Yahoo! announced recently that it will be resetting all Yahoo! IDs that haven't been used for over 12 months come July 15th.
When it comes to online security, often times the greatest vulnerabilities aren’t technical, but human. Unfortunately, social engineering can be the hardest type of attack to prevent. It was the method behind the catastrophic hacking of Wired reporter Mat Honan, the exploits of the Syrian Electronic Army, and the cyber-espionage by China’s People’s Liberation Army.
Three year old startup Pindrop Security has developed solutions to a specific class of these attacks, specifically phone fraud. The company uses proprietary acoustic fingerprinting technology to assist corporations and call centers in authenticating the caller on the other end of the line, and in turn limiting the chance of phone-based social engineering.
Today, the Atlanta-based company announced $11 million in Series A funding led by Andreessen Horowitz and Citi Ventures, with participation from new investors Redpoint Ventures and Felicis Ventures, as well as Pinpoint’s Seed round lead Webb Investment Network. The round brings the company’s total funding to $12 million. Andreessen Horowitz partner Scott Weiss, who was previously a director at Silver Tail Systems and an executive at Ironport, will join the company’s board of directors.
“The anti-fraud category is always attractive because it gets purchase orders,” Weiss says. “Whatever amount of fraud you can prevent goes straight to a company’s bottom line, so it’s easy for them to justify the expense. And once you get in, it’s very difficult to displace you.”
Pindrop is the result of PhD research by co-founders Vijay Balasubramaniyan and Paul Judge who spent their time at Georgia Tech investigating how easy it spoof a call’s provenance. According to the FTC, 29 percent of fraud victims are first contacted by phone. The company uses patent-pending “Phone Fingerprint” technology to analyze 137 signals within a phone call’s audio data to identify the caller’s network, geographic location – down to a region the size of France – and her device type. This information is then translated into a unique fingerprint which can then be matched against past and future calls and which is largely immune to standard masking techniques such as call rerouting. At the same time, these fingerprints can be used to quickly identify legitimate callers.
For obvious reasons, Pindrop has been a big hit in the financial services sector, which Balasubramaniyan called the company’s beachhead. Additional natural industries include healthcare, law enforcement, ecommerce, and other industries in which identity verification is a necessity. One thing that many of these industries have in common, beyond sensitivity of information, is high transaction volumes, which make it far more likely that an intruder can beat a company’s defenses.
Weiss shared that the company has already helped banks identify long-operating but previously undetected fraud rings. Importantly, although Pindrop gets better over time and with more data, the company’s technology works from the word go, detecting over 80 percent of attackers on the first call, according to its CEO. This is a claim that no other competing technology can make.
Pindrop’s’s strategy is to cast its net far and wide across the global enterprise market. According to its CEO, the company will use the latest funding to expand into Canada and Europe and will sell both to corporations and to their call center vendors. The company has grown to nearly 20 people between Atlanta, Philadelphia, and Boston and has plans to expand significantly in the sales and client support areas. New offices are also planned in San Francisco and London.
Fraud protection is a worthy goal, but the use of this technology is sure to raise some eyebrows. At a time when countless leading tech companies are accused of conspiring with the the NSA, FBI, and other governmental bodies, the idea that a company can instantly identify the source of every call gives cause for pause. The good news is that the company is not pinning location down to a specific address or set of longitude and latitude coordinates. But nonetheless, it’s a lot of power for one company to hold.
Despite these concerns, Pindrop is likely to be met with open arms in the financial services and similar industries. There is simply too much money and private data at stake not to use every tool available to combat attackers. Pindrop seems to be a technology at the bleeding edge of phone fraud protection, and has the IP protection to keep it there for some time. At the end of the day, it’s cyber-criminals, not technology competitors, that are likely to give the company’s technology the biggest run for its money. It will be Balasubramaniyan and Judge’s task to stay one step ahead.
