Subscribe to:

Subscribe to :: TheGuruReview.net ::

Keybase Unveils End-to-End Message Encryption Service

September 26, 2017 by  
Filed under Around The Net

Keybase has rolled out a Slack-style team messaging service that promises to protect private communications with end-to-end encryption.

The company launched in 2015 with the aim of making encryption technology more accessible to consumers. Its latest service, Keybase Teams, has a look similar to Slack with features such as chat rooms and channels. Admins can add set up groups of users to work on a particular project, and encrypted files can be uploaded and shared.

An early release version of the software is now available for download for desktops and mobile devices.

The key advantage, Keybase said, involves enhanced security and privacy.

End-to-end encryption means that only the sender and receiver of a message can view the information being shared. The goal is to prevent ‘man in the middle’ attacks and block any third parties from viewing the data.

Most of the popular team messaging tools such as Slack and Microsoft Teams encrypt data at rest and in transit, rather than end-to-end. Cisco, however, has already added full encryption to its Spark platform.

In a blog post, Keybase said that end-to-end encryption is important as it “means you don’t have to worry about server hacks. Alternatively, you can lie awake at night…fearing a breach of your company’s messaging history. What if your team’s history got stolen from Slack and leaked or published?”

Keybase said its messaging tool will not just protect communications from external snooping, but also block sub-teams in the same organization from gaining access to private information. The company cited work involving, for example, a devops team and board of directors: “From passing around technical secrets to discussing more tender business dealings, these groups will want data that can’t be decrypted by others inside their own company.”

 

Can Microsoft Help Linux Grow

September 26, 2017 by  
Filed under Computing

A Docker and Google Cloud expert has packed her bags and headed to Microsoft claiming that Vole is going to be the next key Linux driver.

Jessie Frazelle, who rose to prominence in the developer community with Docker and later Google Cloud, made the bold claim to justify her departure to Microsoft.

For those who came in late, Microsoft was the “enemy” of the Open Source movement for many years. This was not helped by the shy and retiring CEO of Microsoft, Steve Ballmer, calling the Linux a cancer.

Frazelle said that it was “very possible that Microsoft doesn’t merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future”.

Vole has hired Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and Stephen Hemminger, and it now employs 12 Linux kernel contributors.

Linux kernel maintainer Greg Kroah-Hartman says” “Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems.”

According to InfoWorld, it means that pigs really do fly. Microsoft has come a long way from declaring that Linux is a cancer.

Courtesy-Fud

Is Valve’s Steam Dominance Killing PC Gaming

September 25, 2017 by  
Filed under Gaming

Earlier this week I wrote about a recurring problem in games, and what I was going to do as a member of the media to try and fix it. Today I’m going to talk about something I’m doing to fix it as a customer and gamer.

I hadn’t intended to write a follow-up piece, but I hit a bit of a breaking point this week with the one-two punch of PewDiePie dropping the n-word on stream and Bungie removing a white supremacist symbol from its Destiny 2.

Both events are part of a wretched pattern that has been recurring in games for several years now, a pattern where we see some deep-seated prejudices in gaming culture come to the fore in alarming clarity for a moment, everyone points and decries the awfulness, then everyone else gets angry at the people who didn’t like the awful thing. If we’re very lucky, the people who screwed up in the first place publicly apologize, reflect on their mistakes and try to do better the next time. It’s much, much rarer to see anyone indirectly responsible for this pattern take an honest look at their role in it, and we absolutely need them to if this is ever going to get better.

“People talk about racism, sexism, transphobia and the like as if they are diseases, but maybe we should think of these things less like contagions and more like environmental pollutants”

People talk about racism, sexism, transphobia and the like as if they are diseases, like it’s something binary you either have or you don’t. “This is racist. That is not racist.” But maybe we should think of these things less like contagions and more like environmental pollutants. They surround us at all times, but in varying concentrations. They’re like arsenic in your drinking water, or rat feces in your popcorn; we should aspire to have none at all, but that’s a difficult enough task that we “accept” both in small quantities. (Seriously.) When they are present in very small amounts, the damage they do is manageable. But when the concentration is high enough, they can be fatal.

