Hack

Auto Added by WPeMatico

1 2 3 10

Extra Crunch roundup: ‘Nightmare’ security breach, Poshmark’s IPO, crypto boom, more

The rest of the world may be slowing down as we prepare for Christmas and the new year, but we are not taking our foot off the gas.

Alex Wilhelm keeps a close watch on the public markets in his column The Exchange, but this week, he branched out to look at some of the metrics underpinning soaring cryptocurrency prices and turned his gaze on StockX, the consumer reseller marketplace that just raised $275 million in a Series E that values the company at approximately $2.8 billion.

“Selling a tenth of your company for north of a quarter-billion may be somewhat common among late-stage software startups with tremendous growth,” he says, but “don’t laugh — the round actually makes pretty OK sense.”

Our staff continues to file their end-of-year stories: We ran a post this morning by Manish Singh that studies India’s massive total addressable market for retail. The nation has more than 60 million mom-and-pop neighborhood stores, and companies like Walmart and Amazon are eager to offer help with payments, logistics and inventory management — as are hundreds of native and foreign startups.

In an interview with author and MIT professor Sinan Aral, Managing Editor Danny Crichton discussed some of the debates currently swirling around the desire in some quarters to regulate social media platforms. In “The Hype Machine,” Aral explores topics like neuroscience, economics and misinformation before offering potential solutions for resolving what he calls “a full-blown social media crisis.”

The stories that follow are an overview of Extra Crunch from the last five days. Complete articles are only available to members, but you can use discount code ECFriday to save 20% off a one or two-year subscription. Details here.

Thank you very much for reading Extra Crunch this week; I hope you have a safe, relaxing weekend!

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist


Unpacking Poshmark’s IPO filing

How did fashion marketplace Poshmark go from posting regular losses in 2019 to generating net income in 2020?

After the company filed a public S-1 last night, Alex Wilhelm pondered the question this morning in The Exchange.

Like many e-commerce platforms, Poshmark saw a surge in activity during the COVID-19 pandemic, but it also slashed its marketing spend, which helped boost profits. As the cash-rich company prepares its road show, “Poshmark is valuable,” Alex concluded.

“How valuable the market will decide. But who will it enrich with its final pricing decision?”

Just how bad is that hack that hit US government agencies?

WASHINGTON, D.C. – APRIL 22, 2018: A statue of Albert Gallatin, a former U.S. Secretary of the Treasury, stands in front of The Treasury Building in Washington, D.C. The National Historic Landmark building is the headquarters of the United States Department of the Treasury. (Photo by Robert Alexander/Getty Images)

The breach of FireEye and SolarWinds by hackers working on behalf of Russian intelligence is “the nightmare scenario that has worried cybersecurity experts for years,” reports Zack Whittaker.

The intrusion began several months ago, but news of the breach wasn’t made public until this week.

“Given that potential victims include defense contractors, telecoms, banks, and tech companies, the implications for critical infrastructure and national security, although untold at this point, could be significant,” said Erin Kenneally, director of cyber risk analytics at Guidewire, an industry platform for insurance carriers.

In his analysis for Extra Crunch, Zack breaks down the rippling effects of supply-chain attacks that can compromise platforms like SolarWinds, which is used by more than 420 of the Fortune 500.

From startups to Starbucks: The embedded API opportunity

contactless payment with QR code

Image Credits: dowell (opens in a new window) / Getty Images

Embedded finance connects services like payment processing with everyday activities like grabbing a coffee before unlocking an e-scooter.

“The ability to be at the right place at the right time, supporting consumers and merchants alike, where they want it, how they want it and when they want it — cannot be understated,” says Simon Wu, an investment director with Cathay Innovation.

In a post that identifies embedded finance’s top providers and enablers, he offers advice for startups and established brands that are hoping to “earn and build customer loyalty while generating new revenue streams.”

Is rising usage driving crypto’s recent price boom?

Bitcoin is at an all-time high.

CoinMarketCap reports that crypto market values have reached almost $659 billion; that figure was just $140 billion in March 2020.

“These gains have created a huge amount of wealth for crypto holders,” Alex Wilhelm wrote yesterday.

To get a better handle on why crypto values are sky-bound, he parsed some basic industry metrics, including the number of unique bitcoin addresses, fees paid and transactions per day.

“Do the price gains make sense in the short term? Who knows,” he wrote, “but they are not based on nothing.”

2020 was a disaster, but the pandemic put security in the spotlight

Stage Light on Black. Image Credits: Fotograzia / Getty Images

For his year-end Extra Crunch story, security reporter Zack Whittaker looked back at the myriad security challenges and vulnerabilities COVID-19 brought to the fore.

The hacks of Fire Eyes and SolarWinds were just one link in the chain: How well is your company prepared to deal with file-encrypting malware, hackers backed by nation-states or employees accessing secure systems from home?

“With 2020 wrapping up, much of the security headaches exposed by the pandemic will linger into the new year,” says Zack.

