The Battle Against Spam and Phishing Scams is Officially On
Google, Microsoft, Yahoo!, AOL and Facebook are setting aside their online rivalry to fight a common enemy: email spam and “phishing” attacks.
The Web giants said Monday they have teamed up with Bank of America, PayPal and others to combat spam and phishing, where emails seeking to obtain passwords or other information are sent to unsuspecting recipients.
Following 18 months of private collaboration, they’ve announced the formation of a technical working group known as DMARC.org, drawn from the acronym for Domain-based Message Authentication, Reporting and Conformance.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole, industry cooperation — combined with technology and consumer education — is crucial to fight phishing,” said Brett McDowell, the chair of DMARC.org and senior manager of customer security initiatives at PayPal.
The members of DMARC are proposing email authentication standards for email senders and receivers designed to make impersonation more difficult for the fraudsters behind phishing attacks.
Currently, email providers must rely on “complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer.
By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure.
AOL, Google, Microsoft and Yahoo!, the leading email providers, are members of DMARC.org along with Bank of America, Fidelity Investments, PayPal, American Greetings, Facebook, LinkedIn and email security providers Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.
SOPA and PIPA What Went Wrong
The postponing of SOPA and PIPA last week was a relief to security gurus who foresaw major technical problems inherent in the bills’ provisions. Last week U.S. Congress was rushing to pass a controversial bill that most security experts maintained could throw a monkey wrench into the gearbox of the Internet.
The bills themselves have been postponed, and their main sponsors have specifically disavowed the supposed security pain points they contained.
The Stop Online Piracy Act (SOPA), filed in the U.S. House of Representatives, and its Senate counterpart, the Protect IP Act (PIPA), proposed that Internet Service Providers (ISPs) be called on to block the DNS addresses of websites suspected of violating the rights of copyright holders.
But after weeks of controversy from opponents of the legislation, capped by a one-day blackout of Wikipedia and other sites in protest of the measure, the sponsors of the bills decided to strip out the DNS requirements.
“After consultation with industry groups across the country, I feel we should remove Domain Name System blocking from the Stop Online Piracy Act so that the [Judiciary] Committee can further examine the issues surrounding this provision,” SOPA’s sponsor Lamar Smith (R-Texas) said.
PIPA’s sponsor, Patrick Leahy (D-Vermont), was skeptical of the critics of the DNS provisions in his bill, but also agreed to shelve the provision.
“I remain confident that the ISPs — including the cable industry, which is the largest association of ISPs — would not support the legislation if its enactment created the problems that opponents of this provision suggest,” he said. “Nonetheless,” he continued, “this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.”
The DNS concessions were good news for white hats like Dan Brown, a senior security researcher with Bit9. “Anyone who understands how the Internet works thinks it’s a bad idea for Congress to fiddle with something they don’t understand,” he told TechNewsWorld.
“These bills are still bad because they will have a negative impact on free speech and free communication on the Internet,” he asserted, “but they appear to be moving in the direction of not having any major technological impact on the Internet.”
For more info check out this online article from PC World
http://www.pcworld.com/businesscenter/article/248586/sopa_and_pipa_what_went_wrong.html
Anonymous lashes out and promises more to come
Government and big business once again clashed with the anarchic hacker collective “Anonymous” last week. The sore point between the two this time was the FBI’s shutdown of the alleged pirate haven Megaupload and the arrest of its founder and other executives in the company.
Megaupload has been in and out of hot water since it was launched in March 2005. Since that time, according to the FBI, the site has produced $175 million in “criminal proceeds” for its owners.
In retaliation for the government action, the hacker group known simply as “Anonymous”, launched a series of denial of service attacks against servers at the U.S. Department of Justice, the Motion Picture Association of America and Universal Recording. The attacks were able to cripple or stop operation of those sites temporarily. To do so, however, the hactivists had to resort to unusual tactics.
Through Twitter and the group’s chat rooms, it spread a booby-trapped URL. Clicking on the Web address involuntarily turned the clicker into one of the Anonymous attacking hordes.
Now Anonymous is threatening to bring down Facebook this weekend in the same manner. They’re even asking for end users help with this “project” and suddenly we’re seeing videos supposedly from Anonymous (no one has verified that these videos can actually be attributed to the group – after all, they are Anonymous) but it’s interesting to see and listen to all the chatter.
Here’s a link to the video supposedly attributed to the hacker organization – to be fair, the group has tweeted publically that this video is a fraud. Boy… just who can you trust these days?
http://www.youtube.com/watch?feature=player_embedded&v=oVSQ3JIgIXE#!
What’s your stand on this – should pirate sites like Megaupload and other torrent sites be allowed to store and share pirated and copyrighted movies and music for anyone to download for free? I’d love to hear your thoughts on this…
Instant Facial Recognition and Detection
Instant facial recognition and detection, is it Science Fiction or Science Fact? Facial recognition and detection technology is getting cheaper, faster, and much more commonplace, raising the question of whether people will be able to remain anonymous in the near future.
Digital signs and sensors that detect and recognize faces are no longer a matter of science fiction. They are real and are popping up everywhere from malls to bars to smartphones.
So what’s protecting you from Big Brother tracking your movements and invading your privacy?
As of right now, technology is the only significant barrier.
Today, the technology is not quite robust enough to snap a photo of someone on the street and instantly know who they are. Computer processors aren’t fast enough to scan across billions of images in real time to match an offline face to an online photograph. But that’s coming soon.
“To match two photos of people in the United States in real time would take four hours,” said Alessandro Acquisti, professor of IT and public policy at Carnegie Mellon University’s Heinz College. “That’s too long to do in real time. But assuming a steady improvement in cloud computing time, we can soon get much closer to that reality than many of us believed.”
Acquisti and his research team at Carnegie Mellon have already developed a proof-of-concept iPhone application that can snap a photo of a person and within seconds display their name, date of birth and social security number.
Currently, the reference photos have to be uploaded to a database, but Acquisti said that processing speeds will soon become fast enough to do the whole process online and in an instant.
Though computers still have difficulty identifying faces in low light or poor photo quality, programs are now able to capture a profile of a face, build a 3D model of it, rotate the photo and identify the person the face belongs to.
If a future in which you can always be identified really is around the corner, what will stop advertisers or even the government from putting names to previously anonymous faces of people walking into a store, strolling down the street or protesting a convention? That’s what the Federal Trade Commission sought to find out at a facial recognition policy conference in Washington last month.
The answer as of now: industry self-regulation. The Digital Signage Federation, a consortium of companies operating digital signs that detect or recognize faces, developed privacy guidelines that require consumers to “opt-in” to being detected or recognized. But that “opt-in” can be made as simply as walking into a store that posts on its window that it detects faces.
As of today, no laws or regulations specifically prevent your face from being detected or recognized without your consent. “Is U.S. privacy law ready for facial recognition? It’s not even close,” said Daniel Solove, professor at the George Washington University Law School.
The solution, however, isn’t easy. Warning people that a particular venue is equipped with face detection technology means the only way for people not to be detected would be to avoid the location. But what if it’s a drug store and someone needs to get a prescription filled?
More than 35,000 developers have built apps that have detected and recognized more than 35 billion photos using Face.com’s online software. They range from fun toys like Celebrity Findr, which scours Facebook and Twitter for photos of celebrities, to practical tools like Fareclock, which tracks when employees punch in and out by scanning their faces.
Somewhere in between is Find Your Facemate. Upload your photo and the service will find a potential future love interest who uses the service and looks like you.
How long will it be before someone decides to put together all these online images into a central database and in many online repositories like Facebook and Twitter, our name is already linked to the photo.
Face recognition and detection is real, but the government doesn’t yet have a way to protect its citizens from potential abuse of the technology. With the vast network of internet based security cameras recording much of our daily lives, this is just the next logical step. Are you ready for this? In the future, can anyone remain anonymous?