I don’t have a passcode on my iPhone. Anyone who finds the device can run their finger along the bottom of its screen and instantly access my personal and professional email accounts, Facebook and Twitter profiles, address book, and anything else I might consider important faster than you can say “slide to unlock.” And I’m not alone — according to a report from Soluto, some 37 percent of people who work for small businesses don’t use any kind of passcode on their smartphone. The devices we carry around specifically because they provide access to our entire lives, both personal and professional, are woefully unprotected.
Soluto wants to change that. (What a coincidence!) The company is today announcing a new tool that will allow small businesses and personal users alike to manage others’ smartphones. Now your employer could require that you have a passcode on your device, remotely install applications, allow or disallow data and voice roaming, or lock and “wipe” your device if it’s lost or stolen. Soluto has focused on helping employers and families manage others’ Windows devices since its launch — now it’s bringing something similar to iOS.
The security features are based on a typical Mobile Device Management (MDM) application, which allows companies like Soluto to build management tools for the iPhone and other platforms. “We didn’t invent any hack or anything like that,” says Soluto’s chief product officer, Roee Adler. “What we did is we took a very heavy protocol and technology that was built for enterprises and gave it a small business touch.” Instead of paying an exorbitant amount of money for a tool that looks like it was originally developed for Windows ME, Soluto is hoping that small businesses will pay 99-cents per device (Windows or iOS) to access a simpler-but-better-designed solution.
But what about the employees — won’t they resist their employer taking over their iPhone? Adler says that many of the people Soluto surveyed — 42 percent — who had their work accounts connected to their iPhone can see why their employer would want them to use a passcode. “Employees want to protect their business, and they want to have their work email on their iPhone,” Adler says. They simply haven’t added a passcode because it wasn’t required by their employer. (It occurs to me that this is like saying that you want to be a good person but your mother never disciplined you as a child and the police don’t follow your every move, but hey.)
Today’s announcement marks Soluto’s first expansion beyond Windows PCs, but Adler says that the company actually approached the iPhone the same way it might approach any other device. “We’re basically treating it just like it was a PC,” he says. There is no special plan required to manage an iPhone in addition to or instead of a Windows PC, and the service was designed to work similarly for both platforms. The iPhone has started to become as ubiquitous as a traditional PC, whether it’s in the board room, the living room, or the back room — why treat the two differently?
Now, if you’ll excuse me, I have to go add a passcode to my iPhone before someone comes over and smacks my wrist for not having one already.
[Disclosure: Soluto and PandoDaily are both backed by Index Partners' Saul Klein and CrunchFund.]
If you're really lucky, not a ton of spam makes its way into your inbox. Email providers have never been better at blocking it and filtering it to your spam filter without you lifting a finger. However, you still probably get newsletters you've tried unsubscribing from, updates for services you don't use, or notifications from who may have used your address to sign up for something. Here's how to deal with the spam that consistently makes it through your filters.
The impact of the NSA's secret surveillance through PRISM
In an open letter entitled Apple's Commitment to Customer Privacy, the company issued denials and disclosures consistent with those that Facebook and Microsoft
In the six-month period from December 1 of 2012 to May 31 of this year, Apple claims to have received between 4,000 and 5,000 government requests for consumer data, which applied to somewhere between 9,000 and 10,000 unique devices. A very small percentage of Apple's multi-million user base! And the requests themselves are presented as innocuous as well:
Police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.
The news gets better; Apple states clearly that it does not share the content iMessage or FaceTime conversations (although surely the metadata is available), and that it doesn't store Maps, location, or Siri data in any way that could identify you.
If the disclosures all sound familiar, it's because everything from the number of requests to the type of data being fulfilled are remarkably similar to those reported by Facebook and Microsoft. And they're pretty small, relatively speaking! Then again, the actual number doesn't do anything to affect how off-putting the actual principle is behind the government's legally sound, nearly carte blanche access to your personal information.
It's also probably best not to sleep tight quite yet; remember that until last week, none of these companies had even heard of PRISM, despite being willing participants in it. If they're only just now finding out the name, it stands to reason that perhaps even they still have much to learn about the scope. [Apple]
There are many interesting things you can do with a Raspberry Pi, but this one isn't just fun, it's easy, and it can offer some privacy protection from prying eyes