This is a cultural problem, which means all of us play a small role in making it better or worse. Like riding a bike instead of driving a car or using LEDs instead of incandescent lights, our actions don’t move the needle on their own, but can add up to something significant when combined with the actions of enough others. This week’s events left me wanting to do something to make things better, and that’s when I saw a NSFW tweet with some screen caps of the Firewatch Steam forum.

After PewDiePie dropped his racist interjection, Firewatch developer Campo Santo had the popular streamer’s video of the game pulled from YouTube using the service’s copyright claims process. Angry gamers then began review bombing the title on Steam, and poured into the game-specific forums to flood them with abuse. Because that’s how it’s done now. Because we are gamers and every avenue of feedback available to us must be weaponized so that we can have things our way. Because we’re so upset about a developer using a questionable invocation of the DMCA that we would crusade arm-in-arm with overt racists and human garbage rather than let our rage go unvented for even a moment. (See also: People actually concerned with ethics in games journalism who provided willing cover for virulent misogynists and harassers during GamerGate.)

Most of those threads in the Firewatch forum have since been consolidated, with the most exceptionally racist ones being deleted. But it wasn’t Valve who handled the clean up, because Valve offloads moderation of game-specific forums to the developers. Just like translation of its store pages or curation of its catalog, Valve seems to like nothing more to offload the work on others. That approach might be fine for some functions, but the company cannot abdicate responsibility for the community and culture that has come from its own neglect.

“Valve’s dogmatic commitment to removing human judgment from every aspect of the operation is in effect a judgment call of its own”

That’s why I’m terminating my Steam account.

For as much as Valve’s actions have revitalized the PC gaming scene in the last dozen years, its inaction has been steadily deteriorating gaming culture. Our own Rob Fahey has covered Steam’s community woes before, but the company’s dogmatic commitment to removing human judgment from every aspect of the operation is in effect a judgment call of its own, one that presumes everything is acceptable and there are no limits other than legal ones. And on the rare occasion Valve actually deviates from that approach and enforces some standards, it does so reluctantly.

Right now you can find Hatred, Playing History 2 – Slave Trade, and House Party on the storefront, showing that Valve has no problem with the glorification of mass shootings, the trivialization of atrocities, or the gamification of rape. We can give them some points for consistency though, as the availability of Paranautical Activity suggests Valve is unwilling to take a stand even against death threats to its own founder.

This same approach of course applies to the Steam community, which technically has guidelines, but little interest in enforcing them. Hey, there’s a guideline forbidding racism and discrimination, weird. I guess “Nazi Recruitment Group Order#1” (NSFW) with the swastika logo and 76 members has just fallen through the cracks for the last two years. And that user, “F*** Blacks,” with a graphic avatar of a man fellating himself? I’m sure he just changed it and I just happened to visit the site in the split-second that was online before he was banned.

Nope, still there.

Oh, and this one, “Whites Only,” (NSFW) a group “for any fellow White Supremacists, Neo-Nazis, and anyone who just hates colored people!” (If you must click through, be warned it only gets more racist from there.) Maybe nobody’s noticed them. Oh wait, no, here’s a post in the Steam help forums asking people to help ban the group for being racist. Well maybe Valve hasn’t seen it. Oh, wait. There’s a post from a Valve community mod locking the thread and linking to the support page on how to report abusive behavior.

That’s one of 29 community mods volunteering their time “to help keep discussions clean and on topic, and remove reported user generated content around the Steam Community.” If you talk about actual Valve employees, people who might theoretically be trained and compensated to do the job, there are apparently only 12 that mod the community. Even they aren’t necessarily focused on the task; they include programmers, software engineers, and UI designers that the company simply says “spend some time” helping out on the forums.

“Whatever its motives, Valve is clearly just fine operating an online toilet that harbors the worst dregs of society”

By the way, Steam had 12.9 million users online at the same time today. Steam is a massive chunk of the gaming community and Valve has offloaded moderation responsibilities to the developers and the users to a staggering degree. The company is so dedicated to having other people fix its problems that when I filed my request to terminate the account because I was sick of the toxicity, the first response I got from Steam Support said, “Please make sure you’re using the ‘Report Violation’ feature to report inappropriate behavior or users on Steam.”

