Tag Archive: security


Twitterglobe-feature

According to sources close to the situation, Twitter is planning on waiting until after its IPO – which is set to take place next week – to name its first woman to its board.

The move makes some level of sense, mostly because it would be difficult to have any new board member join the San Francisco-based social microblogging company now, given that that person would have to sign off on the public offering with little knowledge of its details.

Sources also added that while many are expecting Twitter to seek out a female director with media or tech experience – and there are many laudable candidates in both those areas – the company’s execs, especially CEO Dick Costolo, believe that one with international expertise is more important.

The reason is clear – Twitter is a global player, and runs into thorny issues all over the world around the proliferation of its open service. You might imagine that, in the future, as it grows, the company will face even more international conundrums that it will need a lot of mental heavy lifting to work out.

While the board had put former Secretary of State Hillary Clinton on the top of its overall list, she has not been contacted about joining as a director. She’s also likely to not be available, either, especially given that she is expected to run for the Democratic nomination for president of the United States in the 2016 election.

(Sorry, but she’s busy, boys! While Twitter chairman and co-founder Jack Dorsey will be bummed, most there actually considered her a very long shot.)

The number of women with international experience is also long. But if I were to bet on whom Twitter is considering for its top picks, I would name only two: Condoleezza Rice and Madeleine Albright.

Albright, among her many diplomatic roles, was the first woman to become the Secretary of State, named in the Clinton administration. She is now a professor of international relations at Georgetown University’s Walsh School of Foreign Service (disclosure: I went there), and is also chairman of the Albright Stonebridge Group, a global strategy firm.

Also – keep up, Peter Fenton! – she is fluent in French, Russian, Czech, Polish and Serbo-Croatian, serves on important boards such as the U.S. Department of Defense’s Defense Policy Board, and has written five books.

In addition – and this is just from my several encounters with her over the years – Albright takes no guff.

Neither does Rice, who also has some big cred in her corner. Along with other big government posts, she also served as Secretary of State under former President George W. Bush.

Rice also has some Silicon Valley links, both as a top administrator and professor at Stanford University, and her recent relationship with Khosla Ventures.

The VC firm signed a deal late last year with RiceHadleyGates, the international consulting firm that Rice runs, to “bring global and domestic insight to Khosla’s portfolio companies, helping them achieve their strategic goals in industries such as technology, energy, security and healthcare.”

No matter their gender – although that would also be a plus – either Rice or Albright would certainly be an asset for Twitter. The company has attracted not-undeserved scrutiny over not having a woman – or any diversity at all, really – on its board.

That board now includes: Former Netscape CFO and investor Peter Currie; former News Corp COO and Hollywood mogul Peter Chernin; Silicon Valley venture capitalist Peter Fenton, of Benchmark Capital; former DoubleClick CEO David Rosenblatt; Jack Dorsey (also CEO and founder of hot payments startup Square); co-founder and serial entrepreneur Evan Williams (now working on an innovative new publishing platform called Medium); and CEO Dick Costolo, who has already attracted controversy over the issue.

The lack of a woman on the board of a company is particularly glaring, given that numerous studies show that more women use Twitter than men, and that it is aiming to be a global company that represents, well, all of humanity.

Alert

Now that the so-called “six-strikes” copyright alert system has gone into effect at the top US ISPs, we’re finally learning exactly how customers will be affected. Comcast has posted a brief overview of how it will handle things, and it involves a blatant browser hijack for repeated infringers.

According to Comcast, the first three incidents of alleged infringement will result in a browser popup that can be dismissed. On the fourth allegation, Comcast will hijack the browser completely and redirect users to a notice that cannot be dismissed. This is the beginning of the “mitigation phase.” Customers that reach this stage will have to call a Comcast Customer Security Assurance rep and discuss the matter. Exactly what is required to get the notice removed is not made clear.

The browser redirect should not affect any VoIP services or Comcast email — handy because the alert is accompanied by an email from Comcast with details of the alleged infringement. The company insists that at no point in the six-strikes system will a customer have their account terminated. However, browser hijacking makes a connection essentially unusable and presents security issues.

It’s only a matter of time before an internet ne’er-do-well comes up with a script that produces a window identical to Comcast’s notice. It would be trivial to stick malicious code into such a popup, or to simply trick users into paying a “fine.” Comcast says you can make sure the notice is legitimate by checking your Comcast email for the official message. This seems like a a fairly poor solution.

Comcast did not elaborate on how the browser hijack was being accomplished. If it is a simple DNS redirect, switching to a third-party DNS server (like Google or OpenDNS) would bypass it. If the ISP is somehow inserting JavaScript to take over the browser, blocking scripts could set things straight. If there is a way, the internet will find it.

Microsoft and Symantec take down Bamital

Bamital wasn’t the biggest botnet around, but its operators were still up to no good — and that ultimately put it in the crosshairs of both Microsoft and Symantec.

The two companies decided to partner up and take action, raiding locations in New Jersey and Virginia. Several servers that were believed to be issuing commands to zombie systems were taken offline, including one that had been pinpointed in The Netherlands.

Just prior to the takedown, Microsoft and Symantec estimate that Bamital was in control of somewhere between 300,000 and 1 million computers. Users of compromised systems were then hijacked while browsing the web — redirected away from legitimate websites like Symantec’s own products pages and deposited instead on sites pushing fakeAV software and other malware.

Now that the servers in charge of those redirects have been shut down, users will be sent to a Microsoft alert page instead. The page provides links to two cleanup tools (one from Microsoft and another from Symantec) to help users get rid of the malicious Bamital code that’s still residing on their systems.

This is just the latest victory in a series of strikes against major botnets. Microsoft has participated in a half dozen such actions in recent years, helping to shut down nasty networks like Zeus, Rustock, and Waledac.

Richard Boscovich of Microsoft’s digital crimes unit believes that the Bamital operation was a complete success, but notes that “only time will tell.” The criminals behind Bamital may not have shown all their cards yet, and it’s possible that the botnet could rise from the ashes. The good guys will be waiting and watching, however, and they’ll surely strike again if that happens.

“A bug in the way Samsung’s TouchWiz UI interacts with USSD codes on Android smartphones may allow an attacker to perform a factory reset on susceptible devices, simply by embedding a link on a website or sending an SMS,” Matt Brian reports for TNW.

“An attacker could load the code in a website, SMS, an NFC Android Beam connection or via a QR code, have the user either visit the link or click it on their smartphone and it is possible to completely wipe the device without warning or giving the user the chance to stop it,” Brian reports.

Brian reports, “So far the following devices have been reportedly been confirmed to be affected: Galaxy S Advance; Galaxy S II (video); Galaxy S III; Galaxy Ace; Galaxy Beam.”

Read more in the full article here.

MacDailyNews Take: “Open.”

[Thanks to MacDailyNews Reader “David G.” for the heads up.]

%d bloggers like this: