantage of neighbors’ unencrypted, they don’t normally record and decrypt the data obtained. This lawsuit could cost Google billions.

 

3. Five Startups to Watch From Kaplan’s TechStars-Powered Ed Tech Accelerator Demo Day

 

Kaplan’s one time joint ed tech accelerator with TechStars decided to run their ed tech accelerator program again with strong results. It’s no wonder—analysts have said that “venture capital deal activity remains strong in ed tech.” Five of the most highly praised startups on demo day are: Degreed, Flinja, Newsela, Ranku, Verificient.

 

Degreed’s goal is to provide a means of “quantifying and credentialing learning.” Flinja offers college students small projects to do in an effort to break the catch 22 of needing experience for a job while needing a job for experience. Newsela works to improve student literacy by providing stories, each of which comes in several levels of difficulty. Students will be given a version of a story that matches their reading level and they can opt for more challenging version should they choose to do so. Ranku allows students to explore virtual degree programs that is able to provide a quality education at affordable prices. Verificient is an automated proctoring system that monitors keystrokes and facial expressions to keep virtual students honest whilst taking tests and whatnot.

 

4. Hanoi: 200 Students Off School Because of Hacker

 

An identified hacker broke into the security system of Ha Dinh primary school in Hanoi, Vietnam and sent messages to the parents of students. The first of the messages informed the parents of students that there would be unexpected work and that students would not need to attend on September 6th. A following message to the parents said that the school would be upgrading its facilities for improved education and asked for a contribution of VND1.2 million along with an extra VND200,000 per child. Luckily, the school caught wind of the messages soon after the second message was sent and followed up with a message clarifying the situation.

 

5. How the Internet of Things is Making Our Homes Smarter (And Easier to Hack)

 

With everything being connected together and to the internet, the world is becoming a more convenient place. However, this comes at a price: everything becomes accessible if someone tried hard enough.

 

John Matherly created a search engine named Shodan. It doesn’t function the same way other search engines like Google or Bing do—it searches for things that are connected to the internet. Additionally, it can tell how secure a device is. For example, it discovered a huge security flaw in a hydroelectric plant in France. What Matherly does with Shodan is to warn people of unsecure devices. In the end though, “it’s the customer’s responsibility to keep their own homes safe.”

 

6. Internet Entrepreneur Believed to be First 9/11 Casualty Remembered in New Book

 

No Better Time: The Brief, Remarkable Life of Danny Lewin, the Genius Who Transformed the Internet, a book written by Molly Knight Raskin details the first casualty of the September 11 attacks. He was stabbed on the first plane that hit the twin towers, leaving behind his wife and two children.

 

What makes him remarkable isn’t the fact that he’s the first casualty, but, instead, that he was one of the co-founders of a company known as Akamai. He and Tom Leighton, the other half of Akamai, worked on codes to speed up dial-up internet connections. This success brought in billions of dollars overnight. While they started strongly, the company hit a wall and was losing money quickly—it was September 10 when they had worked out how to cut costs.

 

Though he left use early, he left behind a legacy that strongly impacted the internet.

 

7. Microsoft’s Concept Videos From 2000 Were Spot-On. So Why Didn’t Ballmer Build Any of It?

 

Back in the days of minidisc players and 9 keyed phones, Microsoft’s CEO, Steve Ballmer, had a vision; one where all devices within a household could be connected together. This idea came into existence before Apple, Google, or anyone else. What happened?

 

Essentially the company didn’t realize these aspirations due to disagreements on some aspects while other facets of the idea were before its time and, before long, the dot-com bubble burst. “Had the company executed on even a fraction of its vision, Microsoft wouldn’t be out looking for a new CEO,” stated a former Microsoft executive, Charles Fitzgerald.

265

Top Startup and Tech News Today-7 Things You Missed Today

1. How eBay Could Rescue Bitcoin From the Feds

 

Bitcoin exchanges have run into a hurdle in the form of the U.S. banks. There are questions about whether or not they “meet federal and state money transmission business regulations.” While this is quite a setback, another company is in prime position to take advantage of the situation: eBay. It had a “virtual currencies” section, allowing people to sell and purchase Bitcoins—it’s a forum for Bitcoin exchange, bypassing the federal and state regulations via PayPal.