Use Your Face To Log Into Your Computer And Websites
Are you tired of creating and then trying to remember all your different passwords – never mind having to type them in each time you log into your iPhone, iPad, iOS or Windows based system?
Well, it looks like a company called SensibleVision may have the answer for all of us.
FastAccess Anywhere is your mobile device’s new best friend. Now you can finally use the most powerful sites and apps that have sensitive data—like banking, bill payment, and private email—by securely logging in with your face.*
So, say goodbye to the hassle of remembering and typing all your passwords on that tiny mobile keyboard. Or putting in a PIN or password just to check the weather or make a phone call.
Whether you use iOS or Android phones or tablets, or Windows desktops and laptops, FastAccess Anywhere has you covered. Protect the apps YOU want and instantly input usernames and passwords with your face.
And, unlike other “novelty” face recognition products that allow access with photos or videos of your face, FastAccess Anywhere has enterprise-level security so you don’t have to worry. It’s fast, safe, and fun!
Sync Passwords Across Devices…iOS, Android, & Windows!
FastAccess Anywhere syncs across phones, tablets, and even your Windows machines. Store passwords on any Android, iOS (Apple), or Windows device and automatically have them available on all of your other devices. Change a password and it updates everywhere!
Because security comes first with FastAccess Anywhere, all passwords are stored securely in the cloud, never permanently on your mobile devices. So, if your phone is ever lost or damaged, your passwords aren’t. That means someone who finds your lost device won’t have access to your credentials.
Proven Technology for People On-the-Go
Five MILLION users already love FastAccess facial recognition on Windows. Combining our patent-pending, class-leading facial recognition with an optional gesture or shape of your choice, FastAccess Anywhere uses proven technology for storing and retrieving your sensitive passwords on your mobile devices. Not even photos or videos can fool it.
By using your face with a second factor, the accuracy of the two technologies are multiplied to give you piece of mind. In addition, gesture “smudge attacks” are reduced because FastAccess Anywhere moves the gesture area around on the screen.
Up and Running in No Time
Our easy setup wizard will guide you through everything in just a few steps:
- Create a Cloud Account
- Teach FastAccess Anywhere your face
- Create a Gesture
You’ll be using your face to access sites & apps in minutes!
http://www.sensiblevision.com/faa.aspx
Try FastAccess Pro for FREE – get the free download at:
http://www.sensiblevision.com/en-us/home.aspx#top
The software is currently available for Windows XP, Vista and Windows 7. FastAccess Anywhere for Mobile devices will be available in February. Watch as the company shakes up this month’s CES show with its pending release.
Cyber Monday Shipping Woes
With Cyber Monday, the “official” start of the online holiday shopping frenzy now just a fond memory, online shoppers should remember to be vigilant about any email messages they receive relative to their shopping extravaganza..
Pretty much everyone is in a hurry to get their online holiday shopping done and shipped. During the next few days and weeks you may see what appears to be an email from UPS saying “package not delivered,” and please click on a link to get the issue resolved. Don’t just blindly follow these instructions. Chances are the email is a fake, intended to infect your computer with a virus..
The scam is designed to prey on online shoppers who are worried about the timely delivery of their purchases. The emails look and feel like they are coming from legitimate shipping outlets such as UPS but in fact, the emails either have virus infected zip files attached to them or they direct recipients to infected sites through the clickable links embedded in the HTML content..
In the email screen capture shown, there’s one big clue in the message that indicates it’s a fake: “We were not able to delivery the post package“ reads the “mish-mashed” sentence in the message..
There have been a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic ‘UPS Customer Services.’.
UPS itself is quite aware of scammers using its corporate name to spread malware or take advantage of unsuspecting users who might be willing to hand over credit card or other information to cyber criminals. The company recognizes it as a “continuing global issue,” and has a Web page devoted to fraud protection that’s definitely worth checking out if you ship or receive packages using the service..
