19 December 2013

Apple and Google App Stores Are Vulnerable

Too many apps in Apple and Google app stores have been targeted for hacking. The security experts point out that financial apps on Android are the most vulnerable. In most cases, applications have been hacked and uploaded to 3rd-party stores or Google Play in a bid to capture credentials from consumers, or to operate maliciously, or to defraud the app’s creator by removing adware elements.
1409c84d-cb2c-44fd-9ebc-057f9a90509b-460x276.jpeg

Security experts admit that hacked apps are showing up in various storefronts, like Cydia, in a decrypted state, so by definition the software has been hacked. The specialists have seen multiple examples where there has been some tampering with the original code. In the meantime, financial apps are a particular concern, because people trust them with sensitive data, like bank account numbers and passwords. It was found that 23% of sample iOS financial apps had been hacked and reposted, as well as 53% of Android financial apps.

As you know, Android users are able to download apps from 3rd-party stores through setting on their devices, while iOS users have to “jailbreak” their device to do so. In other words, they voluntarily use a hacking attack to give themselves the equivalent of “root” privileges for installing software. Thus far, iOS 7 hasn’t been jailbroken.

However, even Google’s official Play store itself can be a source of malware and hacked applications. A few months ago BlackBerry had to halt the rollout of its BBM app for Android because a hacked version appeared in the Play store before the official one and had been downloaded over a million times. The experts also warn that it’s easy for people to upload a “Bank of America” app onto Google Play and use freely available data about the bank, while fooling users. It is believed that Google Play isn’t a vetted app store, having a lot of cruft, while in the Apple Store users are almost certain to see only legitimate apps. So, hacked code is not a significant problem in Apple’s App Store, as the company vets all apps before uploading them onto its App Store. As for Google, it will remove apps only after the complaints emerge or if they are detected as having malware. Both Google and Apple platforms have a “kill switch” that is able to retrospectively delete malicious installed apps from the devices.

Bitcoin Is Not a Currency of a Future

An expert on digital currencies from Ernst & Young claimed that Bitcoin doesn’t have to replace normal currency to have a future. The expert described a number of myths around the currency, one of which was its position as a replacement for “fiat” money.

bitcoins-.png


Fiat currency is essentially currency the government decrees to be legal tender. And Bitcoin was obviously not created as a replacement for fiat currency. There are many people talking about how Bitcoin is going to take over, or how it doesn’t have the properties lending to it being used widely. The currency was really created to be used in electronic commerce and for micro transactions. If you remember this, the future risks for the currency take on a different shape. At the moment, many experts are concerned with such problems as price volatility and the deflationary nature of Bitcoin. Since there will only ever be 21 million Bitcoins, it has led some to fear that the currency will have a “deflationary” element, leading to each unit getting more valuable over time.

Deflation is usually blamed for the “lost decade” in Japan, and Ernst & Young emphasized that it adheres to the mainstream economic view that mild positive inflation is healthy for a national currency. However, when talking about using Bitcoin as an ecommerce tool, deflation seems to be not necessarily problematic.

Instead, the experts highlighted problems of speed and fraud control as the most pressing priorities for the virtual currency. To prevent fraud, the Bitcoin network has to “confirm” transactions every ten minutes. This is one of the weaknesses with Bitcoin – the problem is that you generally have to wait for 5 to 6 transaction confirmations before making sure that your money hasn’t been spent twice, which can take up to 40 or 50 minutes.

Some businesses have decided that speed is worth the risk. One pub in London takes Bitcoin and accepts unconfirmed transactions as payment, for example. However, not every retailer is able to that – especially if they are selling goods more expensive than beer.

Ernst & Young believes that there are definite possible gains in Bitcoin, in terms of lowered transaction costs. On the other side, there are also some significant negatives, in terms of accountability and how to deal with anonymous users and how to regulate in the market.

