Buggy software in popular connected storage drives can let hackers read private data

Buggy software in popular connected storage drives can let hackers read private data

Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user’s private and sensitive data.

The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to remotely read, change and delete data without requiring a password.

Yibelo, who shared the research with TechCrunch this week and posted the findings Friday, said that many other devices may be at risk.

The software, Hipserv, built by tech company Axentra, was largely to blame for three of the four flaws they found. Hipserv is Linux-based, and uses several web technologies — including PHP — to power the web interface. But the researchers found that bugs could let them read files on the drive without any authentication. It also meant they could run any command they wanted as “root” — the built-in user account with the highest level of access — making the data on the device vulnerable to prying eyes or destruction.

We contacted Axentra for comment on Thursday but did not hear back by the time of writing.

Neither Netgear nor Seagate commented by our deadline, but we’ll update if that changes. Lenovo, which now owns Medion, did not respond to a request for comment.

The researchers also reported a separate bug affecting WD My Book Live drives, which can allow an attacker to remotely gain root access.

A spokesperson for WD said that the vulnerability report affects devices originally introduced in 2010 and discontinued in 2014, and “no longer covered under our device software support lifecycle.” WD added: “We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

In all four vulnerabilities, the researchers said that an attacker only needs to know the IP address of an affected drive. That isn’t so difficult in this day and age, thanks to sites like Shodan, a search engine for publicly available devices and databases, and similar search and indexing services.

Depending on where you look, the number of affected devices varies. Shodan puts the number at 311,705, but ZoomEye puts the figure at closer to 1.8 million devices.

Although the researchers described the bugs in moderate detail, they said they have no plans to release any exploit code to prevent attackers taking advantage of the flaws.

Their advice: If you’re running a cloud drive, “make sure to remove your device from the internet.”


Source: Tech Crunch

Microsoft’s $7.5BN GitHub buy gets green-lit by EU regulators

Microsoft’s .5BN GitHub buy gets green-lit by EU regulators

Microsoft’s planned acquisition of Git-based code sharing and collaboration service, GitHub, has been given an unconditional greenlight from European Union regulators.

The software giant announced its intention to bag GitHub back in June, saying it would shell out $7.5 billion in stock to do so. At the time it also pledged: “GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries.”

The European Commission approved the plan today, saying its assessment had concluded there would be no adverse impact on competition in the relevant markets, owing to the combined entity continuing to face “significant competition”.

In particular, it said it looked at whether Microsoft would have the ability and incentive to further integrate its own devops tools and cloud services with GitHub while limiting integration with third party tools and services.

The Commission decided Microsoft would have no incentive to undermine the GitHub’s openness — saying any attempt to do so would reduce its value for developers, who the Commission judged as willing and able to switch to other platforms.

Microsoft has previously said it expects the acquisition to close before the end of the year.


Source: Tech Crunch

Microsoft’s new expense tracker Spend hits the App Store

Microsoft’s new expense tracker Spend hits the App Store

The team behind mileage-tracking app MileIQ, a company Microsoft acquired a few years ago, is out with a new application. This time, the focus isn’t on tracking miles, but rather expenses. The new app, simply called “Spend,” arrived on the App Store on Thursday, offering automatic expense tracking for work reimbursement purposes or for taxes.

Spend doesn’t appear to be a part of some grand Microsoft plan to take on expense tracking industry giants, like Expensify or SAP-owned Concur, for example. At least, not at this time.

Instead, the app is a Microsoft Garage project, the App Store clarifies.

Microsoft Garage is the company’s internal incubator when employees can test out new ideas to see if they resonate with consumers and business users.

Through the program, a number of interesting projects have gotten their start over the years, like the Cortana-based dictation tool, Dictate; mobile design creation app Sprightly; short-form email app Send; the Word Flow keyboard for smartphones; a Bing-backed alternative to Google News; and dozens more.

The new Spend app, at first glance, looks well-designed and easy to use.

Like most expense trackers, it offers features like the ability to take photos of receipts, expense categorization features, and reporting.

However, what makes Spend interesting is the app’s automated tracking and matching, and its user interface for working with your receipts.

The app begins by automatically tracking all your expenses from a linked credit card or bank account. You can then swipe on the expenses to mark them as personal or business. These expenses are automatically categorized, and you can add extra tags for added organization.

You can also add notes to purchases, split expenses, and customize expense categories, in addition to tags.

And the app can generate expense reports on a weekly, monthly or custom bases, which can be exported at spreadsheets or PDFs. There’s a web dashboard for when you’re using the app at your computer, but Spend doesn’t appear on the MileIQ main website at this time. It does, however, have a support site.

