Sunday, April 21, 2019

Today Crunch News, News Updates, Tech News

Today Crunch News, News Updates, Tech News

What you missed in cybersecurity this week

Posted: 21 Apr 2019 12:07 PM PDT

It’s been a busy week — it’s tough to keep up with all the cybersecurity news. We’ve collected some of the biggest cybersecurity stories from the week — from TechCrunch and afar — to keep you up to date with the latest hacks, privacy breaches and security stories you need to know.

Facebook now says its password leak affected 'millions' of Instagram users

TechCrunch: As all eyes were on attorney general William Barr giving his highly anticipated summary of the Mueller report out this week, Facebook was quietly updating a blog post it had published a month earlier, revising up the number of Instagram accounts affected by a years-long bug that stored passwords in plaintext. Facebook admitted that “millions” of accounts were affected and not “hundreds of thousands” as it had first estimated. It wasn’t a coincidence; it was a perfect opportunity for Facebook to bury bad news. CNN’s Donie O’Sullivan called it the “most cynical” thing Facebook has done since dropping its report detailing its role in a genocide in Myanmar the day before the U.S. midterm elections.

Utah bans police from searching digital data without a warrant

Forbes: Some good news for privacy advocates this week: a big Fourth Amendment loophole has been closed in the state of Utah. Previously, state law enforcement only required a subpoena to access someone’s digital content — including emails, pictures, video and audio — from internet and cloud providers. Now, following the introduction of HB 57, the Electronic Information or Data Privacy Act, police need a warrant based on probable cause. No more warrantless fishing expeditions allowed.

A mystery agent is doxing Iran’s hackers and dumping their code

Wired: Buried in the news this week was the startling revelation that someone — whose identity isn’t known — has begun spilling the secrets of an Iranian hacker group, known as OilRig or APT34, on a Telegram channel, according to Chronicle, Alphabet’s cybersecurity company. It would be a devastating breach of their operational security if true, only a couple of years after the Shadow Brokers stole and published highly classified hacking tools developed by the National Security Agency.

The Weather Channel knocked off the air for over an hour

Wall Street Journal: For over an hour on Thursday, The Weather Channel was brought offline by a ransomware attack. In a tweet, the channel said it restored its live programming after running through its backup systems. The FBI said it was investigating. It’s the latest ransomware incident hit a major company — from aluminum maker Norsk Hydro to drinks giant Arizona Beverages.

Mueller report: Hacked elections, encrypted messaging, troll farms and more

TechCrunch: After two years, the Special Counsel’s probe into Russian interference with the 2016 U.S. presidential election is over. TechCrunch covered the tech angles you need to know: from how Russian-backed hackers broke into the Hillary Clinton campaign, how the use encrypted messaging apps hindered the investigation, how successful Russia was in breaking into election systems, and what role its troll factory and disinformation had on the election.

FTC said to want to face-off with Mark Zuckerberg over privacy violations

Washington Post: Now more than ever, Facebook is under the watchful eye of the Federal Trade Commission. A report this week said the social media giant’s founder Mark Zuckerberg could also be in the agency’s crosshairs. It’s part of an ongoing effort to hold the company accountable since the Cambridge Analytica scandal, following which has been security incident after incident, amid claims of mismanaged consumer data and gross ethical violations.

Cybersecurity firm Verint hit by ransomware

ZDNet: Verint, a cybersecurity company, was also hit by ransomware this week. Described as an “extreme case of irony,” the company was forced to bring in a third-party security firm to handle the infection. It comes in the same week that Wipro, one of India’s largest outsourcing companies, was hit by hackers. The company initially denied the breach, but was challenged by the security reporter Brian Krebs — who broke the news — live on the company’s earnings conference days following the breach. Of course the call was recorded, forcing Wipro’s chief operating officer Bhanu Ballapuram to come clean.

Security flaw in French government messaging app exposed confidential conversations

TechCrunch: And finally, a security flaw was found in the French government’s own encrypted messaging app Tchap immediately after it launched. Security researcher Baptiste Robert created a user account — even though the service is restricted to government officials. The app, which uses the open-source Signal Protocol, inadvertently allowed access to non-government email addresses, exposing the app’s public channels.

Notes from the Samsung Galaxy Fold: day six

Posted: 21 Apr 2019 11:09 AM PDT

I'm starting to get that thing where my iPhone XS screen feels super tiny when I switch back from the Fold to send a text message from my number. Someone recently asked me if I'm going to have trouble giving the device back to Samsung in a few days, and while the answer is a decided "not really," the march toward even larger screens does feel inevitable — and I do believe folding phones will be an important part of that push.