Inside Zoox’s six-year ride from prototype to product

Zoox Fully Autonomous, All-electric Robotaxi

Zoox Fully Autonomous, All-electric Robotaxi. Image Credits: Zoox

After six years of research and development, autonomous vehicle company Zoox this week unveiled an electric robotaxi that can carry four people at a maximum speed of 75 miles per hour.

Automotive writer Kirsten Korosec interviewed Zoox co-founder and CTO Jesse Levinson to learn more about the vehicle’s development and how the company overcame a series of technical and legal challenges.

“I would say that if you have a big idea and you’re confident that it makes sense, you should at least explore the idea, rather than giving up because the current regulations aren’t designed for it,” said Levinson.

Kirsten only had 15 minutes to interview Levinson, but this comprehensive interview covers topics like regulatory compliance, Zoox’s relationship with parent company Amazon and the highest (and lowest) moments he experienced along the way.

Pluralsight $3.5B deal signals a matured edtech market

Fairy dust flying in gold light rays. Computer generated abstract raster illustration

Fairy dust flying in gold light rays. Computer-generated abstract raster illustration. Image Credits: gonin / Wikimedia Commons

In one of the largest enterprise acquisitions of 2020, Visa Equity Partners this week purchased Utah-based edtech startup Pluralsight for $3.5 billion.

According to the entrepreneurs and investors reporter Natasha Mascarenhas spoke to, this deal “shows the strength of edtech’s capital options as the pandemic continues.”

“What’s happening in edtech is that capital markets are liquidating,” a major change from “the old days where the options to exit were very narrow,” says Deborah Quazzo, a managing partner at GSV Advisors and seed investor in Pluralsight.

Dear Sophie: How did immigration change for startup founders in 2020?

Image Credits: Sophie Alcorn

Dear Sophie:

I’m on an F1 OPT and am about to incorporate a startup with my two American co-founders.

What were the biggest immigration changes in 2020 affecting us?

—Ambitious in Albany

How to pick an investor in good or bad times

High angle view of young man walking towards white doorways on blue background

High angle view of young man walking towards white doorways on blue background Image Credits: Klaus Vedfelt / Getty Images

Founders and the VCs who back them may not be friends, but they’re usually friendly.

Investors are on a first-name basis with entrepreneurs from their portfolio companies and frequently have candid conversations with them about life, work and the world in general. In the before times, they might even have shared a meal or attended a baseball game together.

But make no mistake, it is a top-down relationship — the investor will always have the upper hand. When an entrepreneur accepts a check, they are hiring their next boss.

In an Extra Crunch guest post, Quiq CEO and founder Mike Myer poses two questions for founders who are considering a new relationship with a VC:

  • How can the investor help the business?
  • What’s the risk that the investor will hurt the business?

From India’s richest man to Amazon and 100s of startups: The great rush to win neighborhood stores

https://techcrunch.com/2020/12/18/from-indias-richest-man-to-amazon-and-100s-of-startups-the-great-rush-to-win-neighborhood-stores/

NEW DELHI, INDIA – 2011/12/18: Rice is sold at a night market in Paharganj, the urban suburb opposite New Delhi Railway Station. (Photo by Frank Bienewald/LightRocket via Getty Images)

In India, about 90% of consumers buy their everyday goods from neighborhood-based kirana stores instead of supermarkets.

As a result, U.S. retail giants like Walmart and Amazon have adopted an “if you can’t beat them, join them” approach, offering the nation’s 60 million mom-and-pop shops software for inventory control, payments and e-commerce.

India’s retail market will be worth an estimated $1.3 trillion by 2025, but e-commerce represents just 3% of that activity today, reports Manish Singh.

For his final Extra Crunch story of 2020, he looked at the startups and major players who are hoping to carve out their niche in one of the world’s largest retail ecosystems.

ClickUp CEO talks hiring, raising and scaling in the white-hot productivity space

Line of differently sized pink ceramic piggy banks in ascending size order on white surface, green background

Image Credits: PM Images / Getty Images

Earlier this year, business productivity software startup ClickUp raised a $35 million Series A.

Now, just six months later, the company has closed a second round of $100 million that values the San Diego-based startup at $1 billion.

Lucas Matney interviewed CEO Zeb Evans this week to learn more about how the company was buoyed by pandemic-based behavior shifts that doubled its customer base and multiplied revenue by a factor of nine.

“I think that the biggest thing that we’ve always focused on is shipping a new version of ClickUp every week. That is our differentiation,” he said. “We’ve kind of created these iterative cycles called natural product-market fit and it’s been hard to keep up with that.”

2020’s top 10 enterprise M&A deals totaled a staggering $165B

Multi Colored Bling Bling Dollar Sign Shape Bokeh Backdrop on Dark Background, Finance Concept.

Multi Colored Bling Bling Dollar Sign Shape Bokeh Backdrop on Dark Background, Finance Concept. Image Credits: MirageC / Getty Images.