Whatever its motives, Valve is clearly just fine operating an online toilet that harbors the worst dregs of society. But if it isn’t willing to staff up a reasonable amount of dedicated community management people, enforce even the minimal guidelines it claims to have, and excise these bad faith actors from its community, then I have no choice but to believe Valve wants them there. And if Valve wants them there, it’s fair to hold the company responsible for all the vileness they spew from the platform it owns and completely controls. Whatever benefit Steam once offered me has been more than offset by the harm it causes to its marginalized users, gaming culture, and society as a whole. I won’t be a part of that community any longer.

So my Steam account is gone, or presumably will be once Steam Support gets around to fulfilling my request. While I would encourage everyone reading this to consider whether Steam is a community they want to associate themselves with, I have to acknowledge this is not a huge sacrifice for me. I’m losing access to dozens of games and a backlog of purchased-but-unplayed titles, but I’m not primarily a PC gamer.

Having acknowledged that, it would seem unreasonable that my “call to action” be for everyone to delete their Steam accounts, or for developers to pull their games from a store that provides an overwhelming majority of their business. Instead, I would simply ask that everyone do what they can to foster viable alternatives. As consumers, we can stop buying new games from Steam if they are available on GOG.com, itch.io, or an alternative storefront. Developers, make it a priority to get your games on as many storefronts as possible, even if they only incrementally boost the bottom line. Because right now the PC gaming industry is entirely too dependent on a company with entirely too little interest in basic human decency, and it’s hurting us all.

Courtesy-GI.biz

Are Hackers From North Korea Stealing Bitcoins

September 21, 2017 by  
Filed under Around The Net

North Korea’s hackers may be stealing bitcoin and other virtual currencies in a bid to evade sanctions and obtain hard currencies to fund the regime.

That’s according to a blog post by security firm FireEye. While state-sponsored North Korean cyber-criminals have been targeting banks and the global financial system for some time in order to fund the isolated state, FireEye believes that hackers are now attempting to steal virtual currencies too.

Since May 2017, FireEye says it has observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds.

“The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016,” it said.

FireEye suggested that the attacks were not the only link between North Korea and cryptocurrencies. It said there were also “ties between North Korean operators and a watering hole compromise of a bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner” – which references Kaspersky Lab’s finding of a direct link between the Lazarus group banking heist hackers, whereby hackers installed Monero cryptocurrency mining software, and North Korea.

According to FireEye, spearphishing attempts against one South Korean exchange began early in May, and later that month another exchange in South Korea was compromised. In early June, more suspected North Korean activity targeting ‘unknown victims’  – which FireEye believes are cryptocurrency service providers in South Korea – was reported, and in July a third South Korean exchange was targeted, once again through spearphishing a personal account.

Prior to this activity, four wallets on Yapizon, a South Korean cryptocurrency exchange were compromised on 22 April, although FireEye says there is no indication of North Korea involvement with this.

The cyber security firm believes that the 26 April announcement by the US of increased economic sanctions against North Korea may have played a part in driving North Korean interest in cryptocurrency. By focusing on cryptocurrencies, attackers may benefit from lax anti-money laundering controls as the regulatory environment around these currencies is still emerging.

“While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential,” FireEye said.

“Cyber criminals may no longer be the only nefarious actors in this space,” it concluded.

Courtesy-TheInq

Fake ‘E-coins’ Shut Down By Switzerland

September 20, 2017 by  
Filed under Around The Net

Switzerland’s financial watchdog has shut down what it said was the provider of a fake cryptocurrency and is investigating around a dozen other possible fraud cases, in the latest clamp-down on the risks involving virtual money.

The move by the FINMA watchdog comes on the heels of Chinese authorities’ ordering Beijing-based cryptocurrency exchanges to stop trading and immediately notify users of their closure.

Virtual currencies such as Bitcoin, which are issued and usually controlled by their developers and not backed by a central bank, are hailed by their supporters as a fast and efficient way of managing money.

