Baby monitor security, a semi-hiatus and the weekly roundup in tech and retail

News and commentaries

With another life-changing event coming next week in the form of a second baby (!), I have been putting together a few posts to fill the void in the next few weeks. I’m not too optimistic that I will be able to keep posting the weekly roundup considering the inevitable lack of sleep. Although, waking up every 2 hours at night could be prime opportunities to check the news… I’ll have to wait and see. For now, expect sporadic postings from me as I become a mother for the second time.

Speaking of babies, the Wall Street Journal reported research by computer security firm Rapid7 Inc. on the vulnerability of baby monitors. Even if the device owner followed good security procedures, the company still found that hackers can view baby monitor images from anywere in 3 of the 9 Internet-connected baby monitors that they tested. The monitors with the most disturbing flaws are (quotes are directly from Rapid7 Inc report):

  • iBaby M6 – “The web site ibabycloud.com has a vulnerability by which any authenticated user to the ibabycloud.com service is able to view camera details for any other user, including video recording details, due to a direct object reference vulnerability”
  • Philips In.Sight B120 – “The method for allowing remote viewing uses an insecure transport, does not offer secure streams protected from attackers, and does not offer sufficient protection for the the camera’s internal web applications.”
  • Summer Infant Baby Zoom WiFi Monitor & Internet Viewing System – “An authentication bypass allows for the addition of an arbitrary account to any camera, without authentication.”

Just in case, you happened to be thinking of which baby monitors to buy.

Here are this week’s most relevant news in tech and retail:

In tech:

  1. Acquisitions: Amazon Web Services buys Elemental Technologies, a video processing services startup for a reported $500M;  Verizon’s AOL unit buys mobile ad network Millennial Media for $238M; Blackberry buys California-based mobile security provider Good Technology Corp. for $425M
  2. Another big week for Google: Google will reportedly re-enter China with special version of Google Play mobile app store for Android smartphones in the country; Google faces another antitrust battle in India over online search; Google changes logo in biggest change since 1999; Google and subsidiary Waze facing lawsuit over stolen map and traffic data from competing app PhantomAlert
  3. Apple, Google, Intel and Adobe settle anti-poaching lawsuit for $415M
  4. Toyota partners with MIT and Stanford for AI and robotics research, pledging $50M over 5 years
  5. Tesla Model X will arrive on September 29, $35K Model 3 to start preorders in March 2016

In retail:

  1. Net-a-Porter founder and chairman Natalie Massenet leaves luxury online retailer midway through company’s merger with e-commerce group Yoox
  2. Alibaba founders Jack Ma and Joe Tsai to borrow more than $2B against company shares
  3. Online fashion retailer Asos shares fall by more than 5% after co-founder and CEO Nick Robertson’s resignation
  4. Limited Brands, Inc. shares rise after August sales exceed expectations, led by Victoria’s Secret brand division
  5. Kering’s Sergio Rossi shoe brand could be possible purchase for Italian private equity firm Investindustrial
Advertisements

High tech utopia vs. reality and the weekly roundup in tech and retail

News and commentaries

Rocket launch and robots – with these two things happenings this week, I am once again struck with how the future is very much here. But the road to getting there is far from smooth. Even as tech companies like Google race against traditional car companies to produce a self-driving car, a recent Senate report discusses the security dangers of connected cars. Meanwhile the path to a reusable rocket was derailed by the most natural of elements – rough seas with waves reaching three stories in height. Finally, unless we can teleport materials or 3D print everything from emails (and even if we can, we still need raw materials), we still have to contend with port shutdowns such as the one happening right now in the US West Coast ports amid labor disputes. The last prolonged shutdown was in 2002 and cost an estimated $1B a day.

Here are this week’s most relevant news in tech and retail:

In tech:

  1. Radar trouble and high winds plague SpaceX Falcon 9’s two tries at launch; finally launches on Wednesday but nixes ocean platform landing due to rough seas
  2. Google-owned robotics company Boston Dynamics debuts “Spot”, a robot that stays upright even when repeatedly kicked
  3. IBM’s Watson to learn Japanese in partnership with telecommunications company Softbank
  4. Apple is investing $850M on a solar farm that will power its new headquarters
  5. Acquisitions/Mergers: Yelp buys online food delivery service Eat24 for $134M; Expedia to buy rival Orbitz for $1.34B

In retail:

  1. Alibaba Group’s AliExpress to enter Indonesia’s e-commerce market  invests in smartphone; Group also invests $590M stake in smartphone maker Meizu Technology Co.
  2. eBay will send off Paypal with $5B in cash as part of spinoff details
  3. Pinterest is reportedly adding a buy button, feature may roll out within 6 months
  4. Hugo Boss’ biggest shareholder Permira further reduces stake in company to 14% from 32%
  5. Earnings: Gap raises full-year guidance despite declining sales in January, citing strong growth at Old Navy; Hermés lowers annual sales growth for 2015 to 8%