YouTube Advertising Revenues Estimated to Grow 50% in 2013

Google has never revealed the scale of profits YouTube makes since acquiring the video streaming service for $1.65 billion seven years ago. However, the analysts and researchers still can take guesses. The latest estimates were made by eMarketer – it predicts that the gross ad revenues of the service will increase over 50% to $5.6 billion this year, which is more than 10% of Google’s total revenue.

youtube-give-away-50-million-free-advertising-new-video-program.jpg

Even after the company has paid ad partners and video creators their percentage, its net ad revenues are still predicted to reach almost $2 billion in 2013, up 65% compared to last year’s $1.18 billion. The researchers have also broken out YouTube’s net ad revenues in the United States, estimating that the figure will reach $1.08 billion, $850 million of it coming from video ads. Thus, YouTube gets 1/5 of all US video advertising revenues for 2013.

Of course, all these estimations are all guesswork, but eMarketer claims that it is based on “hundreds of datapoints and studies about YouTube revenues, ad impressions, rates, usage and other information received from research companies, investment banks, Google reports and interviews with industry executives.

Those interested can compare eMarketer’s analysis to other numbers: for example, in May 2013, Morgan Stanley predicted that the company’s gross revenues would reach $4 billion this year, while Barclays thought it would be $3.6 billion. Recent report by analyst firm Wedge Partners also suggested that YouTube accounts for about 10% of Google’s revenues (which corresponds with eMarketer’s analysis), which if the Google’s 4th quarter matched the average revenues across the previous quarters would result in approximately $5.7 billion of YouTube revenues for the year as a whole.

Still, it all remains guesswork, and Google is very unlikely to announce the real figures anytime soon. It is worth noting that the $1.65bn Google paid for YouTube seven years ago (a sum which shocked many people at the time) looks like something of a bargain today.

The company’s public statistics for YouTube reveal that the service attracts 1bn people watching over 6bn hours of video per month, and 80% of its traffic is coming from abroad. 40% of its viewing time is consumed by mobile devices.

2/3rd of Web Traffic is Bots

The security outfit Incapsula has found out that about 62% of all website traffic today is generated by bots. There was a 21% rise on 2012 figure where bots accounted for a bit over 50% of the traffic.
internet-bot-tarkvaralised-robotid-300x260.jpg


Of course, some of those automated software instruments are malicious, but the rapid growth in traffic was for good bots used by search engines to crawl sites to index their content. Other types of bots are employed by analytics companies to provide feedback about how a portal performs, or by others to carry out specific tasks like helping the online archive preserve material before it’s removed.

The security company observed almost 1.5 billion bot visits within a 3-month period from the 20,000 websites operated by its customers. Regardless of the overall growth in bot activity, the company pointed out that many of the traditional malicious uses of the tools are now less common. There had been a 75% drop in the frequency spam links were being automatically posted.

In addition, it had seen a 10% drop in hacking tool bot activities. Those include the use of code to distribute malware, steal credit cards and hijack and deface sites. Another new trend was an 8% growth in the use of so-called “impersonator bots”. This classification includes software which masquerades as being from a search engine or other legal agent and manages to fool security measures. Such bots are custom-made to carry out a specific activity like a DDoS attack, forcing a server to crash taking a site or service offline by flooding it with traffic or to steal corporate secrets.

The developing good bots show that the legitimate services were sampling the net more frequently, which can allow search engines to add breaking news stories to its results quicker, for instance.

01 December 2013

Internet Cafés Disappear

Internet cafes, once being the communication hub in developing countries, are fast disappearing from our life. The reason is obvious – the rise in smartphones is making the need to go into a café largely redundant.
InternetCafe.jpg

For example, in Rwanda one Internet café went from 200 daily customers to just 10. India is suffering as well – for instance, some businesses in the southern city of Mysore have opted to sell stationery or sweets instead of Internet access. In the meantime, Internet café owners have to diversify their offerings in order to include flight bookings, mobile phone top-up cards, and accessories for different gadgets. Even cafés in Myanmar, where mobile penetration is very low, are facing the same trend there.

However, more developed countries had seen cafés survive to cater for immersive Internet gaming. At the same time, the number of such cafes in South Korea dropped to 15,800 in 2012 from 19,000 in 2010. As for China, the number of online cafes there dropped 7% to 136,000 in 2012 from 2011.