 

The only thing preventing eBay from taking advantage of this opportunity, should they choose to do so, is the fact that Paypal allows chargebacks. Someone could purchase Bitcoins on eBay and simply state that the Bitcoins weren’t delivered, defrauding the seller. If eBay manages to solve this problem, PayPal could be in even bigger competition with Bitcoin. “They could very well find their business model outdated,” states financial regulations lawyer, Van Cleef.

 

2. Google is joining the Open edX platform

 

Google released Course Builder, an experimental platform, last year to test the waters in online education. It was well received with a multitude of different online courses available with various institutions experimenting with MOOCs (massive open online course). To continue with the online education front, Google has decided to join Open edX, a non-profit aiming to provide interactive online courses, as a contributor.

 

The effects of the combined efforts of both companies will provide much for the developers and consumers. Director of Research, Dan Clancy says, “We hope that our continued contributions to open source education projects will enable anyone who builds online education products to benefit from our technology, services and scale. For learners, we believe that a more open online education ecosystem will make it easier for anyone to pick up new skills and concepts at anytime, anywhere.”

 

3. Consumer: Stay Smart to Avoid WiFi Hackers

 

Becoming a super connected metropolis with free WiFi everywhere sounds great, but it also has its cons. One glaring problem is the presence of WiFi Hackers. Leeds is one such city that hopes to realize this vision.  A survey done on Britons was done to examine their WiFi use and determine how safe people really are.

 

Half of the surveyed do not know if the WiFi hotspot they use is secure, opening them up to identity fraud. Two thirds use the hotspots to check their email, a smorgasbord of personal information. Even more surprising, ten percent of people access their bank accounts with the public WiFi.

 

A brief list from these findings states that: important online tasks should stay at home, remove automatic connections on your mobile device, and don’t use apps whose encryption method is unknown.

 

4. Microsoft Seeks Cloud, Mobile, and Gaming Startups in London’s Tech City

 

Microsoft launched a 12 week accelerator program for UK cloud, mobile, and gaming startups in East London Tech City. 20 startups will have the opportunity to gain mentorship from executives from Microsoft, Train2Game, Lift London, and more.  This program is the latest of 10 around the world by Microsoft. The success rate of companies, from a total of 119, getting funding (within 6 months of the program’s end) is 85 percent! The kicker, though, is that Microsoft does not plan on taking equities from the startups. Rather, they will hope that the accelerator program will help to create future successful partnerships and additions to the Microsoft family.

 

5. Facebook Rolls Out “Professional Skills” Section on User Profiles

 

Facebook tries its hand at doing what LinkedIn has been already been doing, acting as a professional outlet for users. It recently included a new feature that allows users to add professional skills to their profile. Facebook takes this one step further than LinkedIn in that they connect skills to relevant interest groups, giving potential hires even more exposure. For those who worry about privacy, there is an option to adjust the privacy settings on the resume.

 

“If Facebook’s Professional Skills feature takes off, you’ll be able to browse through friends’ vacation picks and potential hires, all at the same time.”

 

6. What Startups Need to Know about Obamacare

 

With Obamacare coming out soon, startups have more health insurance options available to employees. Plans will come in 4 flavors—the typical Bronze, Silver, Gold, and Platinum setup, each with increasing cost and coverage.

 

Exchanges will start on October 1st, 2013—small businesses can take advantage of this time and look at the exchanges and plans. Since insurance companies will not be able to deny anyone, the rates for insurance will increase, especially for those below the age of 30. However, most of the regulations placed onto small businesses are delayed until 2015 instead of 2014.

 

7. Fun: First Actual Computer Bug Was Found Today, 66 Years Ago

 

It’s time to celebrate the 66th birthday of the first discovered computer bug! In 1947, the Mark II Aiken Relay Computer in Harvard had a peculiarity in its system—a bug. For all the technophiles out there, it, unfortunately isn’t the metaphorical bug we all know of; it was literally a bug; a moth. The person who helped to publicize this and coin the term “bugging” and “debugging” is Grace Hopper. The moth itself exists in a logbook in the Nation Museum of American History, but, unfortunately, is not on display.

5312

Top Startup and Tech News Today-7 Things You Missed Today

1. US and UK spy agencies defeat privacy and security on the internet

 

US and UK intelligence agencies have successfully cracked most of the online encryption people used to protect the privacy of their personal data according to a top-secret document revealed by Edward Snowden. The files show that the NSA and the GCHQ (the UK counterpart to the NSA) have broadly compromised and stretched the guarantees that internet companies tell their customers. Communication, online banking, and medical records are not as indecipherable to governments as consumers are being told.

 

The agencies, the document says, have launched an ongoing and systematic assault on what is viewed as one of their biggest threats to their ability to access huge amounts of internet traffic – “the use of ubiquitous encryption across the internet.” One method used by these agencies include using supercomputers to break through encryption with what is called “brute force” and collaboration with technology companies and internet service providers. Through these partnerships, agencies have managed to insert “backdoors” into commercial encryption software.

 

The agencies insist that this is all necessary to their mission of fighting terrorism and foreign intelligence gathering. But security experts accuse them of simply attacking the internet and endangering the privacy of all internet users. “By deliberately undermining online security in a short-sighted effort to eavesdrop,” Bruce Schneier, an encryption specialist says, “the NSA is undermining the very fabric of the internet.”

 

2. The Lessons Every Entrepreneur Must Learn: The Wisdom Of Tony Hsieh, Blake Mycoskie And Many Others

 

1. Experience wins out over graduate school.

2. Keep a strong network.

3. Think “outside the box” – this will always win out.

4. Keep your venture philanthropic – do good, feel good, and you’ll see good results.

5. Use more than one discipline when approaching a new market.

6. Time, knowledge, and effort are just as important measured of currency as money.

7. Use capitalism as a force for good by incorporating the act of giving into your everyday life.

8. Low-risk, high-reward opportunities are aplenty. Today a company can be started for a minimal price and education can be gained through your fingertips. Exploit this.

9. When are young, you start at zero. So you can’t fail. Don’t take the safe choice.

10. Embrace the idea that you may have more than one career and they may not be in the same fields.

11. Risk assessment and risk management are important to have throughout your life.

12. Follow your passion – you’ll never find a successful person who isn’t passionate about what they do.

13. Don’t be afraid to disrupt. This is where innovation comes from.

 

3. Hackers for Hire, Just in It for the Cash

 

From Anonymous to the Syrian Electronic Army, it seems as through high-profile hackers and their adventures and exploits of the internet are constantly making the news. Some are driven by political ideals and revenge; some are driven by nothing more than boredom. But we see these two ends of the spectrum so often and so frequently that we forget about the most powerful motivator of all: money.

 

Last week, 24-year old Andrew James Miller pleaded guilty to one count of conspiracy and two counts of computer intrusion. From the years of 2008 to 2011, Miller allegedly hacker into “various commercial, education, and government computer networks” in order to steal information and install “backdoors” that would allow him to sell access to these networks later. He was caught for trying to sell secret access to two US government supercomputers for $50,000 to an undercover FBI agent. Miller also sold the FBI access to the Domino’s Pizza Chain domain for a price of $1,000.

 

Miller is a prime example of the other type of computer hacker – not the one who has a political goal or is simply looking for something to do, but one that hacks for hire. Not everyone wants to bring down a government; most clients simply want access to someone’s Facebook or email account.

 

Go ahead and Google “hacker for hire” and see a wide array of price quotes and services. Hackers for hire is a new trend, a new occupation, and one that looks like it is going to last.

 

4. Hackers find weaknesses in car computer systems

 

There are now cars that can park and drive by themselves. As cars become more automated and more advanced, they become more and more like PCs on wheels – so, if a hacker can take over a PC easily, who’s to say he can’t take over a car?

 

Recent demonstrations have shown that hackers can slam a car’s brakes at freeway speeds, jerk the steering wheel, and shut down the engine all from their laptop computer. All cars and trucks are roughly 20-70% computer. This computer runs through an internal network that controls everything from the brakes to the acceleration to the windows; this network is one that many hackers have gained access to. To be fair, these “hackers” were computer security experts, and it took them months to hack into the acr. But, experts say that high-tech hijackings get easier as automakers add more computer-controlled devices. “The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes,” says rich Mogull, CEO of Securosis, a security research firm.

 

Chris Valasek, a hacker and director of intelligence and a computer security consulting firm, says that he could control “steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge.” The information that he and his partner Miller found when hacking into the car was released publicly at a hacker convention. They choose to do this in hopes of drawing attention to the problem; however, they say that the automakers haven’t added security to the ports or addressed any of the issues they found.

 

Whether or not “car hackers” is a legitimate security threat is a question that is subjective and open to interpretation. What is not, however, is the fact that people can gain access to your cars through the technology installed within it – the threat is real, and it is more than likely simply going to increase as time passes.

 

5. The four stages of life every successful startup must go through

 

Stage One: Winning your first ten customers. So how do you go about getting them? Som companies like Dropbox use virality. But most achieve product/market fit and generate word of mouth referrals by creating lasting customer experiences. It’s important for early-stage startups to stay close to their customers and beta-testers.

Stage Two: Overcoming the Gap. There are often discrepancies between what early adopters expert from a product and what the market needs; this is the biggest reason behind startup “infanticide.” Many startups forget to create ways for users to provide feedback into their products. Make sure you have this, and make sure you listen.

Step Three: Listening and Responding. Passionate users will direct customers to an online community where the organization actually talks and engages with them. Create discussions and inspire early users.

Step Four: Build Trust. Your users need to trust you. Be responsive with them, elicit their feedback, and communicate with your earliest and most enthusiastic users. Constantly wow customers through their experience with you.

 

6. Life’s a pitch: The other reasons startups do competitions

 

Competitions and pitches are tiring. So why do startups choose to do them? The only pitch that should matter is the one before an investor or a customer, right?

 

Wrong.

 

Pitching at competitions is a great test for ideas, says Mark Briggs, creator of Fork, a mobile app that lets people take and share photos of their home-made food. It makes sure that the pitcher has a clear and concise vision and concept that they’re able to explain and share with others. It’s not so much about the competition itself as it is the process getting there, he continues. “ Also, you usually get great feedback from smart people on your idea. Or, at least, your ability to pitch that idea. That can be super helpful, too.”

 

7. Stanford Investing in Student Startups

 

Stanford is jumping headfirst into the venture capital world by investing in student and alumni tech startups. It’s starting an uncapped investment fund and giving a $3.6 million grant to StartX, a non-profit startup accelerator for companies with a Stanford affiliation. The university’s business affairs department will oversee the investments.

StartX only invest in companies that have raised half a million in funding and a percentage of that must come from VCs or professional investors.

 

249

Top Startup and Tech News Today-7 Things You Missed Today

1. YCombinator’s Paul Graham Now Taking Applications for Startup School 2013 (and it’s Free)

 

Beginning a startup company is not an easy thing to do, but what if there’ was a school of sorts that can teach you how to do so?  Paul Graham of YCombinator created such an institution called Startup School. The best part about it is that it’s free, making it affordable for anyone interested.

 

With speakers like “Facebook CEO Mark Zuckerberg, superangel Ron Conway, Pinterest founder Ben Silbermann, and Uber founder Travis Kalanick,” it’s guaranteed that the limited seats will fill up quickly. In order to gain access, the application due September 20 will also include telling “YCombinator about your education, work, developer tools, and ‘the coolest thing you’ve built.’”

 

The school has definitely shown some results—as Graham has written on his website: “Many founders have told us that this event was what finally made them take the leap.”

 

2. Google Announces Android 4.4 KitKat, Celebrates More than 1 million Android Activations

 

Google’s new Android software, originally rumored to be dubbed “Key Lime Pie,” is announced to be “KitKat.” While Android releases have always maintained a sweet treated title, this is the first time that it borrows a name from a famous sweets company—in this case, Nestle, their new partner.

 

The significance of passing over another generic name coincides with their goals with their million plus users. “It’s our goal with Android KitKat to make an amazing Android experience available for everybody,” Google exclaims. In addition to the newly formed partnership and the associated aspirations of both companies, over 50 million specially branded KitKat bars will be distributed with each one will leading the consumer to a special, prize offering web page.

 

3. 7 Things Going Against You as a First-Time Entrepreneur

 

Rajesh Setty, a serial entrepreneur talks about the 7 major problems that entrepeneurs need to overcome in order to be successful. The first issue mentioned is that people need to be able to see escalating friction. Just having an idea alone will not result in friction whatsoever, it’s when you start to do something about it—whether you start reflecting on the idea or bringing it to prospective clients. The main thing you must remember is to be able to understand how much friction each action will cause.