In 2018, the total value of the year’s 10 top enterprise mergers and acquisitions reached $87 billion; last year, that figure fell to just $40 billion.

But in 2020, 10 M&A deals accounted for $165.2 billion.

“Last year’s biggest deal — Salesforce buying Tableau for $15.7 billion — would have only been good for fifth place on this year’s list,” notes enterprise reporter Ron Miller. “And last year’s fourth largest deal, where VMware bought Pivotal for $2.7 billion, wouldn’t have even made this year’s list at all.”

Powered by WPeMatico

Cyber threat startup Cygilant hit by ransomware

Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack.

Christina Lattuca, Cygilant’s chief financial officer, said in a statement that the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.”

“Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program,” the statement said.

Cygilant is believed to be the latest victim of NetWalker, a ransomware-as-a-service group, which lets threat groups rent access to its infrastructure to launch their own attacks, according to Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft .

The file-encrypting malware itself not only scrambles a victim’s files but also exfiltrates the data to the hacker’s servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

A site on the dark web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant.

Cygilant did not say if it paid the ransom. But at the time of writing, the dark web listing with Cygilant’s data had disappeared.

“Groups permanently delist companies when they’ve paid or, in some cases, temporarily delist them once they’ve agreed to come to the negotiating table,” said Callow. “NetWalker has temporarily delisted pending negotiations in at least one other case.”

Powered by WPeMatico

Decrypted: Space hacking, iPhone vulnerability, Zoom’s security boom

Security startups to the rescue.

As we continue to ride out the pandemic, security experts are closely monitoring the surge of coronavirus-related cyber threats. Just this week, Google’s Threat Analysis Group, its elite threat hunting unit, says that while the overall number of threats remains largely the same, opportunistic hackers are retooling their efforts to piggyback on coronavirus.

Some startups are downsizing and laying off staff, but several cybersecurity startups are faring better, thanks to an uptick in demand for security protections. As the world continues to pivot toward working from home, it has blown up key cybersecurity verticals in ways we never expected. To wit, identity startups are needed more than ever to make sure only remote employees are getting access to corporate systems.

Can the startups take on the giants at their own game?


THE BIG PICTURE

Another payments processor drops the security ball

For the third time this year, a payments processor has admitted to a security lapse. First it was Cornerstone, then it was nCourt. This time it’s Paay, a New York-based card payment processor startup that left a database on the internet unprotected and without a password. Worse, the data was storing full, plaintext credit card numbers.

Anyone who knew where to look could have accessed the data. Luckily, a security researcher found it and reported it to TechCrunch. We alerted the company; it quickly took the data offline, but Paay denied that the data stored full credit card numbers. We even sent the co-founder a portion of the data showing card numbers stored in plaintext, but he did not respond to our follow-up.

Powered by WPeMatico

Cultivating adaptability is a pandemic coping skill

Jason Shen
Contributor

Jason Shen is a three-time startup founder and the CEO of Midgame, a gaming technology company backed by Techstars and Betaworks.

It’s no secret that adaptability has become a critical trait for knowledge workers. To stay on top of a rapidly evolving world, we must assess new situations, make intelligent decisions and implement them effectively.

A 2014 research report by Barclays indicated that 60% of employers say adaptability has become more important during the last decade, and BBC called adaptability the “X factor” for career success in an era of technological change.

But even the most intrepid executive, entrepreneur or freelancer would be forgiven for struggling to adapt to a global pandemic. The impact of coronavirus has been unrelenting: hospitals at capacity, students sent home, conference cancellations, sold out inventory, markets in free fall and cities under lockdown.

Whatever you thought 2020 was going to look like, you were dead wrong. Box CEO Aaron Levie and Stanford professor Bob Sutton’s recent Twitter exchange said it all:

Not just start-ups. Every big company, every nonprofit, every government organization, and most people too

— Bob Sutton (@work_matters) March 16, 2020

This moment requires us to learn new skills, develop new habits and let go of old ways of working. In the book “Range,” there’s a chapter about “dropping familiar tools” that details how experienced professionals will overlearn specific behavior and then fail to adapt to a new circumstance. This mentality affected everyone from firefighters to aviation crews to NASA engineers, often with deadly results, and underscores how hard it can be to adapt to change.

To help us cultivate adaptability in this unprecedented moment, I sought answers in unexpected places. Here’s what I learned.

Let go of your attachments

Adaptability is required first and foremost when circumstances change. It’s easy to get attached to certain outcomes, especially when they’ve been planned long in advance or have significant emotional weight.

Due to coronavirus, a couple I know is postponing their wedding originally set for April. Having tied the knot only a year ago myself, I can’t imagine how frustrating that must be for them. But it was the right decision; demanding that the show go on would have been dangerous for their families, friends and the public at large.