The company says the new app is an early version, and they plan to revise it going forward as they make improvements. Microsoft has been asked for more details on its plans with Spend, and we’ll update if they have more to offer.


Source: Tech Crunch

Hiver lets you manage shared email addresses from Gmail

Hiver lets you manage shared email addresses from Gmail

Meet Hiver, a service that lets you collaborate on generic email addresses, such as jobs@yourcompany.com, support@, sales@, etc. Hiver isn’t the only company working on shared inboxes. But compared to Front, everything happens in Gmail directly.

To be fair, Front has been doing a fantastic job when it comes to multiplayer email — and the company has been doing great. Front is a new email client that lets you work together on your inbound emails.

But many teams don’t necessarily want to use a brand new email client. Some people love the Gmail interface so much that they don’t even think about switching to something else.

Hiver is a Google Chrome extension that adds a bunch of feature to your Gmail inbox. In addition to your personal inbox, you can now access shared inboxes with other people in your team. You can then assign an email to one of your coworkers and see what everybody is working on.

If you need help in order to reply to a tedious email, you can write a note in the right column and notify your teammates using @-mentions. All your comments live in this separate column so that you don’t clutter your email thread with forwards and CCs.

Whenever someone starts replying, Hiver shows a collision alert so that customers don’t get two replies. You can also use templates for faster replies, send emails later and share drafts to get another pair of eyes.

More recently, Hiver added automation with simple if/then rules to assign conversations to the right person and categorize your emails automatically.

If you’ve used Front in the past, those features will sound familiar as you can do all of this in Front, and much more. But it turns out that some companies really wanted a “Front for Gmail”.

Hiver just raised a $4 million funding round from Kalaari Capital and Kae Capital. The company is based in India and has 50 employees already. A thousand companies are currently using Hiver, such as Hubspot, Vacasa, Pinterest and Lyft. Most of Hiver’s clients are based in the U.S.

Building a product on top of Gmail creates some limitations. For instance, you’ll have to remain a G Suite customer in order to keep using Hiver. Hiver also works better on desktop. The company has mobile apps, but they are still a bit basic so far.

Hiver uses a software-as-a-service approach. Plans start at $14 per user per month, and you need to pay more for automations, Salesforce integration and more.


Source: Tech Crunch

Researchers discover a new way to identify 3D printed guns

Researchers discover a new way to identify 3D printed guns

Researchers at the University at Buffalo have found that 3D printers have fingerprints, essentially slight differences in design that can be used to identify prints. This means investigators can examine the layers of a 3D printed object and pinpoint exactly which machine produced the parts.

“3D printing has many wonderful uses, but it’s also a counterfeiter’s dream. Even more concerning, it has the potential to make firearms more readily available to people who are not allowed to possess them,” said Wenyao Xu, lead author of the study.

The researchers found that tiny wrinkles in each layer of plastic can be used to identify a “printer’s model type, filament, nozzle size and other factors cause slight imperfections in the patterns.” They call their technology PrinTracker.

“Like a fingerprint to a person, these patterns are unique and repeatable. As a result, they can be traced back to the 3D printer,” wrote the researchers.

This process works primarily with FDM printers like the Makerbot which use long spools of filament to deposit layers of plastic onto a build plate. Because the printers used in 3D printed guns are usually more complex and more expensive there could be less variation in the individual layers and, more importantly, the layers might be harder to discern. However, for some simpler plastic parts could exhibit variations.

“3D printers are built to be the same. But there are slight variations in their hardware created during the manufacturing process that lead to unique, inevitable and unchangeable patterns in every object they print,” said Xu.


Source: Tech Crunch

PayPal and American Express expand partnership, will allow use of points for PayPal purchases

PayPal and American Express expand partnership, will allow use of points for PayPal purchases

PayPal this week announced an expanded relationship with American Express that will allow cardholders to use their Membership Rewards points when shopping from PayPal merchants, as well as more integrated experience within both PayPal and the Amex apps, among other things.

The deal is similar to those PayPal earlier struck with Visa and MasterCard., and follows a series of partnerships it has made across the industry, including others with Apple, Google, Samsung, and, most recently, Walmart, designed to increase its PayPal’s visibility and adoption.

In addition to using points for purchases at PayPal’s millions of online merchants, the new partnership will also allow Amex mobile app users to send money through PayPal or Venmo directly in the app. And they’ll be able to add their American Express cards to their PayPal wallet directly from the app, too.

