law enforcement

Auto Added by WPeMatico

Why your CSO, not your CMO, should pitch your security startup

Whenever a security startup lands on my desk, I have one question: Who’s the chief security officer (CSO) and when can I get time with them?

Having a chief security officer is as relevant today as a chief marketing officer (CMO) or chief revenue boss. Just as you need to make sure your offering looks good and the money keeps rolling in, you need to show what your security posture looks like.

Even for non-security startups, having someone at the helm is just as important — not least given the constant security threats that all companies face today, they will become a necessary part of interacting with the media. Regardless of whether your company builds gadgets or processes massive amounts of customer data, security has to be at the front of mind. It’s no good simply saying that you “take your privacy and security seriously.” You have to demonstrate it.

A CSO has several roles and they will wear many hats. Depending on the kind of company you have, they will work to bolster your company’s internal processes and policies on keeping not only your corporate data safe but also the data of your customers. They also will be consulted on security practices of your app or product or service to make sure you’re complying with consumer-expected privacy expectations — and not the overbearing and all-embracing industry standards of vacuuming up as much data as there is.

But for the average security startup, a CSO should also act as the point-person for all technical matters associated with their company’s product or service. A CSO can be an evangelist for the infosec professional who can speak to their company’s offering — and to reporters, like me.

In my view, no startup of any size — especially a security startup — should be without a CSO.

The reality is about 95 percent of the world’s wealthiest companies don’t have one. Facebook hasn’t had someone running the security shop since August. It may be a coincidence that the social networking giant has faced breach after exposure after leak after scandal, and it shows — the company is running around headless without a direction of where to go.

Powered by WPeMatico

The top 10 startups from Y Combinator W19 Demo Day 1

Electric-vehicle chargers, heads-up displays for soldiers and the Costco of weed were some of our favorites from prestigious startup accelerator Y Combinator’s Winter 2019 Demo Day 1. If you want to take the pulse of Silicon Valley, YC is the place to be. But with more than 200 startups presenting across two stages and two days, it’s tough to keep track.

You can check out our write-ups of all 85 startups that launched on Demo Day 1, and come back later for our full index and picks from Day 2. But now, based on feedback from top investors and TechCrunch’s team, here’s our selection of the top 10 companies from the first half of this Y Combinator batch, and why we picked each.

Ravn

Looking around corners is one of the most dangerous parts of war for infantry. Ravn builds heads-up displays that let soldiers and law enforcement see around corners thanks to cameras on their gun, drones or elsewhere. The ability to see the enemy while still being behind cover saves lives, and Ravn already has $490,000 in Navy and Air Force contracts. With a CEO who was a Navy Seal who went on to study computer science, plus experts in augmented reality and selling hardware to the Department of Defense, Ravn could deliver the inevitable future of soldier heads-up displays.

Why we picked Ravn: The AR battlefield is inevitable, but right now Microsoft’s HoloLens team is focused on providing mid-fight information, like how many bullets a soldier has in their clip and where their squad mates are. Ravn’s tech was built by a guy who watched the tragic consequences of getting into those shootouts. He wants to help soldiers avoid or win these battles before they get dangerous, and his team includes an expert in selling hardened tech to the U.S. government.

Middesk

It’s difficult to know if a business’ partners have paid their taxes, filed for bankruptcy or are involved in lawsuits. That leads businesses to write off $120 billion a year in uncollectable bad debt. Middesk does due diligence to sort out good businesses from the bad to provide assurance for B2B deals, loans, investments, acquisitions and more. By giving clients the confidence that they’ll be paid, Middesk could insert itself into a wide array of transactions.

Why we picked Middesk: It’s building the trust layer for the business world that could weave its way into practically every deal. More data means making fewer stupid decisions, and Middesk could put an end to putting faith in questionable partners.

Convictional

Convictional helps direct-to-consumer companies approach larger retailers more simply. It takes a lot of time for a supplier to build a relationship with a retailer and start selling their products. Convictional wants to speed things up by building a B2B self-service commerce platform that allows retailers to easily approach brands and make orders.

Why we picked Convictional: There’s been an explosion of D2C businesses selling everything from suitcases to shaving kits. But to drive exposure and scale, they need retail partners who’re eager not to be cut out of this growing commerce segment. Playing middleman could put Convictional in a lucrative position, while also making it a nexus of valuable shopping data.

Dyneti Technologies

Dyneti has invented a credit card scanner SDK that uses a smartphone’s camera to help prevent fraud by more than 50 percent and improve conversion for businesses by 5 percent. The business was started by a pair of former Uber employees, including CEO Julia Zheng, who launched the fraud analytics teams for Account Security and UberEATS. Dyneti’s service is powered by deep learning and works on any card format. In the two months since it launched, the company has signed contracts with Rappi, Gametime and others.