Of course, I also believe that we're as close as a generation or two out from this first shot on that foldable feeling pretty big and bulky (some folks who've seen the phone have already said as much about it). I'm back at the airport today, and both airline representatives and TSA agents (who see a LOT of phones as people are checking in) seem pretty impressed with it.

I had the phone standing up at a 45 degree angle on the bathroom sink this morning to watch the news as I brushed my teeth. That's pretty neat. And If I'd had the forethought, I have loaded a couple of movies on it for the flight. It definitely beats the seatback screens on Delta.

In addition to the fingerprints on the outside, the inside gets like crazy dusty after any kind of use. And a lot of that collects in the little reservoir between the screen protector and the outside lip.

The top shot is from yesterday's A's game (the dark line along the seam is a shadow). You can use the front facing screen as a view finder while taking photos, but it's pretty small. The inside, meanwhile, makes you feel like one of those people who use their iPads to take photos in public. Once you get over that, it's a pretty nice way to view shots, though.

And no, it's not broken yet. We're still waiting for official word from Samsung about what happened there. The Fold is on track for an April 26 release here in the States, in spite of everything, and even as a China release appears be delayed.

Review soon.


Sri Lanka blocks social media sites after deadly explosions

Posted: 21 Apr 2019 08:31 AM PDT

The government of Sri Lanka has temporarily blocked access to several social media services following deadly explosions that ripped through the country, killing at least 207 people and injuring hundreds more.

Eight bombings were reported, including during Easter services at three churches, on the holiest weekend of the Christian calendar.

In a brief statement, the Sri Lankan president’s secretary Udaya Seneviratne said the government has “decided to temporarily block social media sites including Facebook and Instagram,” in an effort to curb “false news reports.” The government said the services will be restored once the investigations into the attacks had concluded.

Sri Lanka’s prime minister Ranil Wickremesinghe has described the explosions as a terrorist incident.

Nalaka Gunawardene, a science writer and Sri Lankan native, confirmed in a tweet that Facebook-owned WhatsApp was also blocked in the country. Others reported that YouTube was inaccessible. But some said they were able to still use WhatsApp .

Facebook spokesperson Ruchika Budhraja told TechCrunch: “"Our hearts go out to the victims, their families and the community affected by this horrendous act. Teams from across Facebook have been working to support first responders and law enforcement as well as to identify and remove content which violates our standards. We are aware of the government’s statement regarding the temporary blocking of social media platforms. People rely on our services to communicate with their loved ones and we are committed to maintaining our services and helping the community and the country during this tragic time.”

A spokesperson for Google did not immediately comment.

It’s a rare but not unprecedented step for a government to block access to widely used sites and services. Although Sri Lanka’s move is ostensibly aimed at preventing the spread of false news, it’s likely to have an inhibiting effect on freedom of speech and efforts to communicate with loved ones.

Sri Lanka, like other emerging nations, has previously battled with misinformation. The government has complained that false news shared on Facebook has helped spread hatred and violence against the country’s Muslim minority. Other countries like India say encrypted messaging app WhatsApp has contributed to the spread of misinformation, prompting the social media company to add limits to how many groups a message can be sent to.

Iran and Turkey have also blocked access to social media sites in recent years amid protests and political unrest.

Updated with comment from Facebook.

Week-in-Review: is Samsung unfolding another flop?

Posted: 21 Apr 2019 08:00 AM PDT

Stop me if you’ve heard this one before. Samsung tries to deliver a big innovation and fails miserably.

A big story this week on TechCrunch was that in the buildup to the release of the Samsung Galaxy Fold, potentially one of the weirdest, most innovative, most expensive phones shipped in the past decade, there are some signs that this could be a momentous failure. Samsung only sent out about a dozen review units to press outlets, and three of them seemed to fail for three distinct reasons.

Does this inspire much faith in the durability of the $1,980 hardware (which has already sold out in pre-orders)? Not quite.

"A limited number of early Galaxy Fold samples were provided to media for review. We have received a few reports regarding the main display on the samples provided. We will thoroughly inspect these units in person to determine the cause of the matter,” a Samsung spokesperson publicly detailed, responding to the issues.