 

You must also not confuse activity with progress. “In general, any activity that cannot create value to your customers in a measurable way needs to be questioned. There is a good chance that it’s just activity leading nowhere,” Setty says. In the same vein, a lack of valuable accomplishments is an important hurdle to jump over. If the product you have is not amazingly awesome, you must build an identity to the venture.

 

Not knowing what to do is fourth on the list. This, of course, comes with experience and, for those who haven’t yet gained any, this is where you should listen to the wisdom of others who have been there. Next is called “concluding for convenience,” where Setty says to tackle problems early and head on; playing the blame game will not and does not help the venture.

 

The penultimate item on his list is “trying to fix your weaknesses fast.”  In entrepreneurship, there “is no trial run…everything is real.” Instead, it’s suggested to invest in your strengths and then to invest in a team to compensate for your weakness. Finally, don’t think that you have it all under control. Setty ends with “Entrepreneurship is a game that you win in the long term. It is a game that is beyond just you. It is a myth to think that you alone will have it all under control, however smart you are.”

 

4. The Messiah’ Gives His Reasons for Hacking Sun Ho’s Site

 

A hacker by then pseudonym “The Messiah” hacked into the website of Sun Ho, the co-founder of City Harvest Church. The hacker reappeared on a Q&A site, stating his affiliation with a group called “Anonymous Collective” and detailing the weak security of the site. “It took us less than 15 minutes to gain access,” he said.

 

The information he says he obtained and plans on exposing includes addresses, phone numbers, emails, and passwords. Due to the security leak, it was found out that the City Harvest Church had been embezzling church funds of about $50 million to fund Sun Ho’s U.S. singing career.

 

5. Top 6 Regions With the Most High-Tech Startups

 

Research was published stating that one of the biggest source of employment opportunities lie in high-tech startups. In fact, the job creation at these high-tech companies far offsets the initial destruction that occurs when startups meet with early-stage business failures.” If you’re looking for a high-tech job, where would you be likely to find a high-tech startup company? The Ewing Marion Kaufmann foundation created a list of 6 places with the most startups in the nation.

 

Denver has a large community of startups with over 500 companies—it has the sixth largest high-tech startup growth since 2011. Seattle comes in fifth, with the title of the “historical birthplace of significant IT infrastructure and business services.” Cambridge-Newton-Framingham, Massachusetts comes in fourth with a strong talent pool. San Jose-Sunnyvale-Santa Clara, California houses Google and many other similarly powerful companies. Fort Collins-Loveland, Colorado has Colorado State University—their resources and research facilities is enough to have many high-tech companies relocating here. Finally, Boulder, Colorado comes in first, with 6.3 times the national average for the number of startups it holds. This place is also praised for “its education, health, quality of life, and well-being.”

 

6. Bitcoin 0.8.4 Update Offers Security Improvements

 

Bitcoin-qt has come out with the new 0.8.4 update, trivializing bugs in the old code. The first issue in the previous version was in reference to the amount of block chain to be downloaded in order to view relevant transactions; it was possible for an attacker to overwhelm bitcoin-qt’s nodes and cause lagging or crashing.

 

This new update also fixes a security issue in previous version of bitcoin-qt. The password system would check the password by looping through each letter to check for accuracy. This meant that the more accurate a guess at the first letters of a password, the longer it would take to verify. This promotes a trial and error style attempt at guessing others’ passwords.

 

The last of the list of improvements prevents transaction attacks. These attacks could work in 2 different ways. The first allows an attacker to send an invalid transaction to one client and a valid transaction to someone else, which can allow for double spending of bitcoins. The next involves sending malicious transactions to others, causing disconnection from and harming the nodes used.

 

7. One-on-One Tutoring? Tech Startups Finally Catch On

 

InstaEDU, a San Francisco startup, allows students to connect to tutors online. InstaEDU, founded by couple, Dan and Alison Johnsoton is part of a market that is expected to grow from $11 billion to $13.1 billion in the United States between 2012 and 2015.  The idea was conceptualized when they realized how having an in-home tutor was a luxury coupled with students mostly asking for last minute help in the middle of the night.

 

Using mainly Ivy league students as tutors, InstaEDU has been able to further build on the idea of online education, allowing for quality and affordable tutors to anyone around the world. “I think it will reach more students who aren’t willing to go out of the way,” a tutor and UC Berkeley student says.

414