On PayPal’s side, users will be able to pay their Amex bill with their PayPal or Venmo balance using the PayPal Instant Transfer feature, and it will more clearly identify users’ specific American Express cards in the PayPal wallet using card-specific branding.

These agreements have represented something of a change of course for PayPal over the past couple of years. Before, the company had been pursuing its own brick-and-mortar strategy to see its payment mechanism integrated at point-of-sale. But those ambitions have died down, and now PayPal is focused on expanding its relationships other payment providers, like Apple Pay or major credit cards, turning former rivals into partners.

“This partnership is the product of our companies’ strong commitment to create innovative payment experiences that utilize both organizations’ core assets, including the ability for customers to pay with American Express Membership Rewards points and the integration of peer-to-peer payments into the Amex app,” said Dan Schulman, President and CEO, PayPal, in a statement about the Amex agreement. “Our new partnership expands PayPal’s ubiquity, and enables us to offer consumers and merchants new and innovative product experiences,” he added.

PayPal says it will also integrate into the American Express Token Service, and continue its global card acceptance relationship, as part of this deal. The two companies will work together to implement the new features over the course of 2019.

These expanded agreements with stakeholders in the payments industry may be working.

The company also reported earnings this week, noting the addition of 9.1 million accounts during the quarter and a 25 percent increase in total payment volume. Payment volume in Venmo was also up 78% in Q3. PayPal’s total revenue grew 14% in the quarter to $3.68 billion, while earnings were up 26 percent.


Source: Tech Crunch

Facebook hires former UK Lib Dem leader, Nick Clegg, as global policy chief

Facebook hires former UK Lib Dem leader, Nick Clegg, as global policy chief

Facebook has confirmed it has hired the former leader of the UK’s former third largest political party — Nick Clegg of the middle ground Liberal Democrats — to head up global policy and comms.

The news was reported earlier by the Financial Times.

Facebook confirmed to TechCrunch that Clegg’s title will be VP, global affairs and communications, and that he starts on Monday — and will be moving with his family to California in the New Year.

Its prior global policy and communications chief, Elliot Schrage, who has been in post for a decade is staying on as an advisor, according to Facebook, and in a post announcing Clegg’s hire COO Sheryl Sandberg thanked Schrage for his “leadership, tenacity, and wise counsel ‑- in good times and bad”.

Facebook also told us that Sandberg and founder Mark Zuckerberg were both deeply involved in the hiring process, beginning discussions with Clegg over the summer — as fallout from the Cambridge Analytica data misuse scandal continued to rain down — and emphasizing they have already spent a lot of time with him.

The company also made a point of noting that Clegg is the most senior European politician to ever take up a senior executive leadership role in Silicon Valley. 

The hire certainly looks like big tech waking up to the fact it needs a far better relationship with European lawmakers.

In a post on Facebook announcing his new job, Clegg says as much, writing: “Having spoken at length to Mark and Sheryl over the last few months, I have been struck by their recognition that the company is on a journey which brings new responsibilities not only to the users of Facebook’s apps but to society at large. I hope I will be able to play a role in helping to navigate that journey.”

“Facebook, WhatsApp, Messenger, Oculus and Instagram are at the heart of so many people’s everyday lives – but also at the heart of some of the most complex and difficult questions we face as a society: the privacy of the individual; the integrity of our democratic process; the tensions between local cultures and the global internet; the balance between free speech and prohibited content; the power and concerns around artificial intelligence; and the wellbeing of our children,” he adds.

“I believe that Facebook must continue to play a role in finding answers to those questions – not by acting alone in Silicon Valley, but by working with people, organizations, governments and regulators around the world to ensure that technology is a force for good.”

In her note about Clegg’s hire, Sandberg lauds Clegg as “a thoughtful and gifted leader who… understands deeply the responsibilities we have to people who use our service around the world” — before also discussing the big challenges ahead.

“Our company is on a critical journey. The challenges we face are serious and clear and now more than ever we need new perspectives to help us though this time of change,” she writes. “The opportunities are clear too. Every day people use our apps to connect with family and friends and make a difference in their communities. If we can honor the trust they put in us and live up to our responsibilities, we can help more people use technology to do good.

“That’s what motivates our teams and from all my conversations with Nick, it’s clear that he believes in this as well. His experience and ability to work through complex issues will be invaluable in the years to come.”

One former Facebook policy staffer we spoke to for an insider perspective on Clegg’s hire, couched it as a sign Facebook is finally taking Europe seriously — i.e. as a regulatory force with the ability to bring big tech to rule.