Why we picked Dyneti: Cybersecurity threats are growing and evolving, yet underequipped businesses are eager to do more business online. Dyneti is one of those fundamental B2B businesses that feels like Stripe — capable of bringing simplicity and trust to a complex problem so companies can focus on their product.

AmpUp

The “Airbnb for electric-vehicle chargers,” ampUp is preparing for a world in which the majority of us drive EVs — it operates a mobile app that connects a network of thousands of EV chargers and drivers. Using the app, an electric-vehicle owner can quickly identify an available and compatible charger, and EV charger owners can earn cash sharing their charger at their own price and their own schedule. The service is currently live in the Bay Area.

Why we picked ampUp: Electric vehicles are inevitable, but reliable charging is one of the leading fears dissuading people from buying. Rather than build out some massive owned network of chargers that will never match the distributed gas station network, ampUp could put an EV charger anywhere there’s someone looking to make a few bucks.

Flockjay

Flockjay operates an online sales academy that teaches job seekers from underrepresented backgrounds the skills and training they need to pursue a career in tech sales. The 12-week bootcamp offers trainees coaching and mentorship. The company has launched its debut cohort with 17 students, 100 percent of whom are already in job interviews and 40 percent of whom have already secured new careers in the tech industry.

Why we picked Flockjay: Unlike coding bootcamps that can require intense prerequisites, killer salespeople can be molded from anyone with hustle. Those from underrepresented backgrounds already know how to expertly sell themselves to attain opportunities others take for granted. Flockjay could provide economic mobility at a crucial juncture when job security is shaky.

Deel

Twenty million international contractors work with U.S. companies, but it’s difficult to onboard and train them. Deel handles the contracts, payments and taxes in one interface to eliminate paperwork and wasted time. Deel charges businesses $10 per contractor per month and a 1 percent fee on payouts, which earns it an average of $560 per contractor per year.

Why we picked Deel: The destigmatization of remote work is opening new recruiting opportunities abroad for U.S. businesses. But unless teams can properly integrate these distant staffers, the cost savings of hiring overseas are negated. As the globalization megatrend continues, businesses will need better HR tools.

Glide

There has been a pretty major trend toward services that make it easier to build web pages or mobile apps. Glide lets customers easily create well-designed mobile apps from Google Sheets pages. This not only makes it easy to build the pages, but simplifies the skills needed to keep information updated on the site.

Why we picked Glide: While desktop website makers is a brutally competitive market, it’s still not easy to make a mobile site if you’re not a coder. Rather than starting from a visual layout tool with which many people would still be unfamiliar, Glide starts with a spreadsheet that almost everyone has used. And as the web begins to feel less personal with all the brands and influencers, Glide could help people make bespoke apps that put intimacy and personality first.

Docucharm

The platform, co-founded by former Uber product manager Minh Tri Pham, turns documents into structured data a computer can understand to accurately automate document processing workflows and take away the need for human data entry. Docucharm’s API can understand various forms of documents (like paystubs, for example) and will extract the necessary information without error. Its customers include tax prep company Tributi and lending business Aspire.

Why we picked Docucharm: Paying high-priced, high-skilled workers to do data entry is a huge waste. And optical character recognition like Docucharm’s will unlock new types of businesses based on data extraction. This startup could be the AI layer underneath it all.

Flower Co

Flower Co provides memberships for cheaper weed sales and delivery. Most dispensaries cater to high-end customers and newbies that want expensive products and tons of hand-holding. In contrast, Flower Co caters to long-time marijuana enthusiasts who want huge quantities at low prices. They’re currently selling $200.000 in marijuana per month to 700 members. They charge $100 a year for membership, and take 10 percent on product sales.

Why we picked Flower Co: Marijuana is the next gold rush, a once-in-a-generation land-grab opportunity. Yet most marijuana merchants have focused on hyper-discerning high-end customers despite the long-standing popularity of smoking big blunts of cheap weed with a bunch of friends. For those who want to make cannabis consumption a lifestyle, and there will be plenty, Flower Co could become their wholesaler.

Honorable Mentions

Atomic Alchemy – Filling the shortage of nuclear medicine

Yourchoice – Omni-gender non-hormonal birth control

Prometheus – Turning CO2 into gas

Lumos – Medical search engine for doctors

Heart Aerospace – Regional electric planes

Boundary Layer Technologies – Super-fast container ships

Additional reporting by Kate Clark, Greg Kumparak and Lucas Matney

Powered by WPeMatico

Tall Poppy aims to make online harassment protection an employee benefit

For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back.

Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work that Honeywell, a security specialist, had been doing to hunt down trolls in online communities since at least 2008.

That was the year that Honeywell first went after a particularly noxious specimen who spent his time sending death threats to women in various Linux communities. Honeywell cooperated with law enforcement to try and track down the troll and eventually pushed the commenter into hiding after he was visited by investigators.