More on the Sony hack and the weekly roundup in tech and retail

News and commentaries

Another week passes and the breadth of the Sony hack is further revealed. This week, disparaging emails about actor Angelina Jolie and racist remarks via emails from top executives surfaced. Beyond the embarrassment and the scrambling for public apologies, Sony also has to deal with the consequences from the exposure of its payroll records. Unfortunately, this is only a sliver of the amount of information that was stolen by the group known as Guardians of Peace. The group reportedly stole 100 terabytes of sensitive information and has since issued demands to Sony; these demands are not yet publicly disclosed. Imagine. That. This means that every week, the group can keep exposing sensitive information and Sony will have a public relations disaster and potential financial fallouts for months to come.

The lesson for you and me? As I have said here in the past, the security of any service you use is only as strong as the precautions that you, as a user take. Create strong passwords, change them frequently, use two-factor authentication whenever possible, use different passwords for different sites and so on. Most of us know this. The question is, do we really stick to it.

Here are this week’s most relevant news in tech and retail:

In tech:

  1. File sharing service Pirate Bay was taken down after a raid by police in Sweden
  2. Alibaba-backed social media app, Momo Inc. shares surge in NASDAQ IPO
  3. Adobe Systems reports better-than-expecting earnings of 14 cents a share on revenues of $1.073B; signs a deal to buy stock photo service Fotolia for ~$800M in cash
  4. Uber news: SF and LA files civil suit against company for making “false or misleading statements”; China’s search giant Baidu to invest $600M in Uber
  5. Google replaces Twitter as best tech employer in the US; removes Amazon’s app from the Play Store

In retail:

  1. US retailers report jump in November sales, core November sales up 4.4% from year earlier
  2. Lululemon Athletica shares surge Thursday after delivering mixed Q3 results and lowers full-year sales for 2014 but increases per-share profit for 2014
  3. Canada’s Hudson’s Bay Co double retail sales for the third quarter, fueled by sales from recently acquired Saks Inc.
  4. Teen clothing retailer Delia’s files for Chapter 11 bankruptcy protection; Wet Seal could be next
  5. One of India’s e-commerce sites, Snapdeal acquires recommendation platform, Wishpicker, for an undisclosed amount

Uber privacy concerns and the weekly roundup in tech and retail

News and commentaries

Uber is in the forefront in this week’s tech news with great focus on privacy fears. Uber is no stranger to scandals and its CEO, Travis Kalanick is no shrinking violet when it comes to them either. According to one venture capitalist who worked with Kalanick:

It’s hard to be a disrupter and not be an asshole.” (Vanity Fair)

This time though, the controversy started with Uber’s SVP Emil Michael who suggested that Uber should hire a team to dig up dirt on journalists critical of the company. Twitter erupted with calls for deleting the Uber app and boycotting the company. Kalanick responded with a Twitter storm denouncing Michael’s remarks and vows to regain the trust of users. This happens in the midst of another massive funding round that could reach $1B on a $30B valuation. As of this writing, Uber is reported to be hiring lawyers to scrutinize its current privacy policy. Read here for an expanded view on Uber and other companies regarding personal data.

Once again, we are confronted with the question. In this age of apps, social networks and geolocations, just how much personal data should you entrust a tech platform? Or maybe you shouldn’t, at all? Unless you completely go off the grid, privacy concerns and convenience is a constant balancing act on the part of the user and the company. However, it is scandals such as Uber’s that must be brought to light to encourage consumer awareness and for regulators to push for greater transparency on how companies handle your data. My take is, better the devil you know than the devil you don’t.

Here are this week’s most relevant news in tech and retail:

In tech:

  1. Facebook is testing a product called Facebook for Work, an enterprise collaboration tool separate from company’s consumer product; launches separate Facebook Groups app
  2. News in security: Ciphercloud, a security software company specializing in encrypting corporate data, lands a $50M series B funding; Mozilla, EFF, Cisco and Akamai launch Let’s Encrypt as a new free certificate authority, service to start in Summer 2015
  3. Mozilla Firefox replaces Google with Yahoo (powered by Microsoft’s Bing) as new default search provider on firefox;
  4. Apple: reportedly will include recently-acquired Beats streaming music for next year’s iOS update; in the midst of settlement with Google, hinting and end to patent feud
  5. News around Google: Google Chairman Eric Schmidt launched Farm 2050 inviting startups to pitch ideas around agriculture technology; while Google can now caption photos through machine learning