The company “may send official notification messages,” a UPS spokesperson has said, but there are — and this is important — “rarely attachments.”.
If you get such an email, you can forward it directly to UPS at: fraud@ups.com..
“You should not open attachments and should delete the email after forwarding,” UPS advises. The company continues to work with local and national authorities as well as participate in a cyberspace fraud task force. It’s a continuing challenge..
.
No matter how eager shoppers are for their shiny new purchases to arrive, they should take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made. In addition, rather than clicking on embedded links in an email, shoppers should go directly to the shipping site and plug in the tracking number.
Facebook gets attacked again.
Over the last few days, Facebook users have been experiencing a flood of links, videos, and images depicting pornography, violence, and a myriad of unseemly images. Facebook confirmed the problem, in short, stating it was hit by a coordinated spam attack leveraging a browser vulnerability.
Some members of the social network are complaining about violent and/or pornographic pictures showing up in their News Feeds without their knowledge. Others are being told by their friends that they are sending requests to click on links to videos, sending out bogus chat messages, or writing mass messages and tagged photos leading people to believe they are in the link.
We’ve seen this type of spam on Facebook before, but it’s coming in at a much faster pace. According to the company, this spam attack all started with users being tricked into pasting and executing malicious JavaScript in their browser’s URL bar. Facebook says it has been shutting down the malicious pages and accounts that attempt to exploit this flaw and has been giving users guidance on how to protect themselves. Overall, the company claims it has managed to drastically reduce the rate of the attack, but didn’t elaborate with actual numbers.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms,” a Facebook spokesperson said in a statement. “Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.”
“Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”
Users are outraged, and as is typical with Facebook members, many are already threatening to close their accounts. That being said, it’s still not known how many of the site’s 800 million active users are affected.
Think you may have a Facebook virus or your account has been hacked? Here are three things you should try: change your password, remove suspicious apps, and perform a virus scan.
Change your Facebook password
It’s possible your Facebook woes are coming from the result of a phishing scam. Someone may have created a fake website that looks like Facebook or another online service you visit and tricked you into logging in. Their goal was to steal your password and other account credentials, and they may have succeeded.
In this case, you should change your password on Facebook. :
If changing your password fixes your Facebook problems, you should change your password for all your other services too, especially if you use the same password for them as you previously used on Facebook. If this doesn’t fix the problem, try the next step.
Remove unwanted Facebook apps
It’s possible your Facebook problems are coming from a rogue app that you accidentally installed or were tricked into installing. Every Facebook app has certain permissions to your account. Some of these permissions you can modify, while others you cannot.
Your best bet is to remove all the Facebook apps you find suspicious. If you don’t know how to do so, there are guides on Facebook itself.
If cleaning out your apps fixes your Facebook problems, tell your friends they should do the same (chances are the app asked your friends to install it as well). If this doesn’t fix the problem, try the next step.
Get some security software and run a virus scan
It’s possible the problems are coming from some sort of malware, be it a keylogger, a trojan, or some other type of virus. Even if you think your computer is clean, it can’t hurt to check.
I recommend Microsoft Security Essentials –it’s free and gets the job done very well. Another good one is Malwarebytes. Other free alternatives include Avira and Avast.
The aforementioned security programs are for Windows. If you have a Mac, try using the antivirus from Sophos.
After running the virus scan, clean out whatever the program detects.
Box.net One-Ups Apple’s iCloud with 50GB of Free Storage
Box.net is thumbing its nose at Apples iCloud and turning up the iCloud competition by offering 50 GB of free cloud storage for anyone who uses a Box Personal account on an iPhone or iPad.
The Box offer of free cloud storage on the iPhone, iPad and iPod touch comes as Apple officially launched iCloud, its cloud storage platform for iOS devices, this week. Box’s 50 GB of free cloud storage trumps the 5 GB free on iCloud. 50 GB of storage on iCloud would run about $100 per year.