I recently spoke with my friend Belinda Ju, an executive coach with a longstanding meditation practice. Non-attachment is a core concept of Buddhism, the spiritual path she’s followed for many years, and I wanted her thoughts on how that idea might help us adapt to unforeseen circumstances.

“Attachment doesn’t work because certainty doesn’t work. You can’t predict the future,” she explained. Being attached to something means “seeing the world through a false lens. Nothing is fixed.” For Ju and her clients, non-attachment doesn’t mean giving up on goals — it means focusing on what you can control.

“You might have a fixed goal of needing to raise X million dollars to keep your team afloat,” she said. “But in the age of coronavirus, investors might be slower to respond. So what are the levers in your control? What are the options you have and the pros and cons to each one?”

Her points hit home for me. As a NYC-based startup founder, I was preparing to make several trips to the West Coast to raise the next round for my company, Midgame, a digital party host for gamers.

I like pitching in person, but that’s obviously not going to happen, so I need to embrace video calls as my new reality. By doing that, I can get to stocking up on coffee, cleaning up my work space and setting up a microphone so when I do pitch over video, I’m bringing my A game.

Be present

Another way to think about adaptability is that it’s the ability to improvise. In theater, improv performers can’t rely on prewritten lines, and have to react in real time to suggestions from the audience or the words and actions of their scene partners.

“ ‘Playing the scene you’re in’ is a principle from improv which means to be present to the situation you’re in.”

That’s what Mary Lemmer told me. As an entrepreneur and VC who spent a stint at The Second City improv theater in Chicago, Lemmer knows a thing or two about having to adapt. Today, she brings her insights to corporations through training and workshops.

She explained that as an improv performer, you may start a scene with a certain idea in mind of how it will go, but that can quickly change. “If you’re not present,” she said, “then you’re not actively listening and because there’s no script, you’ll miss details. That’s when scenes fall apart.”

When I was a PM at Etsy and we had a major launch, we’d get engineering, dev ops, product, marketing and customer support together in a room to talk through the final event sequencing. These weren’t always the most exciting meetings and it was easy to get distracted by email or chat. One time engineering announced a significant last-minute issue that almost slipped through the cracks. Luckily, someone piped up with a clarifying question and we were all able to work together to minimize the issue.

Lemmer argues that in improv, like in business, you can’t make assumptions about people or situations. “We see this a lot in board meetings. People start to assume ‘Sally’ will always be the proactive one or ‘Jim’ will always be the naysayer and tune out.”

This is kind of attitude is problematic in a stable environment, but downright dangerous in an unstable situation where new data and events can quickly open up a new set of challenges and opportunities.

Early on, some experts thought the coronavirus crisis would stabilize globally by April. In early February, S&P Global stated that in the “worst-case scenario,” the virus would be contained by late May. A month later, that prediction already looked wildly optimistic.

Build mental toughness

Experts are saying now that cases may peak in May or June, which means everyone should be hunkering down for eight or more weeks of social distancing and isolation. A COVID-19 vaccine just started human trials, but testing in large enough sample sizes to identify side effects and then ramping up large-scale production still might not be fully available for more than a year.

In other words, dealing with this virus is not a sprint, it’s a marathon. A marathon no one signed up for.

Someone who knows a lot about this topic is Jason Fitzgerald. A 2:39 marathoner, Fitzgerald now helps people run faster and healthier as an author and coach.

When we spoke over the phone, he pointed out that running, unlike say basketball or gymnastics, is a sport where “you have to voluntarily want to experience more and more discomfort.”

Fitzgerald calls this ability to endure “mental toughness,” and it’s a skill we all can build. For runners, it requires doing workouts that scare them, putting in mileage that’s higher than they have in the past and racing regularly. It’s also about accepting and even embracing the pain of running hard.

The same is true for adaptation. We can train ourselves to respond better to change (we’re all getting lots of practice right now!), but developing new habits and working in new ways is always uncomfortable. As decorated cyclist Greg LeMond once said, “it doesn’t get easier, you just get faster.”

We also have to recognize that we won’t get it right every time. “The more that we get comfortable with poor performances, the more we can learn from them,” Fitzgerald said, noting that he’s had his share of bad races, including failing to finish an ultramarathon in 2015. “Sometimes you dwell on a bad race for a couple days, but then you have to just forget about it and move on with your training.”

Many of us are reeling from more cancellations, suspensions and complete one-eighties in the last month than in the last five years. But we can’t let ourselves stay bogged down by our feelings of frustration or disappointment. We accept our new reality, learn what we can from it, and keep going.

It’s clear that the people who can let go of their past plans and embrace the new environment ahead will thrive. Already we’re seeing companies pivot from live events to online webinars, and remote-first workplaces becoming the new normal. Shares of Zoom have risen even as the stock market has taken a beating and I’m sure other winners will emerge in the coming weeks and months.