But regulators and traditional banks are increasingly concerned about the risks of fraud in the burgeoning online cryptocurrency underworld.

JPMorgan Chief Executive Jamie Dimon last week said Bitcoin, the original and still the biggest cryptocurrency, “is a fraud” and will eventually “blow up”.

 The QUID PRO QUO Association shut down by FINMA had provided so-called E-Coins for more than a year and had amassed funds of at least 4 million Swiss francs ($4.2 million) from several hundred users, FINMA said in a statement on Tuesday.

“This activity is similar to the deposit-taking business of a bank and is illegal unless the company in question holds the relevant financial market license,” FINMA, Switzerland’s Financial Market Supervisory Authority, said.

E-Coin was not like “real cryptocurrencies”, FINMA said, because it was not stored on distributed networks using blockchain technology but was instead kept locally on QUID PRO QUO’s servers.

Reuters was not immediately able to reach Zurich-based QUID PRO QUO for comment.

Will A.I. Replace Teachers

September 18, 2017 by  
Filed under Around The Net

There are probably schools where any machines, including PCs and laptops, are regularly stolen because the kids have gone all Lord of the Flies. Things are probably not like that at Wellington College, which is where the prediction has come from.

In a report in The Independent, Sir Anthony Sheldon waxed lyrical about the potential and possibilities of artificial intelligence (AI) and automated teachers.

“School teachers will lose their traditional role and effectively become little more than classroom assistants” reports the paper.

“They will remain on hand to set up equipment, help children when necessary and maintain discipline.”

This sounds a bit like current teaching, where a television, overhead projector or computer can be wheeled into a classroom and turned on and left to teach.

Sheldon is convinced about this and is excited about the possibility of every kid getting the kind of education that money pays for.

“It certainly will change human life as we know it. It will open up the possibility of an Eton or Wellington education for all. Everyone can have the very best teacher and it’s completely personalised; the software you’re working with will be with you throughout your education journey. It can move at the speed of the learner,” he said.

“This is beyond anything that we’ve seen in the industrial revolution or since with any other new technology. These are adaptive machines that adapt to individuals. They will listen to the voices of the learners, read their faces and study them in the way gifted teachers study their students.

“We’re looking at screens which are listening to the voice of the student and reading the face of the student. Reading and comprehending.”

Courtesy-TheInq

U.S. Homeland Security Sued Over Warrantless Device Searches

September 15, 2017 by  
Filed under Around The Net

The American Civil Liberties Union and the Electronic Frontier Foundation filed suit against the Department of Homeland Security for searching the phones and laptops of 11 plaintiffs at the US border without a warrant.

The group of plaintiffs includes 10 US citizens and one lawful permanent resident, several of whom are Muslims or people of color. Among the group are journalists, a veteran, and a NASA engineer. All were reentering the US following business or personal travel. Some plaintiffs had their devices confiscated for weeks or months. None were accused of wrongdoing following the searches.

“People are traveling with electronic devices that have an unprecedented amount of highly personal information on them,” said EFF staff attorney Sophia Cope. “The privacy interests in a smartphone are significantly greater than the privacy interests in a piece of luggage. The Constitution requires that the government must meet a higher burden to get access to travelers’ personal information.”

Border electronic device searches have been increasing over the last few years. Officers searched approximately 15,000 electronic devices in the first half of the fiscal year 2017, according to US Customs and Border Protection, almost three times the total number of searches conducted in 2015. In 2016, a total of 19,033 searches were conducted.

CBP, which is a Department of Homeland Security agency, states on its website that “no court has concluded that the border search of electronic devices requires a warrant.” But many travelers, including the plaintiffs in this case, have cited concerns about officers reading private emails and messages on their phones and laptops.

CBP spokeswoman Jennifer Gabris said the agency doesn’t comment on pending litigation, but noted that Homeland Security’s actions are consistent with its responsibility to protect the country and enforce laws at the borders. She said all people, baggage, and merchandise arriving in or leaving the US are subject to search.

“We’re not saying that CBP can’t ever search someone’s device, but they need to have probable cause that the device contains evidence that the traveler has committed a customs or immigration violation,” Cope said.