Samsung Galaxy Fold

This nascent scandal may lead you to recall the Note 7 debacle, which earned Samsung what was perhaps the worst free advertising ever, with the FAA mandating just about every domestic flight begin with the pilot ensuring that the plane was Note 7-free. A phone spontaneously dying is a cake walk compared to a phablet bomb, but we’ll see whether this was just a big pre-release fluke and the consumer units prove more durable. That said, a failure rate of around 25 percent for models sent to journalists after a few days doesn’t inspire the greatest confidence.

Brian seemed to have some pretty nice things to say about his early time with the device —

Unfolding the Samsung Galaxy Fold:
Hands-on with the $2,000 foldable

I will say I did get a chance to fumble around with the Fold this week while our hardware editor Brian Heater was in town, and I personally found the device pretty inspiring. The screen on his still-functioning device is really quite beautiful and it all just feels like an innovative approach, even if it’s very first-gen at its heart.

Its good qualities all rely on the device continuing to function though, so I won’t get too complimentary until we get some further clarity on that.

apple vs qualcomm

Trends of the week

Here are a few big news items from big companies, with links to all the sweet, sweet added context.

  • Apple + Intel Qualcomm = best friends
    The two companies finally put aside their royalties and patent troll skirmishes, and various media reports suggest Apple’s mobile mea culpa was all about accepting Qualcomm’s command on 5G modems — something the iPhone giant really couldn’t afford to overlook. It was great news for Qualcomm, which had a major stock rally this week, but probably bad news for Intel, which seemed to be embracing a renewed and improved relationship with Apple as it tried to replace Qualcomm’s tech. Oh well.
  • TikTok’s shock block 
    Chinese company ByteDance’s cross-border hit TikTok hit a major stumbling block in India after a judge there ruled that app downloads had to be halted on iOS and Android following a number of issues regarding porn and other “illegal content.” There are 120 million existing TikTok users in India, but they shouldn’t be affected, as the service itself has not been banned — you just won’t find them in the app stores there.
  • Move slow, still break things
    Twitter’s CEO Jack Dorsey continued his ill-advised public speaking tour with a chat at TED, where he first said he isn’t sure he’d build Twitter the same way if he got a second shot. "If I had to start the service again, I would not emphasize the follower count as much … I don't think I would create 'likes' in the first place." In response to a question about his lack of urgency in fixing some of Twitter’s more egregious problems, Dorsey said, "We are working as quickly as we can, but quickness will not get the job done… It's focus, it's prioritization, it's understanding the fundamentals of the network."
  • Sony teases an 8K PS5… Xbox loses a slot  
    While Google is betting on a world without dedicated high-end gaming hardware with its Stadia game-streaming platform, Xbox is betting on a future without physical media. Microsoft released the Xbox One S "All-Digital Edition" this week for $249. The company has been piping out mid-generation upgrades for Xbox One, and this is its most minor hardware update — there are almost no differences beyond the disc drive. Meanwhile, PlayStation kind of stole Xbox’s press lunch by giving some details on the PS5. Also on the gaming front, a report suggests Apple is spending more than $500 million on its Arcade gaming subscription service.

Shoot me tips or feedback
on Twitter @lucasmtny or email

lost passwords

Image: Bryce Durbin / TechCrunch

GAFA Gaffes

How did the top tech companies screw-up this week? This clearly needs its own section, in order of awfulness:

  1. Facebook elaborates more on that “screwing over users’ privacy” thing it does from time to time:
    [Facebook now says its password leak affected 'millions' of Instagram users]
  2. YouTube managed to add its own conspiracy to videos of the Notre-Dame fire:
    [YouTube's algorithm added 9/11 facts to a live stream of the Notre-Dame Cathedral fire]

Extra Crunch

Our premium subscription service has been off to a great start. I just kicked off my new series this week, “The Exit,” where I interview a lead investor in a recent exit. I talked to Bessemer’s Adam Fisher, who led Bessemer’s investments in Dynamic Yield, which McDonald’s bought last month for $300 million.

The Exit: an AI startup's McPivot

“The pivot from courting the grey lady to the golden arches isn't as drastic as it sounds. In a lot of ways, it's the result of the company learning to say ‘no’ to certain customers…”

Here are some of our other top reads this week for premium subscribers —

Want more TechCrunch newsletters? Sign up here.

The UK’s latest list of most hacked passwords is as bad as you’d think

Posted: 21 Apr 2019 07:46 AM PDT

Names, soccer players, musicians and fictional characters make up some of the worst passwords of the year, according to the U.K. government’s National Cyber Security Center.