But adaptability doesn’t just matter for individuals or even companies, it matters for governments. For China, Taiwan and Hong Kong, thanks to aggressive testing and quarantining efforts, life is returning, somewhat, to normal. New cases are on the decline and there’s hope of life returning to normalcy in the near future. Countries that bungled their response to the disease progression, including Italy, Spain, the U.K. and the United States, are now facing increasingly dire consequences.

Whether you want to survive a global pandemic, reach the next phase in your career or be selected on a mission to Mars, it’s hard to overstate the importance of adaptability in getting there.

Powered by WPeMatico

TechCrunch’s Top 10 investigative reports from 2019

Facebook spying on teens, Twitter accounts hijacked by terrorists, and sexual abuse imagery found on Bing and Giphy were amongst the ugly truths revealed by TechCrunch’s investigating reporting in 2019. The tech industry needs more watchdogs than ever as its size enlargens the impact of safety failures and the abuse of power. Whether through malice, naivety, or greed, there was plenty of wrongdoing to sniff out.

Led by our security expert Zack Whittaker, TechCrunch undertook more long-form investigations this year to tackle these growing issues. Our coverage of fundraises, product launches, and glamorous exits only tell half the story. As perhaps the biggest and longest running news outlet dedicated to startups (and the giants they become), we’re responsible for keeping these companies honest and pushing for a more ethical and transparent approach to technology.

If you have a tip potentially worthy of an investigation, contact TechCrunch at tips@techcrunch.com or by using our anonymous tip line’s form.

Image: Bryce Durbin/TechCrunch

Here are our top 10 investigations from 2019, and their impact:

Facebook pays teens to spy on their data

Josh Constine’s landmark investigation discovered that Facebook was paying teens and adults $20 in gift cards per month to install a VPN that sent Facebook all their sensitive mobile data for market research purposes. The laundry list of problems with Facebook Research included not informing 187,000 users the data would go to Facebook until they signed up for “Project Atlas”, not receiving proper parental consent for over 4300 minors, and threatening legal action if a user spoke publicly about the program. The program also abused Apple’s enterprise certificate program designed only for distribution of employee-only apps within companies to avoid the App Store review process.

The fallout was enormous. Lawmakers wrote angry letters to Facebook. TechCrunch soon discovered a similar market research program from Google called Screenwise Meter that the company promptly shut down. Apple punished both Google and Facebook by shutting down all their employee-only apps for a day, causing office disruptions since Facebookers couldn’t access their shuttle schedule or lunch menu. Facebook tried to claim the program was above board, but finally succumbed to the backlash and shut down Facebook Research and all paid data collection programs for users under 18. Most importantly, the investigation led Facebook to shut down its Onavo app, which offered a VPN but in reality sucked in tons of mobile usage data to figure out which competitors to copy. Onavo helped Facebook realize it should acquire messaging rival WhatsApp for $19 billion, and it’s now at the center of anti-trust investigations into the company. TechCrunch’s reporting weakened Facebook’s exploitative market surveillance, pitted tech’s giants against each other, and raised the bar for transparency and ethics in data collection.

Protecting The WannaCry Kill Switch

Zack Whittaker’s profile of the heroes who helped save the internet from the fast-spreading WannaCry ransomware reveals the precarious nature of cybersecurity. The gripping tale documenting Marcus Hutchins’ benevolent work establishing the WannaCry kill switch may have contributed to a judge’s decision to sentence him to just one year of supervised release instead of 10 years in prison for an unrelated charge of creating malware as a teenager.

The dangers of Elon Musk’s tunnel

TechCrunch contributor Mark Harris’ investigation discovered inadequate emergency exits and more problems with Elon Musk’s plan for his Boring Company to build a Washington D.C.-to-Baltimore tunnel. Consulting fire safety and tunnel engineering experts, Harris build a strong case for why state and local governments should be suspicious of technology disrupters cutting corners in public infrastructure.

Bing image search is full of child abuse

Josh Constine’s investigation exposed how Bing’s image search results both showed child sexual abuse imagery, but also suggested search terms to innocent users that would surface this illegal material. A tip led Constine to commission a report by anti-abuse startup AntiToxin (now L1ght), forcing Microsoft to commit to UK regulators that it would make significant changes to stop this from happening. However, a follow-up investigation by the New York Times citing TechCrunch’s report revealed Bing had made little progress.

Expelled despite exculpatory data

Zack Whittaker’s investigation surfaced contradictory evidence in a case of alleged grade tampering by Tufts student Tiffany Filler who was questionably expelled. The article casts significant doubt on the accusations, and that could help the student get a fair shot at future academic or professional endeavors.

Burned by an educational laptop

Natasha Lomas’ chronicle of troubles at educational computer hardware startup pi-top, including a device malfunction that injured a U.S. student. An internal email revealed the student had suffered a “a very nasty finger burn” from a pi-top 3 laptop designed to be disassembled. Reliability issues swelled and layoffs ensued. The report highlights how startups operating in the physical world, especially around sensitive populations like students, must make safety a top priority.