The above mentioned statistics flies in the face of a 5-year study released by the University of Washington in July, which discovered that Internet users in developing countries still rely on such public venues as cafes and libraries for Internet access even when smartphones are available. The research insisted that one technology won’t replace the other and smartphones are not responsible for the current trend.

US Snoops May Blackmail Muslim Clerics

US spies seem to be tracking sort of porn Internet users were downloading in order to blackmail them later. Another Snowden leak revealed that the NSA has been collecting records of Internet sexual activity and evidence of visits to porn sites.

article-2133296-12A30F33000005DC-41_468x297.jpg

It looks like part of a plan to blackmail or harm the reputations of people who are radicalizing others via incendiary speeches. The idea is that a radical Muslim cleric won’t be taken seriously if his followers knew he spends the nights downloading porn.

NSA secret documents revealed that six Muslims became an example of how “personal vulnerabilities” could become known via electronic surveillance, and then used to undermine people’s credibility, reputation and authority.

For some reason, it fails to mention giving similar attention to born-again Christian priests who called for Obama to be assassinated – maybe because they are Americans and therefore immune from spying. However, the fact is that American presidents have always been killed by their own people.

NSA lists a number of vulnerabilities of its targets, including those who can effectively be exploited: for instance, “viewing sexually explicit content” or “using sexually explicit persuasive language when communicating with inexperienced young girls”.

According to the US Civil Liberties Union, the leaks led to serious concerns about abuse. The outfit explained that the NSA was collecting massive amounts of sensitive data about almost everyone, so it knows what you are downloading, too.

In should be noted that none of the 6 people targeted by the agency was accused of being involved in terror plots and all of them currently reside outside the US.

Europe Told US How It Can Handle Spying Crisis

The European Commission has provided the United States with a list of hoops it wants the country to follow before it starts trusting it. This is the result of revelations about National Security Agency and UK spying on everyone under its PRISM program.
2013-11-12T121203Z_1_CBRE9AB0XWV00_RTROPTP_2_GERMANY-USA-SPYING.JPG


The EC said that spying on its citizens, businesses and leaders was unacceptable and that people of European Union and the United States have to be reassured about protection of their personal information. In addition, the businesses also need to be reassured that the existing agreements between the two regions are both respected and policed.

The European Commission announced that it will set out actions supposed to help restore trust and strengthen information protection in transatlantic relations. They listed 6 areas that the European Union and the United States need to do to restore confidence.

The list includes swift adoption of EU's information protection reforms, improving the protection safeguards, and commitment from the United States for making use of a legal framework. The European Commission also wants to address its concerns in the on-going American reform process, as well as promoting privacy standards internationally.

The EC claims that everyone from the users to governments on both sides of the Atlantic want to gain from cooperation, based on strong legal safeguards and trust that they will be respected.

20 November 2013

Snapchat Declined Facebook Buyout Offer

Snapchat, the fast-growing messaging system that registers 5 million daily users, has rejected a $3bn buyout offer from Facebook. The financial experts point out that the offer came as other investors valued the loss making 2-year-old service at over $4bn. At $3bn messaging system would be the most expensive acquisition of the social network ever.
nlelafegehh.jpg

The application has been downloaded by 9% of mobile users throughout the United States. It allows users to send messages and images with an expiration date – i.e. they are deleted from the recipient’s device after being received. Snapchat claimed to be handling over 350m messages every day.

Evan Spiegel, 23, the co-founder and CEO of the service, decided to wait until early 2014 before considering any offers. Apparently, he hopes that Snapchat’s numbers will grow enough to justify a larger valuation. In fact, Snapchat’s valuation has been growing along with its user base – for example, in June 2013 the company raised $60m from investors that valued it at $800m. There were reports that Facebook offered $1bn for the company earlier in 2013, while China’s Tencent was discussing an investment that would value Snapchat at over $3.6bn.

Back in October, Pinterest, a social scrapbooking company, had raised $225m in new funds at a price which valued the company at $3.8bn. In the meantime, valuation of Snapchat and its social media peers will likely soar after Twitter’s IPO, which has valued the company at over $23bn.