“When I started at fb there were two people in a Regus office doing EU policy,” the person told us, speaking on condition of anonymity. “Now they have an army, and they’re still hiring.”

In Europe, the region’s new data protection framework, GDPR, which came into force at the end of May, has put privacy and security at the top of the tech agenda. And more regulations are coming — with the EU’s data protection supervisor warning today that GDPR is not enough.

“The Facebook/Cambridge Analytica revelations are still under investigation in Europe and America, but they are only the tip of the iceberg, a sign of a much wider problem and a symptom of many more problems still unnoticed,” writes Giovanni Buttarelli in a blog entitled: The urgent case for a new ePrivacy law.

Reshaping regional rules to account for and rebalance monopolistic platform power is where EU lawmakers are increasingly turning their attention. It looks like Facebook has finally caught on that they’re serious.

“They didn’t take it seriously and they’re catching up now. I think it also just sends a strong signal that they’re not a U.S. centric company,” the former Facebooker added of the company’s attitude to EU policy, dating their dawning realization that a new approach was needed to around 2016.

That was also, of course, the year that domestic election interference came home to roost for Zuckerberg, after Kremlin meddling in the US presidential elections. And after his famous failure to judge that detail important.

So no more ‘pretty crazy ideas’ from Zuckerberg where politics is concerned — Nick Clegg instead.

For Brits, though, this actually is a pretty crazy idea, given Clegg is the awkwardly familiar face of middle ground, middler performance politics.

And, more importantly, the sacrificial lamb of political compromise, after his party got punished for its turn in coalition government with David Cameron’s Brexit triggering Conservatives.

Our ex-Facebooker source said they’d heard rumors linking the former Labour MP, David Miliband, and the Conservatives’ former chancellor, George Osborne, to the global policy position too.

Whatever the truth of those rumors, in the event Facebook went with Clegg’s third way — which of course meshes perfectly with the company’s desire to be a platform for all views; be that conservative, liberal and Holocaust denier too.

In Clegg it will have found a true believer that compromise can trump partisan tribalism.

Though Facebook’s business will probably test the limits of even Clegg’s famous powers of accommodation.

The current state of the Lib Dem political animal — a party with now just a handful of MPs (12) left in the UK parliament — does also hold a cautionary message for Facebook’s mission to be all things to all men.

A target some less machiavellian types might judge ‘mission impossible’.

Add to that, given Facebook’s now dire need to win back user trust — i.e. in the wake of a string of data scandals, such as the Cambridge Analytica affair (and indeed ongoing attempts by unknown forces to use its platform for voter manipulation) — Clegg is rather an odd choice of hire, given he’s the man who led a political party that fatally burnt the trust of its core supporters and convinced them to punish it with near political oblivion at the ballet box.

Still, at least Clegg knows how to say sorry in a way that be turned into a hip and shareable meme …


Source: Tech Crunch

Virtual reality makes food taste better

Virtual reality makes food taste better

In another example of VR bleeding into real life, Cornell University food scientists found that cheese eaten in pleasant VR surroundings tasted better than the same cheese eaten in a drab sensory booth.

About 50 panelists who used virtual reality headsets as they ate were given three identical samples of blue cheese. The study participants were virtually placed in a standard sensory booth, a pleasant park bench and the Cornell cow barn to see custom-recorded 360-degree videos.

The panelists were unaware that the cheese samples were identical, and rated the pungency of the blue cheese significantly higher in the cow barn setting than in the sensory booth or the virtual park bench.

That’s right: cheese tastes better on a virtual farm versus inside a blank, empty cyberia.

“When we eat, we perceive not only just the taste and aroma of foods, we get sensory input from our surroundings – our eyes, ears, even our memories about surroundings,” said researcher Robin Dando.

To be clear, this research wasn’t designed to confirm whether VR could make food taste better but whether or not VR could be used as a sort of taste testbed, allowing manufacturers to let people try foods in different places without, say, putting them on an airplane or inside a real cow barn. Because food tastes differently in different surroundings, the ability to simulate those surroundings in VR is very useful.

“This research validates that virtual reality can be used, as it provides an immersive environment for testing,” said Dando. “Visually, virtual reality imparts qualities of the environment itself to the food being consumed – making this kind of testing cost-efficient.”


Source: Tech Crunch

Twilio shops, Uber and Lyft IPO scuttlebutt, and Instacart raises $600M

Twilio shops, Uber and Lyft IPO scuttlebutt, and Instacart raises 0M

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

This week we had the Three Excellent Friends (Connie Loizos, Danny Chrichton, and Alex Wilhelm) on hand to kick things about with Scale Venture Partner’s own Rory O’Driscoll.