Giphy fails to block child abuse imagery

Sarah Perez and Zack Whittaker teamed up with child protection startup L1ght to expose Giphy’s negligence in blocking sexual abuse imagery. The report revealed how criminals used the site to share illegal imagery, which was then accidentally indexed by search engines. TechCrunch’s investigation demonstrated that it’s not just public tech giants who need to be more vigilant about their content.

Airbnb’s weakness on anti-discrimination

Megan Rose Dickey explored a botched case of discrimination policy enforcement by Airbnb when a blind and deaf traveler’s reservation was cancelled because they have a guide dog. Airbnb tried to just “educate” the host who was accused of discrimination instead of levying any real punishment until Dickey’s reporting pushed it to suspend them for a month. The investigation reveals the lengths Airbnb goes to in order to protect its money-generating hosts, and how policy problems could mar its IPO.

Expired emails let terrorists tweet propaganda

Zack Whittaker discovered that Islamic State propaganda was being spread through hijacked Twitter accounts. His investigation revealed that if the email address associated with a Twitter account expired, attackers could re-register it to gain access and then receive password resets sent from Twitter. The article revealed the savvy but not necessarily sophisticated ways terrorist groups are exploiting big tech’s security shortcomings, and identified a dangerous loophole for all sites to close.

Porn & gambling apps slip past Apple

Josh Constine found dozens of pornography and real-money gambling apps had broken Apple’s rules but avoided App Store review by abusing its enterprise certificate program — many based in China. The report revealed the weak and easily defrauded requirements to receive an enterprise certificate. Seven months later, Apple revealed a spike in porn and gambling app takedown requests from China. The investigation could push Apple to tighten its enterprise certificate policies, and proved the company has plenty of its own problems to handle despite CEO Tim Cook’s frequent jabs at the policies of other tech giants.

Bonus: HQ Trivia employees fired for trying to remove CEO

This Game Of Thrones-worthy tale was too intriguing to leave out, even if the impact was more of a warning to all startup executives. Josh Constine’s look inside gaming startup HQ Trivia revealed a saga of employee revolt in response to its CEO’s ineptitude and inaction as the company nose-dived. Employees who organized a petition to the board to remove the CEO were fired, leading to further talent departures and stagnation. The investigation served to remind startup executives that they are responsible to their employees, who can exert power through collective action or their exodus.

If you have a tip for Josh Constine, you can reach him via encrypted Signal or text at (585)750-5674, joshc at TechCrunch dot com, or through Twitter DMs

Powered by WPeMatico

More than 1 million T-Mobile customers exposed by breach

T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack.

The company said in its disclosure to affected users that its security team had shut down “malicious, unauthorized access” to prepaid data customers. The data exposed appears to have been:

  • Name
  • Billing address
  • Phone number
  • Account number
  • Rate, plan and calling features (such as paying for international calls)

The latter data is considered “customer proprietary network information” and under telecoms regulations they are required to notify customers if it is leaked. The implication seems to be that they might not have done so otherwise. Of course some hacks, even hacks of historic magnitude, go undisclosed sometimes for years.

In this case, however, it seems that T-Mobile has disclosed the hack in a fairly prompt manner, though it provided very few details. When I asked, a T-Mobile representative indicated that “less than 1.5 percent” of customers were affected, which of the company’s approximately 75 million users adds up to somewhat over a million.

The company reports that “we take the security of your information very seriously,” a canard we’ve asked companies to stop saying in these situations.

The T-Mobile representative stated that the attack was discovered in early November and shut down “immediately.” They did not answer other questions I asked, such as whether it was on a public-facing or internal website or database, how long the data was exposed and what specifically the company had done to rectify the problem.

The data listed above is not necessarily highly damaging on its own, but it’s the kind of data with which someone might attempt to steal your identity or take over your account. Account hijacking is a fairly common tactic among cyber-ne’er-do-wells these days and it helps to have details like the target’s plan, home address and so on at one’s fingertips.

If you’re a T-Mobile customer, it may be a good idea to change your password there and check up on your account details.

Powered by WPeMatico

CTO.ai’s developer shortcuts eliminate coding busywork

There’s too much hype about mythical “10X developers.” Everyone’s desperate to hire these “ninja rockstars.” In reality, it’s smarter to find ways of deleting annoying chores for the coders you already have. That’s where CTO.ai comes in.

Emerging from stealth today, CTO.ai lets developers build and borrow DevOps shortcuts. These automate long series of steps they usually have to do manually, thanks to integrations with GitHub, AWS, Slack and more. CTO.ai claims it can turn a days-long process like setting up a Kubernetes cluster into a 15-minute task even sales people can handle. The startup offers both a platform for engineering and sharing shortcuts, and a service where it can custom build shortcuts for big customers.

What’s remarkable about CTO.ai is that amidst a frothy funding environment, the 60-person team quietly bootstrapped its way to profitability over the past two years. Why take funding when revenue was up 400% in 18 months? But after a chance meeting aboard a plane connected its high school dropout founder Kyle Campbell with Slack CEO Stewart Butterfield, CTO.ai just raised a $7.5 million seed round led by Slack Fund and Tiger Global.