In retail:

  1. Financial reports: The Gap Inc. reports Q3 earnings 80 cents/share, beating expectations but revenues disappoint, cuts full-year earnings forecast; Urban Outfitters miss Q3 earnings expectations while revenues met estimates, propelled by growth of Free People and Anthropologie; Target Q3 profits rise 3.1% beating expectations; Swedish retailer H&M reports 14% rise in October sales beating forecasts
  2. Amazon leases 470,000 square feet of space in Manhattan while subsidiary Zappos.com opens 20,000-foot brick-and-mortar store in downtown Las Vegas
  3. World’s largest jewelry maker Richemont reported to consider IPO for luxury online retailer Net-a-Porter
  4. E-commerce software company Bigcommerce raised $40M, total funding at $75M
  5. Michael Kors launches #InstaKors, a roundabout way of making Instagram shoppable

Apple’s iCloud hack and the weekly roundup in tech and retail

News and commentaries

Unless you’ve been living under a rock (nothing wrong with that, by the way), you would have read/heard of an iCloud hack that led to exposure of several nude celebrity photos. Somehow, almost every article on this prominently features Hunger Games’ and X-Men actor, Jennifer Lawrence, who is simply one of many victims. 4Chan, the fringe and meme-generating site where the photos were posted, subsequently changed its policy to be more DMCA-compliant and will now remove content after an “infringement notice”. It’s most likely a defensive move against possible lawsuits from the victims involved.

I used to have the iPhone, from the first generation up to the iPhone 4s. When iCloud was launched in 2011, I was quite skeptical of Apple as a cloud storage company and did not even think of turning it on my phone. In 2012, around the time when I upgraded to the 4s, I considered turning iCloud on until I read an article about a writer whose digital life was pretty much erased due to security loopholes in his Amazon and Apple iCloud account. To be clear, the author’s way of daisy-chaining several online accounts were far from ideal but that cemented the idea in my mind that Apple’s iCloud is far from secure.

The recent hack turned out to be a targeted effort to gather the celebrities’ usernames, passwords and security questions and not a breach of iCloud itself. However, it brings us again to the vulnerability of using security questions to recover passwords. In fact, just a few days before the hack, security researchers released a Python script on GitHub that would allow for brute force to guess passwords via Apple’s Find My iPhone service. Apple has since patched the vulnerability but denies security flaws with the iCloud. On that note, whenever available, use multi-factor authentication for your online accounts – the pain is more than worth it.

Read on for this week’s most relevant news in tech and retail.

In Tech:

  1. Celebrity iCloud accounts hacked in a targeted attack leading to nude photo leaks; no security breach on iCloud according to Apple*
  2. United States installs a new Chief Technology Officer: Google(x)’s Megan Smith
  3. Motorola’s Android Wear Moto 360 launched and ready to ship while Apple gears up for possible iWatch and iPhone 6 launch next week
  4. Google rebrands Google Enterprise into Google for Work
  5. Healthcare.gov was breached; no consumer data were taken or viewed

In Retail:

  1. LVMH will relinquish most of 23.2% stake in Hérmes after a four-year battle and will not acquire any shares for the next 5 years; LVMH also ends a 10-year dispute over Google’s search results on counterfeit goods online; the two companies will sign a cooperation agreement to fight sales of counterfeit goods online
  2. Eyewear company, Safilo ends license deal with Gucci two years early after signing a deal with Kering
  3. Permira sells €850M worth of Hugo Boss shares equivalent to 11.2% of share capital; Hugo Boss AG shares fall
  4. Amazon partners with US Mail to deliver groceries in Seattle, Los Angeles and San Francisco
  5. European fashion retailer Zalando, currently valued at $5.3B, announces IPO on the Frankfurt Stock Exchange later this year; IPO offering will sell 10-11% of the company

*For such a large tech company that increasingly handles large amounts of data (iCloud, me.com, mac.com, iTunes), Apple is not transparent about the security features of its services. Worse, the Electronic Frontier Foundation (EFF) has found that Apple does *not* encrypt email transfers in what is known as the STARTTLS protocol. For all its might, Apple is still a hardware company and they better catch up soon especially when it comes to security.

Privacy fears and the weekly roundup in tech and retail

News and commentaries

As Facebook forces its users this week to download the Messenger app, I read some privacy fear-mongering articles and posts (ironically enough, on Facebook) about the implications of the app permissions. Unless you absolutely refuse to communicate via smartphones, those app permissions are the same for any messaging service, including your wireless provider. Do you remember those privacy notice status updates? I liken the recent concerns to that.

The truth of the matter is, the best way to protect your privacy is to simply unplug. For a case of how it’s done, read the story of how a university professor set out to hide her pregnancy from big data. Also, don’t forget to forego those loyalty cards from brick-and-mortar stores. After all, loyalty programs are just a way for companies to create buying profiles of its customers; similar to how Target can track whether some customers are expecting a baby.

That’s not to say that privacy fears are unwarranted. I’m just saying that there’s a lot of barking on the wrong tree when it comes to Facebook mostly because of viral misinformation and simply a lack of understanding among almost a billion people who use quite a complex technology such as Facebook. It’s not only tech companies who hold our data that we have to fear even if “snooping” may give some good results, such as the arrest of a pedophile with the help of Google’s Gmail scan.* Thanks (or no thanks?) to Edward Snowden, we now know that governments are not above snooping on its citizens. There is a lot of room to talk and resolve this issue and certainly we need to protect the integrity of the Internet so we can use it without constantly fearing for our privacy. I’m just saying that protesting Facebook’s policies is not a logical first step. For now, get informed on the tools that you use and opt for encrypted email/websites as much as you can.

*For more readings regarding the Gmail scan, read here for an explanation and here for Google and Microsoft’s collaboration in fighting online child sexual abuse content.

Here are this week’s most relevant news in tech and retail.

In Tech

  1. Security: According to a Milwaukee security firm, a Russian crime ring has 1.2 billion username and password combinations, 500 million email addresses but skeptics question the report’s authenticity; meanwhile Google revises search algorithm to push for more website encryption
  2. The Facebook Messenger app split has begun which means you can now only send Facebook messages via Messenger; acquires security startup PrivateCore for an undisclosed sum
  3. IBM reveals TrueNorth, a chip that functions like a brain, in an article for the journal Science
  4. Two companies battling cancer are on the spotlight: Y-Combinator backed Bikanta finds and stops cancer by inserting diamonds inside the human body; and MagForce raises $15M from Peter Thiel’s Mithril Capital to fund development of its technology for other types of cancer
  5. Uber and Lyft both roll out carpooling features this week

In Retail:

  1. Michael Kors fiscal first-quarter revenues of $919.2 million, up 43.4% and gross margins increase from 62% to 62.2%
  2. Coach fiscal fourth-quarter revenues at $1.14 billion, North American sales down by 16% while international sales up by 7% (YoY)
  3. Lululemon Athletica Inc. founder Chip Wilson will sell half of his stake to private equity firm Advent International for ~$845 million
  4. Fundings: Universal shopping cart startup Two Tap raises $2.7M; beauty data startup Poshly raises $1.5M in seed round
  5. Twitter hints at e-commerce entry with “Payment and Shipping” function in its Android app after acquiring commerce startup CardSpring

What you can do about Internet’s massive security flaw

News and commentaries, Technology

heartbleed_wp

On Monday, April 7, security researchers from Google’s security team and Codenomicon reported a security flaw, dubbed “Heartbleed”, in OpenSSL, the web’s popular data-encryption standard. You might be affected either directly or indirectly since OpenSSL is the most popular standard being used to encrypt traffic over the Internet. Web servers such as Apache and nginx use OpenSSL and the combined market share of these two was over 66%.

Codenomicon has set up Heartbleed.com to address/explain the issue in detail as well as to release any news specific to the Heartbleed bug. I’ve listed the gist below from the website as well as other news sources:

  • OpenSSL is used for email servers (POP, SMTP, IMAP), chat servers (XMPP), virtual private networks (VPN) which means that: your email service whether on your browser or mobile could be affected; instant messaging services could also be compromised and even your company’s servers
  • OpenSSL has released and emergency patch on Monday, April 7, 2014. Websites that use OpenSSL are advised to immediately upgrade to this patch, OpenSSL 1.0.1g.
  • Unfortunately, the bug leaves no traces so there is no way to detect if you were directly affected.
  • A developer, Filippo Valsorda has published a tool that can let you check a website’s vulnerability here.
  • According to Valsorda’s site, Google, Facebook, Twitter and Dropbox are not compromised.
  • Notable sites affected are: Yahoo, Tumblr, Imgur, Flickr, OKCupid, Eventbrite, Stackexchange. You can find a compilation here.
  • The bug is called heartbleed because:

“Bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.” (Heartbleed.com)

What you can do

Unless you’re the system administrator, there’s not much you can do. However, once the website has updated the OpenSSL version to the emergency patch, which Yahoo has done, immediately change your password for that service just in case you were affected. Mashable compiled a list of websites where you need to update your passwords ASAP.

Update: Added link to Mashable for list of websites.