Microsoft Updates Teams Collaboration Software

September 13, 2017 by  
Filed under Around The Net

Microsoft has added enhancements to its Teams collaboration software, including guest account access and beefing up security and management capabilities for IT admins.

The guest access means that Office 365 users can now add people from outside their company to a team, enabling third-party users to participate in chats, join meetings and collaborate on documents.

The new feature means that IT staff will now be able to centrally manage guest accounts, enabling them to add, view or, if necessary, revoke access.

“This is a very significant milestone for Teams, as up until now it was only available for internal use,” said Alan Lepofsky, vice president and principal analyst at Constellation Research. “Now customers will be able to collaborate with people outside of their firewall, opening up a much broader range of use-cases.”

Anyone with an Azure Active Directory account can be added as a guest in Teams.

Microsoft said that there are currently more than 870 million Azure Active Directory user accounts.

While guest users must have an Azure Active Directory account to use Teams, there are plans to allow anyone with a Microsoft Account to be added as a guest. If a guest doesn’t have an existing Microsoft Account, they would have to create a free account using their email address, whether they use Outlook or other email providers such as Google’s Gmail.

Guest user access will fall under the same compliance and auditing protection as the rest of Office 365, the company said.

Security is an important factor when enabling guest access for users. With this in mind, Microsoft said that guest accounts will be added and managed within Azure Active Directory via Azure AD B2B Collaboration. Azure Active Directory provides features such as conditional access policies for guest users as well as machine learning algorithms to detect anomalies and suspicious incidents, and it can automatically trigger security processes such as multi-factor authentication when required.

The addition of guest access brings Teams in line with competing messenger tools such as Slack and Cisco Spark, which also enable external access, as well as Microsoft’s own Yammer collaboration software.

“It is encouraging that Microsoft is rolling out the ability to allow external users to collaborate in Teams, but it is a feature most collaborative applications have had for a while,” said IDC research director Wayne Kurtzman.

“To be a serious contender in the collaboration applications market, has to catch up with the market on a lot of features and functions,” he said.

In addition to the new features, Microsoft offered insights into how Teams is faring six months after its launch. According to the company, 125,000 organizations have now used the Slack competitor, compared to 30,000 back in January. That leaves plenty of room for growth, of course; Microsoft claims there are currently around 100 million Office365 users globally.

Atlassian Launches New Enterprise Product Stride

September 11, 2017 by  
Filed under Around The Net

Collaboration software maker Atlassian has unveiled a new enterprise product that provides text, voice, video, file sharing and other workplace collaboration tools that allow portions of group text threads to be set aside as sidebar tasks to be completed later.

Atlassian, which already offers a collaboration platforms such as Confluence and HipChat, referred to its new Stride offering as a product built “from the ground up” exclusively for corporate use.

As with HipChat, which the company bought in 2012, Stride will be offered in a freemium model, with additional features that require companies to pay $3 per user per month.

The Stride software was built to scale from startups with 10 employees to enterprises of more than 10,000, and includes security features such as secure file sharing and two-factor authentication.

 The free version of Stride will provide messaging between unlimited users, chat rooms, group video and audio. The paid tier introduces dial-in features, screen sharing and remote desktop control.

Group text or voice chat meetings can also migrate to video chats, with team members able to be instantly notified of the change so they can get the full context of the conversation that was in progress.

Like HipChat, Stride will offer file sharing, video and voice calling, the ability to search previous messages and the ability to view images, which can also be annotated. Stride will also offer screen sharing, and remote-control access across multi-platform devices, including iOS, Android and Chrome.

While both HipChat and Stride are enterprise communication products, Stride brings together video/audio conferencing and collaboration tools “to offer the most complete communications tool on the market,” said Steve Goldsmith, general manager at Atlassian.

 

WhatsApp Unveil Messaging App For Businesses

September 8, 2017 by  
Filed under Around The Net

Facebook-owned messaging platform WhatsApp has revealed plans to develop standalone versions of its mobile app aimed at connecting businesses and their customers more easily.