That early success led Honeywell to assume a not-so-secret identity as a security expert by day for companies like Microsoft, Salesforce, and Slack, and a defender against online harassment when she wasn’t at work.

“It was an accidental thing that I got into this work,” says Honeywell. “It’s sort of an occupational hazard of being an internet feminist.”

Honeywell started working one-on-one with victims of online harassment that would be referred to her directly.

“As people were coming forward with #metoo… I was working with a number of high profile folks to essentially batten down the hatches,” says Honeywell. “It’s been satisfying work helping people get back a sense of safety when they feel like they have lost it.”

As those referrals began to climb (eventually numbering in the low hundreds of cases), Honeywell began to think about ways to systematize her approach so it could reach the widest number of people possible.

“The reason we’re doing it that way is to help scale up,” says Honeywell. “As with everything in computer security it’s an arms race… As you learn to combat abuse the abusive people adopt technologies and learn new tactics and ways to get around it.”

Primarily, Tall Poppy will provide an educational toolkit to help people lock down their own presence and do incident response properly, says Honeywell. The company will work with customers to gain an understanding of how to protect themselves, but also to be aware of the laws in each state that they can use to protect themselves and punish their attackers.

The scope of the problem

Based on research conducted by the Pew Foundation, there are millions of people in the U.S. alone, who could benefit from the type of service that Tall Poppy aims to provide.

According to a 2017 study, “nearly one-in-five Americans (18%) have been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.”

The women and minorities that bear the brunt of these assaults (and, let’s be clear, it is primarily women and minorities who bear the brunt of these assaults), face very real consequences from these virtual assaults.

Take the case of the New York principal who lost her job when an ex-boyfriend sent stolen photographs of her to the New York Post and her boss. In a powerful piece for Jezebel she wrote about the consequences of her harassment.

As a result, city investigators escorted me out of my school pending an investigation. The subsequent investigation quickly showed that I was set up by my abuser. Still, Mayor Bill de Blasio’s administration demoted me from principal to teacher, slashed my pay in half, and sent me to a rubber room, the DOE’s notorious reassignment centers where hundreds of unwanted employees languish until they are fired or forgotten.

In 2016, I took a yearlong medical leave from the DOE to treat extreme post-traumatic stress and anxiety. Since the leave was almost entirely unpaid, I took loans against my pension to get by. I ran out of money in early 2017 and reported back to the department, where I was quickly sent to an administrative trial. There the city tried to terminate me. I was charged with eight counts of misconduct despite the conclusion by all parties that my ex-partner uploaded the photos to the computer and that there was no evidence to back up his salacious story. I was accused of bringing “widespread negative publicity, ridicule and notoriety” to the school system, as well as “failing to safeguard a Department of Education computer” from my abusive ex.

Her story isn’t unique. Victims of online harassment regularly face serious consequences from online harassment.

According to a  2013 Science Daily study, cyber stalking victims routinely need to take time off from work, or change or quit their job or school. And the stalking costs the victims $1200 on average to even attempt to address the harassment, the study said.

“It’s this widespread problem and the platforms have in many ways have dropped the ball on this,” Honeywell says.

Tall Poppy’s co-founders

Creating Tall Poppy

As Honeywell heard more and more stories of online intimidation and assault, she started laying the groundwork for the service that would eventually become Tall Poppy. Through a mutual friend she reached out to Dean, a talented coder who had been working at Ticketfly before its Eventbrite acquisition and was looking for a new opportunity.

That was in early 2015. But, afraid that striking out on her own would affect her citizenship status (Honeywell is Canadian), she and Dean waited before making the move to finally start the company.

What ultimately convinced them was the election of Donald Trump.

“After the election I had a heart-to-heart with myself… And I decided that I could move back to Canada, but I wanted to stay and fight,” Honeywell says.

Initially, Honeywell took on a year-long fellowship with the American Civil Liberties Union to pick up on work around privacy and security that had been handled by Chris Soghoian who had left to take a position with Senator Ron Wyden’s office.

But the idea for Tall Poppy remained, and once Honeywell received her green card, she was “chomping at the bit to start this company.”

A few months in the company already has businesses that have signed up for the services and tools it provides to help companies protect their employees.

Some platforms have taken small steps against online harassment. Facebook, for instance, launched an initiative to get people to upload their nude pictures  so that the social network can monitor when similar images are distributed online and contact a user to see if the distribution is consensual.

Meanwhile, Twitter has made a series of changes to its algorithm to combat online abuse.

“People were shocked and horrified that people were trying this,” Honeywell says. “[But] what is the way [harassers] can do the most damage? Sharing them to Facebook is one of the ways where they can do the most damage. It was a worthwhile experiment.”