As I’ve written the last few weeks, what a pile of news we’ve had recently. And like the last few episodes, we had to pick and choose what to drill into. This week: Twilio-Sendgrid, Palantir, Uber, Lyft, and Tencent Music IPOs, Instacart, and Saudi Arabia.

In order, I think? First, we tackled the week’s biggest venture-themed M&A: Twilio buying SendGrid. Keep in mind that they are both recent IPOs; Twilio went out in 2016, and SendGrid in 2017.

The $2 billion-ish all-stock transaction is effectively Twilio using its rich market cap (rich in terms of its revenue and profit multiples) to snag an obvious (though intelligent) extension of API-powered communications toolset.

Next up we dug into the chance that Palantir is worth $41 billion. Spoiler: It isn’t. Then we chatted the two other recently-floated IPO valuations for Uber ($120 billion) and Lyft ($15 billion). They probably make more sense, depending a little on how you add and then divide.

All that and we also touched on the recent delay in the Tencent Music IPO, a profitable company.

Then we riffed through the Instacart round ($600 million more at a $7.6 billion valuation; wow), and re-touched on Silicon Valley’s currently least popular dinner party topic: how much Saudi money has recently gone to work powering tech startups.

A big thanks to you for not only sticking with Equity for so long, but also for making it quite literally as popular as it has ever been. It’s super fun to have the biggest crew with us every week that we’ve ever had.

You, yes you, are a delight.

Equity drops every Friday at 6:00 am PT, so subscribe to us on Apple PodcastsOvercast, Pocket Casts, Downcast and all the casts.


Source: Tech Crunch

Vector speeds toward orbital launch capability with $70M in new funding

Vector speeds toward orbital launch capability with M in new funding

The market for small satellites in low Earth orbit is expanding faster than the gas in a thruster nozzle, and Vector aims to be the go-to launch platform for companies looking to put a bird in the air on short notice. The company just raised a $70 million B round and aims to take its first payload into space early next year.

Smaller launch systems are already helping bring down the cost of going to orbit, but there’s still a huge amount of room to improve. Satellites and experiments are still waiting for years, or at least more than a few months, for their chance to get to LEO. Vector is hoping to be the company they come to when they want to launch on the scale of weeks.

Of course, that kind of quick turnaround isn’t easy. You have to build hundreds of rockets to be prepared for demand, but that’s exactly Vector’s plan. Naturally this requires a considerable amount of capital.

After doing a lot of groundwork with Defense Dept. and NASA grants, the company raised a $1M seed round back in 2016, and expanded with a $21M round the next year led by Sequoia. The numbers keep on growing with today’s $70M round, led this time by Kodem Growth Partners.

“Vector is entering an extremely important phase of our journey, transitioning from a focus on research and development to flight operations and profitability. This Series B financing is a critical element in Vector’s mission to improve access to space and become a dominant launch provider to the small satellite industry,” said CEO and co-founder Jim Cantrell in a press release.

The company has already done sub-orbital proving flights of its launch system, and the first orbital launch is scheduled for December. They’ll be taking off from the Pacific Spaceport Complex in Alaska — date TBD. Once orbital launch capability is established, Vector will be getting a lot of calls, so some of the money will go towards sales and marketing personnel, which should roughly double its presence in Silicon Valley,

But the bulk of the new funds will be dedicated to the establishment of a new rocket manufacturing facility in Tucson. You don’t build hundreds of launch vehicles with some second-hand factory.

The company’s original roadmap had orbital launch late last year, but in this business it’s better to be a little late and get things right. That said the vision for the rocket itself hasn’t been adjusted substantially.

“The original design of the Vector-R launch vehicle has largely remained the same since the founding of Vector and the acquisition of Garvey Spacecraft Corporation in 2016 (where the initial design was developed over a 15yr process),” explained co-founder and chief sales and marketing officer Shaun Coleman.

Demand has been sustained for the 50-60kg payload capacities the company is looking to offer, Coleman noted; a heavy configuration that can lift up to 290kg is also underway. (For comparison, a SpaceX Falcon 9 can lift around 25,000kg of payload. These are very small rockets and that’s by design.)

We’ll know more about Vector’s first orbital launch as we approach it. In addition to Kodem, Morgan Stanley Alternative Investment Partners, Sequoia, Lightspeed, and Shasta Ventures all contributed to the round.


Source: Tech Crunch