WhatsApp Business will be free for small businesses, with a paid-for enterprise version targeted at those with a global customer base – an indication of one way Facebook plans to monetize the app, which now has a billion daily users.

In a blog post the company said the proposed enterprise app will allow large organizations including airlines, e-commerce sites, and banks to contact customers with notifications, such as “flight times, delivery confirmations, and other updates”.

Pricing information was not disclosed, though The Wall Street Journal reported that the corporate tool will require a fee.

WhatsApp has been steadily enhancing its business-to-consumer capabilities for some time now. Last week, the firm announced a business verification system, with a green badge indicating WhatsApp has confirmed a phone number belongs to an authenticated business account – similar to Facebook’s own grey badge for business pages. WhatsApp has previously announced plans to allow businesses to contact customers with marketing messages.

In its blog post, WhatsApp said it will work with business users as part of a closed pilot program to test additional new services ahead of a wider launch.

One of the companies testing the enterprise service, UK-based e-commerce firm Yoox Net-a-Porter, said in a blog post that many of its customers prefer to use WhatsApp rather than email to complete transactions and get product suggestions. The company, which also has operations in the U.S., said it has completed single item sales of up $104,000. WhatsApp is now integrated with its order management system application and is being tested as a notification system for order shipping confirmations.

The announcement serves to highlight the growing acceptance of the consumer messaging app by business users. WhatsApp claimed that many small businesses are already using its platform to interact with customers, though acknowledged that kind of connection is “pretty rudimentary.”

Facebook acquired WhatsApp in 2014 for approximately $22 billion and has been attempting to find ways to generate revenue streams from the popular messaging app.

Is Another Palm Smartphone On The Horizon

September 8, 2017 by  
Filed under Mobile

Next year TCL says it is planning to release a Palm smartphone next year – sadly without the OS which made it famous.

It was not clear what was happening to the Palm brand which has been moved out of HP-connected devices then into a limbo. LG got its paws on the Palm operating system and continues to be used (in some form or another) in LG smart TVs.

TCL acquired the Palm brand in 2011.

According to Android Planet TCL Marketing Manager Stefan Streit confirmed that they’ve finally gotten to a place where they can make a Palm phone.

Streit suggested that new Palm devices would be announced in early 2018. While Streit did not specify which devices would be coming, AP suggested that a smartphone and a new PalmPilot would be obvious releases.

Palm would be made for adult users, presumably those who are old enough to remember that the Palm was a brand they trusted and will see Palm as a brand new high-quality smartphone brand. Of course they will have to forget that the new Palm is a totally different machine, but if people buy brands TCL might score a win.

Courtesy-Fud

Essential Phone Owners Received Email Asking For Proof Of Identity

September 6, 2017 by  
Filed under Mobile

The term “improperly configured” is a nightmare that dogs IT organizations everywhere.

It can refer to a firewall protecting an enterprise; it can create problems on a web server. For one newly minted smartphone company, it can also look pretty embarrassing.

Essential phone recently sent an email to customers asking for proof of identity. This request was a little odd in the first place — who does that anymore? The email basically asked customers to send a picture of a photo identification or passport by email. From a security standpoint, that’s a bit like asking people to text your credit card number to a hacker.

Where things really went south, though, is when those customers who responded to the email realized they had transmitted that security information to everyone else on the email chain.

Essential later admitted the error and said it was due to a configuration problem on a ZenDesk support email. Oops. At first, it seemed like a hacker had done some dirty work.

Andy Rubin, the famed Android creator and founder of Essential, sent out an apology.

The problem with the whole fiasco is that it should never have happened, even at a small company. For starters, who was testing the email process? From what I understand about how emails are often sent out to customers — especially an email newsletter — there’s typically a test to make sure everything works and to get approvals from stakeholders.

For example, you send out a test email to a few people first and make sure everything works, the formatting is correct, the sender looks legit, a reply works, and the links operate as expected. Accidents happen. That’s why, for a newsletter, companies do a test run to see if there are any anomalies. It’s not really acceptable to say the accident happened “live” with the real email.