To underscore how pervasive a problem online harassment is, out of the four companies where the company is doing business or could do business in the first month and a half there is already an issue that the company is addressing. 

“It is an important problem to work on,” says Honeywell. “My recurring realization is that the cavalry is not coming.”

Powered by WPeMatico

A free web tool can predict your hair, skin, and eye color from DNA data

A new tool by researchers at the School of Science at IUPUI and Erasmus MC University Medical Center Rotterdam in the Netherlands can predict your hair, skin, and eye color from your DNA data. The system, which is essentially a web app that can accept DNA sequences, compares known color phenotypes to known data and tells you the probabilities of each color.

The app, called HIrisPlex-S, can tell colors from even small amounts of DNA like that left at a crime scene.

“We have previously provided law enforcement and anthropologists with DNA tools for eye color and for combined eye and hair color, but skin color has been more difficult,” said forensic geneticist Susan Walsh from IUPUI. “Importantly, we are directly predicting actual skin color divided into five subtypes — very pale, pale, intermediate, dark and dark to black – using DNA markers from the genes that determine an individual’s skin coloration. This is not the same as identifying genetic ancestry. You might say it’s more similar to specifying a paint color in a hardware store rather than denoting race or ethnicity. If anyone asks an eyewitness what they saw, the majority of time they mention hair color and skin color. What we are doing is using genetics to take an objective look at what they saw.”

You can actually try the web app here but be warned: it’s not exactly the most user friendly app on the web. It requires you to know specific alleles for your test subject or upload a set of alleles in a csv file. It is, however, free and looks like it could wildly useful in law enforcement and figuring out what your hair color was before you dyed it purple.

“With our new HIrisPlex-S system, for the first time, forensic geneticists and genetic anthropologists are able to simultaneously generate eye, hair and skin color information from a DNA sample, including DNA of the low quality and quantity often found in forensic casework and anthropological studies,” said Manfred Kayser of Erasmus MC.

Powered by WPeMatico

iOS will soon disable USB connection if left locked for a week

In a move seemingly designed specifically to frustrate law enforcement, Apple is adding a security feature to iOS that totally disables data being sent over USB if the device isn’t unlocked for a period of 7 days. This spoils many methods for exploiting that connection to coax information out of the device without the user’s consent.

The feature, called USB Restricted Mode, was first noticed by Elcomsoft researchers looking through the iOS 11.4 code. It disables USB data (it will still charge) if the phone is left locked for a week, re-enabling it if it’s unlocked normally.

Normally when an iPhone is plugged into another device, whether it’s the owner’s computer or another, there is an interchange of data where the phone and computer figure out if they recognize each other, if they’re authorized to send or back up data, and so on. This connection can be taken advantage of if the computer being connected to is attempting to break into the phone.

USB Restricted Mode is likely a response to the fact that iPhones seized by law enforcement or by malicious actors like thieves essentially will sit and wait patiently for this kind of software exploit to be applied to them. If an officer collects a phone during a case, but there are no known ways to force open the version of iOS it’s running, no problem: just stick it in evidence and wait until some security contractor sells the department a 0-day.

But what if, a week after that phone was taken, it shut down its own Lightning port’s ability to send or receive data or even recognize it’s connected to a computer? That would prevent the law from ever having the opportunity to attempt to break into the device unless they move with a quickness.

On the other hand, had its owner simply left the phone at home while on vacation, they could pick it up, put in their PIN and it’s like nothing ever happened. Like the very best security measures, adversaries will curse its name while users may not even know it exists. Really, this is one of those security features that seems obvious in retrospect and I would not be surprised if other phone makers copy it in short order.

Had this feature been in place a couple of years ago, it would have prevented that entire drama with the FBI. It milked its ongoing inability to access a target phone for months, reportedly concealing its own capabilities all the while, likely to make it a political issue and manipulate lawmakers into compelling Apple to help. That kind of grandstanding doesn’t work so well on a seven-day deadline.

It’s not a perfect solution, of course, but there are no perfect solutions in security. This may simply force all iPhone-related investigations to get high priority in courts, so that existing exploits can be applied legally within the seven-day limit (and, presumably, every few days thereafter). All the same, it should be a powerful barrier against the kind of eventual, potential access through undocumented exploits from third parties that seems to threaten even the latest models and OS versions.

Powered by WPeMatico

Pressure In Congress Grows For GPS Tracking Reform After Supreme Court Passes On Cell Phone Case

capitol Senators and House representatives this week are calling on Congress to act on bills that would limit location tracking and phone surveillance after the Supreme Court decided not to hear a cell phone case earlier this week. The justices on Monday declined to review a federal court’s decision from earlier this year that police do not need a warrant to seize and search cell phone records… Read More

Powered by WPeMatico