“Building tools that streamline software development is really expensive for companies, especially when they need their developers focused on building features and shipping to customers,” Campbell tells me. The same way startups don’t build their own cloud infrastructure and just use AWS, or don’t build their own telecom APIs and just use Twilio, he wants CTO.ai to be the “easy button” for developer tools.

Teaching snakes to eat elephants

“I’ve been a software engineer since the age of 8,” Campbell recalls. In skate-punk attire with a snapback hat, the young man meeting me in a San Francisco Mission District cafe almost looked too chill to be a prolific coder. But that’s kind of the point. His startup makes being a developer more accessible.

After spending his 20s in software engineering groups in the Bay, Campbell started his own company, Retsly, that bridged developers to real estate listings. In 2014, it was acquired by property tech giant Zillow, where he worked for a few years.

That’s when he discovered the difficulty of building dev tools inside companies with other priorities. “It’s the equivalent of a snake swallowing an elephant,” he jokes. Yet given these tools determine how much time expensive engineers waste on tasks below their skill level, their absence can drag down big enterprises or keep startups from rising.

CTO.ai shrinks the elephant. For example, the busywork of creating a Kubernetes cluster such as having to the create EC2 instances, provision on those instances and then provision a master node gets slimmed down to just running a shortcut. Campbell writes that “tedious tasks like running reports can be reduced from 1,000 steps down to 10,” through standardization of workflows that turn confusing code essays into simple fill-in-the-blank and multiple-choice questions.

The CTO.ai platform offers a wide range of pre-made shortcuts that clients can piggyback on, or they can make and publish their own through a flexible JavaScript environment for the rest of their team or the whole community to use. Companies that need extra help can pay for its DevOps-as-a-Service and reliability offerings to get shortcuts made to solve their biggest problems while keeping everything running smoothly.

5(2X) = 10X

Campbell envisions a new way to create a 10X engineer that doesn’t depend on widely mocked advice on how to spot and capture them like trophy animals. Instead, he believes one developer can make five others 2X more efficient by building them shortcuts. And it doesn’t require indulging bad workplace or collaboration habits.

With the new funding that also comes from Yaletown Partners, Pallasite Ventures, Panache Ventures and Jonathan Bixby, CTO.ai wants to build deeper integrations with Slack so developers can run more commands right from the messaging app. The less coding required for use, the broader the set of employees that can use the startup’s tools. CTO.ai may also build a self-service tier to augment its seats, plus a complexity model for enterprise pricing.

Now it’s time to ramp up community outreach to drive adoption. CTO.ai recently released a podcast that saw 15,000 downloads in its first three weeks, and it’s planning some conference appearances. It also sees virality through its shortcut author pages, which, like GitHub profiles, let developers show off their contributions and find their next gig.

One risk is that GitHub or another core developer infrastructure provider could try to barge directly into CTO.ai’s business. Google already has Cloud Composer, while GitHub launched Actions last year. Campbell says its defense comes through neutrally integrating with everyone, thereby turning potential competitors into partners.

The funding firepower could help CTO.ai build a lead. With every company embracing software, employers battling to keep developers happy and teams looking to get more of their staff working with code, the startup sits at the intersection of some lucrative trends of technological empowerment.

“I have a three-year-old at home and I think about what it will be like when he comes into creating things online,” Campbell concludes. “We want to create an amazing future for software developers, introducing automation so they can focus on what makes them such an important aspect. Devs are defining society!”

[Image Credit: Disney/Pixar via WallHere Goodfon]

Powered by WPeMatico

Hackers to stress-test Facebook Portal at hacking contest

Hackers will soon be able to stress-test the Facebook Portal at the annual Pwn2Own hacking contest, following the introduction of the social media giant’s debut hardware device last year.

Pwn2Own is one of the largest hacking contests in the world, where security researchers descend to find and demonstrate their exploits for vulnerabilities in a range of consumer electronics and technologies, including appliances and automobiles.

It’s not unusual for companies to allow hackers put their products through their paces. Tesla earlier this year entered its new Model 3 sedan into the contest. A pair of researchers later scooped up $375,000 — and the car they hacked — for finding a severe memory randomization bug in the web browser of the car’s infotainment system.

Hackers able to remotely inject and run code on the Facebook Portal can receive up to $60,000, while a non-invasive physical attack or a privilege escalation bug can net $40,000.

Introducing the Facebook Portal is part of a push by Trend Micro’s Zero Day Initiative, which runs the contest, to expand the range of home automation devices available to researchers in attendance. Pwn2Own said researchers will also get a chance to try to hack an Amazon Echo Show 5, a Google Nest Hub Max, an Amazon Cloud Cam and a Nest Cam IQ Indoor.