Industry experts point out that the rapid growth in the company’s valuation reminds that of Groupon, the Internet discount company which has also rejected a $6bn offer from Google before filing for an IPO. Two years ago, Groupon started trading and was valued at over $16bn, but soon crashed to less than $4bn. However, the company has since recovered and is now worth about $7bn.

Hackers Are in High Demand

A few weeks ago, the UK Defense Secretary mentioned that hackers with a criminal past might be hired to serve in a new military cyber force. This stance may have surprised many, but it actually points to an important recent shift where governments and companies were increasingly trying to use hackers and their associated skills to improve security, fight crime and even develop competitive advantage.

hacker_blog_main_horizontal.jpg

Today, if you look into the heart of any successful information security organization, you will find hackers, because they have become highly cherished commodities throughout the mainstream. In fact, it took businesses and governments too long to realize this untapped resource, all due to a combination of negative PR and a fundamental lack of understanding about hacker’s incentives.

Originally, a hacker was a technical wizard interested in exploring electronic systems and living by a strict ethical code which forbade them from harming those systems. But those hackers were later replaced by a younger, more reckless generation of crackers, whose aim was to break security and show they were better than the others. They were called “blackhats” and looked to financially motivated crime, being prolific at pirating software, stealing phone access, and even credit card fraud. As a result, being labeled a “hacker” automatically made bright young people unemployable. As such, a candidate with unparalleled expertise in IT but no qualifications or higher education to justify their skills ended up perceived as unsuitable for any position.

Only a small group of hackers found jobs in roles that demonstrated their true value – they were the ones who managed to change the mainstream view of what a hacker could be. For instance, the US government had early exposure to hackers when a hacker group L0pht testified in front of the Senate in 1998. Perhaps, this is why the American government is now so advanced in the integration of hackers into cyber defense and other critical parts of the country's military program.

Today the world offers many possibilities, and businesses start realizing that hackers could play a pivotal role in shaping their cyber future. They are perceived as technical geniuses who like to explore the technical world and change it as they like in a non-destructive way. So, modern hackers are in high demand – governments see hackers as valuable assets in fighting sophisticated cyber-criminals, while businesses see them as the front-line against complex cyber threats.

How US Online Traffic Is Distributed

According to Sandvine’s (broadband service company) recent research, P2P file-sharing has declined, with Amazon and Hulu struggling to win receding US attention spans. At the same time, Netflix and YouTube account for over 50% of downstream online traffic in the United States and Canada. The results of the research were published in Sandvine’s biannual Global Internet Phenomena Report and are based on information collected from the company’s 250 network customers across the world. 
sandvine-2h-2013-na-fixed.jpg


It is the first time the two video streaming services surpassed the 50% mark of all US Internet traffic. This also means a significant decline in the use of P2P services: BitTorrent, the protocol used for peer-to-peer file-sharing, currently accounts for 7.4% of everyday online traffic in North America, which is 1/3 drop from 5 years ago. At the same time, Netflix accounted for over 31% of downstream traffic on fixed networks during “primetime” online hours.

The researchers believe that the decline shouldn’t be interpreted as a decline in the dominance of the service. Sandvine predicts that Netflix will break its own record very soon. YouTube accounts for over 18% of overall Internet traffic, so the two video streaming services held about 50% of North America downstream traffic. In the meantime, Amazon video and Hulu found themselves in the end of the list, each holding 1.6% and 1.3% of all downstream traffic, respectively.

Nevertheless, peer-to-peer services (namely BitTorrent) still dominate upstream traffic, and its share is 36.35%. However, downstream traffic represents a greater percentage of online traffic, because it is sent to the average home or office user, while upstream traffic is sent from a machine or network away from the user.

The results of the research also revealed that YouTube is dominant in South America and accounts for over 36% of traffic over there. As for Netflix, it failed to achieve comparable success in South America and holds just 2.17% of downstream traffic. Apparently, the service is growing in popularity in Europe, where its share is over 20% of traffic – this is less than 2 years after launching in the region. Netflix launched in the United Kingdom and Ireland two years ago and in the Netherlands two months ago.