But nothing beats “123456” as the worst password of all.

It’s no shock to any seasoned security pro. For years, the six-digit password has been donned the worst password of all, given its wide usage. Trailing behind the worst password is — surprise, surprise — “123456789”.

The NCSC said more than 30 million victims use those two passwords alone, according to its latest breach analysis based off data pulled from Pwned Passwords, a website run by security researcher Troy Hunt, who also runs breach notification Have I Been Pwned.

“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable,” said Dr. Ian Levy, NCSC’s technical director. “Password re-use is a major risk that can be avoided — nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band.”

Weak passwords are a problem. Not only can they be easily guessed by bots trying to break into your account, they can be easily cracked if they’re ever stolen from the company in a data breach. Weak passwords are often the default credentials on Internet of Things devices, making it easy for botnets to quietly break into your smart devices and hijack them for nefarious purposes.

What can you do about it?

TechCrunch has several free security guides you can read to put you on the right path. Setting yourself up with a password manager is the first big step. Password managers generate and securely store your passwords so you don’t have to remember each one. Then, you should set up two-factor authentication, as adding an additional barrier on top of your password makes it even tougher for the most determined malicious hacker to break into your accounts.

It doesn’t take long to get secure. Take an hour out of your day and get started.

The rules of the Game Of Oligarchs

Posted: 21 Apr 2019 06:00 AM PDT

Technology shrinks the world, makes geography less relevant. People find kinship, common cause, and community on the Internet, across nations and sometimes even languages. When the Internet began to erupt, when its connections began to draw such people closer together, this was anticipated with great hope and excitement. And with reason. At their best, the consequences are wonderful.

But it turns out that, like most major social transformations, this transcendence of geography has come with a slew of unexpected emergent properties, not all of them good. Indeed, some of which probably already need to be mitigated — fast.

It’s great that open-source communities can collaborate across the globe to craft tools which benefit everyone. It’s no bad thing that wealthy professionals in Singapore, San Francisco, Toronto, London, Dubai, and Hong Kong may feel they have more in common with one another than with people who live an hour’s drive away. One world, one humanity, one future. Right?

Except that around the globe, we increasingly see three worlds, sometimes intertwined and intersecting, but still apparently separating a little further every year: the ultra-rich, the rich, and the poor. The 1%, the 19%, and the 80%. The G20 are mostly looking more, not less, like the BRICS. Inequality has fallen between countries, which is good … while simultaneously rising within most countries, which is not.

As nations grow ever more alike, it gets easier for groups to forge common cause across nations. A virtuous cycle … except when it’s a vicious one. Except when bigots, xenophobes, and white supremacists join together. From Steve Bannon to Marine Le Pen to xenophobic Brexiters to the Five Star Movement, to the Kremlin, “white nationalism,” i.e. racist hatred, has been transformed — ironically — into an internationalist network.

But behind that loose-knit network of hate, i would argue, lies another, implicit rather than explicit; that of the ultra-rich, of the Koch brothers and Russian oligarchs and Brexit financiers. Don’t get me wrong. I’m not saying they’re actively collaborating. They aren’t sitting around sending one another Signal messages while stroking white cats.

But I am saying that the ultra-rich have long tried to maintain their positions by dividing the masses, via stoking hate against The Other. They have manipulated democracy in part by hacking its systems — regulatory capture at scale — but also by turning people against taxing oligarchs to give their (mounds of) excess money to the poor, by promoting the fear that this money will go to The Wrong Sort Of People Who Don’t Deserve It. By which is always tacitly meant: immigrants and visible minorities. Oligarchy implicitly monetizes racism.

So is it any real surprise if amoral American oligarchs look at Russia’s racist oligarchy and think, “Hey, those are my kind of people,” closely followed by, “Jeez, that kind of government seems pretty good to me”? To an oligarch, Russia isn’t an enemy of America; it’s a model, it’s what America should aspire to be.

None of this is all that new. The last time inequality was at these levels, aristocrats across Europe who had more in common with each other than with their own “common people” was something of a cliché. And obviously organized racism is as old as humanity, though its recent widespread resurgence across the developed world was a grim surprise.

What is new is how tightly our societies are bound together across nations by technology; how quickly new movements flare up, promulgate, evolve, and transform; and how nation-states and patriotism seem to mean noticeably less to modern progressives and modern conservatives alike with each passing year. These all bring both dangers and opportunities — depending on whether, and/or how fast, players accustomed to the existing world order notice that the rules of the game are changing.