Facebook said it also would allow hackers to find flaws in the Oculus Quest virtual reality kit.

Pwn2Own Tokyo, set to be held on November 6-7, is expected to dish out more than $750,000 in cash and prizes.

Powered by WPeMatico

Verified Expert Growth Marketing Agency: TrueUp

It was the perfect storm when CEO and Founder Liam Reynolds finally decided to start TrueUp, a data-driven growth marketing agency/consultancy based in London. After decades of working for large creative advertising agencies, Liam quit his job right around the beginning of Silicon Valley’s growth hacking trend and plunged headfirst into running growth for early-stage startups.

TrueUp has since evolved from a one-man shop into an award-winning agency with a team of dedicated data, paid marketing and conversion specialists. Learn more about how they collaborate with clients and help them develop short- and long-term growth frameworks.

TrueUp’s approach to growth marketing:

“Rather than just saying ‘Look at these amazing results we’ve achieved,’ we would say, ‘Look, these are your growth opportunities, this is the process you need and here’s the framework unlock your true potential,’ We would build business models around this to show the opportunity in numbers, revenue and ROI.

Our approach to growth is anchored in delivering the right message to the right target audience in the right channel at the right time. It sounds simple but we’re amazed at how wrong people get this.

So we’ve created our own bespoke methodologies and frameworks to really explore and identify these hidden killer messages that drive action. We’ve built our own tools that allow us to do a lot of high-tempo, high-intensity testing.

It’s quite common that we have 500 to 600 tests running concurrently on Facebook for any given client. We’re continuously testing, learning, iterating, improving. As a result we’ve achieved some amazing results for our clients.”

Advice to founders:

“We approached True Up to help us establish and scale a UK paid marketing function. The team was highly professional from their initial pitch through the end of the project.” Maninder Saini, SF, International Operations Manager, Quizlet, Inc.

“For earlier stage startups, it’s to focus on achieving product-market fit and having awesome user experiences before worrying about growth. We worked with and mentored a lot of startups that immediately jump to, “Look I need to get X number of customers in X months.” However their products/services are often seriously lacking. This creates very weak foundations for growth. So their efforts would be better spent on creating products that genuinely meet a customer need. Once they’ve achieved product-market fit, it’s to communicate benefits not features. There’s always at least one killer message that cuts through but more often than not it’s hidden and not what the founders think it is. So a structured test program to explore this is also very much needed!”

designer fast facts 31

Below, you’ll find the rest of the founder reviews, the full interview, and more details like pricing and fee structures. This profile is part of our ongoing series covering startup growth marketing agencies with whom founders love to work, based on this survey and our own research. The survey is open indefinitely, so please fill it out if you haven’t already. 


Interview with TrueUp CEO & Founder Liam Reynolds

Liam photo

Yvonne Leow: Tell me about how you got into growth marketing and why you decided to start TrueUp.

Liam Reynolds: I started my career at a data marketing company called Dunnhumby. They were famous for managing the data science and intelligence behind TESCO’s Club Card, a very large loyalty program in the UK.

Powered by WPeMatico

What CISOs need to learn from WannaCry

In 2017 — for the first time in over a decade — a computer worm ran rampage across the internet, threatening to disrupt businesses, industries, governments and national infrastructure across several continents.

The WannaCry ransomware attack became the biggest threat to the internet since the Mydoom worm in 2004. On May 12, 2017, the worm infected millions of computers, encrypting their files and holding them hostage to a bitcoin payment.

Train stations, government departments, and Fortune 500 companies were hit by the surprise attack. The U.K.’s National Health Service (NHS) was one of the biggest organizations hit, forcing doctors to turn patients away and emergency rooms to close.

Earlier this week we reported a deep-dive story into the 2017 cyberattack that’s never been told before.

British security researchers — Marcus Hutchins and Jamie Hankins — registered a domain name found in WannaCry’s code in order to track the infection. It took them three hours to realize they had inadvertently stopped the attack dead in its tracks. That domain became the now-infamous “kill switch” that instantly stopped the spread of the ransomware.

As long as the kill switch remains online, no computer infected with WannaCry would have its files encrypted.

But the attack was far from over.

In the days following, the researchers were attacked from an angry botnet operator pummeling the domain with junk traffic to try to knock it offline and two of their servers were seized by police in France thinking they were contributing to the spread of the ransomware.

Worse, their exhaustion and lack of sleep threatened to derail the operation. The kill switch was later moved to Cloudflare, which has the technical and infrastructure support to keep it alive.

Hankins described it as the “most stressful thing” he’s ever experienced. “The last thing you need is the idea of the entire NHS on fire,” he told TechCrunch.

Although the kill switch is in good hands, the internet is just one domain failure away from another massive WannaCry outbreak. Just last month two Cloudflare failures threatened to bring the kill switch domain offline. Thankfully, it stayed up without a hitch.

CISOs and CSOs take note: here’s what you need to know.

Powered by WPeMatico

1 2 3 10