You could say — it takes time and effort. But that’s not really an excuse if you plan ahead a little. If a mass email needs to go out on Friday, you can schedule a test for Thursday, fix the problems (in Zendesk, or MailChimp, or whatever tool you are using) and then proceed.

More than anything, it makes me wonder how much the company tested the phone itself. Hopefully, if you bought one and need support, you won’t find out it was a mistake.

Millions Of Users Info Left Exposed By Time Warner Cable

September 5, 2017 by  
Filed under Around The Net

More than four million records of users of Time Warner Cable’s MyTWC app were discovered unsecured on an Amazon server last month, according to digital security research center Kromtech Security Center.

The files — more than 600 gigabytes in size containing sensitive information such as transaction ID, user names, Mac addresses, serial numbers, account numbers — were discovered on Aug. 24 without a password by researchers of Kromtech.

“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter Communications Inc,  Time Warner Cable’s parent, said in an email.

The information was removed immediately after the discovery and the incident is being investigated, Charter said.

The breach was eventually linked to BroadSoft Inc, a communications company, whose unit developed the MyTWC app.

Broadsoft did not immediately respond to a request for comment.

Did The CIA Spy On Intel’s Partners

September 1, 2017 by  
Filed under Around The Net

The FBI and Homeland Security, who relied on the CIA for tech support for biometric data, were being targeted by spyware.

According to what is fairly likely to be Russian intelligence leaked to Wikileaks, the CIA wrote a program called ExpressLane, is designed to be deployed alongside a biometric collection system that the CIA provides to partner agencies.

Since 2009 this software has been siphoning data back to the CIA on the off-chance those partners are holding out on them.

ExpressLane masquerades as a software update, delivered in-person by CIA technicians — but the documents make clear that the program itself will remain unchanged. The program siphons the system’s data to a thumb drive, where agents can examine it to see if there’s anything the partner system is holding back. If the partners refuse the phoney update, there’s a hidden kill-switch that lets agents shut down the entire system after a set period of time, requiring an in-person visit to restore the system.

WikiLeaks’s “sources” claim the program was primarily used against US agencies like the FBI and Department of Homeland Security, although the documents themselves do not say that. In fact the CIA doesn’t maintain any significant biometric database of its own, it’s also unclear what the agency would do with any data it obtained. 

WikiLeaks continues to release the agency’s hacking tools as part of the Vault 7 campaign.

Courtesy-Fud

Do Indy Developers Need a Publisher To Succeed On Steam

August 31, 2017 by  
Filed under Gaming

Discoverability problems on Steam have reached the stage where it’s essential that indie and smaller developers seek out a publishing deal.

That’s according to Bulkhead Interactive producer Joe Brammer, who spoke to GamesIndustry.biz at Gamescom about indie attitudes towards publishers, lessons learned from his first few releases, and the increasingly crowded PC market.

Back in December, it emerged that more than 4,200 games were released in 2016 alone – accounting for 38% of the marketplace’s entire back catalogue – and there has been no shortage of new releases this year. While the platform has become a go-to destination for self-publishing indies, Brammer says it’s harder than ever to generate decent sales this way.

“Nowadays you pretty much need an indie publisher, or you need to have an amazing game,” he tells us. “It would have to be incredible. That doesn’t mean a ‘good enough’ game is a bad one, but it has to be something really special to be picked up organically – something like PUBG.

“The market is changing. Indie publishers are becoming less like indie publishers and more like smaller publishers, but smaller publishers are totally acceptable. That doesn’t mean they’re worse now.”

Brammer’s own game, the upcoming WW2 multiplayer FPS Battalion 1944, is being published by Square Enix Collective following a successful partnership between the two firms for The Turing Test – an arrangement the producer is more than pleased with.

“They listen to us,” he says. “No other indie publisher can give you the power of a megacorporation like Square Enix, but still let you maintain the finesse of that indie mentality. Not that we’re super indie, of course.”

But why go for a publisher at all? There seems to be the lingering perception that publishers are greedy and out to exploit smaller and independent developers – which has led to many new indie publishers referring to themselves as labels instead.

“Indie publishers are becoming less indie and more like smaller publishers, but smaller publishers are totally acceptable”

Brammer’s desire for a publisher stems from his team’s experience with its first release, Pneuma: The Breath of Life – a launch that also introduced him to how challenging the market on Steam can be. He maintains that while some indies may still feel apprehensive about publishers, they are necessary because “the industry has changed massively.”

While Pneuma wasn’t a critical or commercial hit, it sold well enough to let the developers continue making games and move on to The Turing Test. When it came to launching the puzzle game, Brammer and his team revisited Pneuma’s performance and realised while it had sold well enough on Xbox and PlayStation, Steam sales fell short of the mark.

“We decided if we’re going to do anything on Steam, we need a publisher,” he says. “We need someone with those contacts, someone that can give us a bit of help and the punch that we needed. When we went to Square we said we didn’t need money; we just needed help to get the game on Steam, so they actually only helped us with the Steam version. After doing that, I’d have rather they’d taken the Xbox One version as well because they just did a phenomenal job.”

Brammer admitted his team has probably been guilty of “lowballing ourselves” by not asking publishers for more money in the past, perhaps giving the perception that the games are cheap and therefore of a lower quality.

Steam has already been identified as a difficult market for new developers trying to make their mark, thanks largely to the aforementioned discoverability problems. Valve has attempted to revamp its submission process, killing the previous Greenlight system in favour of Steam Direct, which charges developers $100 to submit a game to the marketplace.

However, following the launch of Direct in June, Steam actually saw a spike in the number of games submitted – as many as 213 in a single week, and 730 in a four-week period. Valve has said that the new system is not necessarily designed to reduce the number of submissions but to ensure those that do get through are genuine.

Brammer believes the issue of discoverability is not one that Valve is particularly motivated to solve: “I had a meeting once with a platform holder and I made a joke about the App Store, saying, ‘It’s terrible, you’ll never get found’ – and they said they’d love to have the App Store. The platform holders would absolutely love to have millions of games come out and the good ones rise to the top, almost organically.

“The community sees [discoverability] as a problem and Steam says they’ll fix it, but all they really do is rehash it”

“Frankly, I don’t think Steam sees it as a problem. The community sees it as a problem and Steam says they’ll fix it, but all they really do is rehash it. I don’t know why they’ve made the changes they made when they got rid of Greenlight, but they’re not really stopping anything; they’re just opening things up even more. That’s just the 2017 market and how it works: removing the barrier to entry and creating more content, hoping the good quality content will rise to the top but it’s very difficult.”

Instead, reducing the number of games flooding the PC marketplace – and by extension improving the chances of discovery and success – will partly come down to developers. Brammer encouraged studios to “be more honest” with themselves about the quality of their game – and if it’s not up to scratch, scrap it. His team did just that with a robot football game it was building before work began on Pneuma.

“After three weeks, we had it working in Unity,” says Brammer. “Then I made a joke saying, ‘Why don’t we switch to Unreal Engine?’ and we all looked at each other and said, ‘Is our game a bit shit?’ So we threw it away – but those three weeks were the most important of my career as it led to me working on Pneuma, The Turing Test and today Battalion 1944.

“So developers need to start effectively nutting up, saying ‘My game is crap, I need to do better’. Learn to read the market, because that’s another major difference now: you can’t just release anything.”

Even if a game is of a high quality, Brammer still encourages studios to seek a publisher rather than hoping for PlayerUnknown levels of surprise success. We asked what studios should look for in a publisher, what they should expect or demand.

“Well, if you need to demand something from a publisher, if it’s something they don’t want to give to you, that’s the start of a bad relationship,” he says. “Debbie [Bestwick] at Team 17 says if you go for a fair deal where both sides are happy, you’ll get a better deal out of it. There’s always a bit of push-pull, but if you have to demand something they don’t want to give, maybe it isn’t the right fit.

“Speak to everyone, get everyone’s opinion, but if you find someone you like working with [that’s key]… because you’re going have to trust people with your game. For me, reliability is one of the most important thing. If you find someone you think you can rely on, you should go with them.

“No one’s going to care about your game as much as you are, so you have to find the guys you think care about it enough.”

Courtesy-GI.biz

Next Page »