“That’s right, it’s 50 GB in the cloud completely free, forever,” says Box Social Media Manager Mark Saldana in a blog post. “Your 50 GB of storage isn’t just limited to your mobile device — you get it anywhere you use your Box account, like on your laptop at home or your desktop at the office.”
According to Box, which has become a cloud storage, file sharing and content management darling, users have to visit the Apple App Store and download the newest Box app for their iPhone, iPad and iPod touch; log into the account or register for a new one from the app; start using Box for file sharing and storage.
If you already have a Box.net account, you’ll need to update to the newest Box for iPhone and iPad app, version 2.4.3, then log into Box in order to get 50 GB. An is that wasn’t enough, your new account will have an increased file size upload limit of 100 MB instead of the usual 25 MB.”
It has also updated its app with new features. It can leverage AirPlay for wireless streaming of Box content to Apple TV, meaning photos, videos and presentations can be shown.
The 50GB free cloud storage deal comes three years after Box launched its iPhone app and just days after Apple released their new iOS with iCloud included.
Box.net has made great strides in the cloud storage world of late, breaking onto the scene offering 50 GB of free storage to buyers of the HP TouchPad, the short-lived HP tablet; and free storage to users of HTC smartphones. Those moves have made Box.net a cloud storage, file sharing and content management sensation.
The company also recently added new syncing capabilities and security to its offerings, which it unveiled at its first-ever BoxWorks customer conference last month. Box also reportedly also recently deflected a potential acquisition from Citrix for an estimated $600 million and just weeks later announced raising $81 million in funding.
Social Engineers’ Latest Pick-up Lines
You may now be savvy enough to know that when a friend reaches out on Facebook and says they’ve been mugged in London and are in desperate need of cash, that it’s a scam. But social engineers, the criminals that pull off these kinds of ploys by trying to trick you, are one step ahead.
Social engineering attacks are getting more specific because targeted attacks are generating far better results.
What that means is the hackers may need to do more work to find out personal information, and it may take longer, but the payoff is often larger.
Today’s attacks are not just a broad spam effort, sending out a million emails with an offer for Viagra. These are now individual attacks where they are going after people one by one.
Here are five new scams circulating that involve greater individual information gathering tactics.
This is Microsoft support –we want to help
A new kind of attack is hitting many people lately. It starts with a phone call from someone claiming to be from Microsoft support, calling because an abnormal number of errors have been originating from your computer.
The person on the other end says they want to help fix it because there is a bug and they have been making calls to licensed Windows users. All this pretext makes sense; you are a licensed Windows user, you own a machine with Windows on it and the caller wants to help you.
The caller tells the victim to go to the event log and walks them through the steps to get to the system log.
Just about every Windows user will have a multitude of errors in the event log, simply because little things happen; a service crashes, something doesn’t start. There are always errors, but when a non-experienced user opens it up and sees all these so called “critical errors”, it looks very scary.
At that point, the victim is eagerly ready to do whatever the alleged “support” person wants them to do. The social engineer advises them to go to Teamviewer.com, a remote-access service that will give them control of the machine. Once the social engineer has access to the machine, they then install some type of rootkit or other piece of malware that will allow them to have continual access.
Donate to the hurricane recovery efforts!
Charitable contribution scams have been a problem for years. Any time there is a high-profile incident, such as the devastating earthquake in Haiti or the earthquake and tsunami in Japan, criminals quickly get into the game and launch fake contribution sites. The best way to avoid this is to go to a reputable organization, such as the Red Cross, and initiate the contact yourself if you want to donate. However, a particularly vile targeted social engineering ploy has cropped up recently that seeks specifically to target victims who may have lost loved ones in a disaster.
In this example, about 8-10 hours after the incident occurs, web sites pop up claiming to help find those who may have been lost in the disaster. They claim to have access to government data bases and rescue effort information. They typically don’t ask for financial information, but do require names, addresses and contact information, such as email and phone numbers.
While you’re waiting to hear back about the person you are seeking information on, you get a call from a charity. The person from the charity will often strike up a conversation and claim to be collecting contributions because they feel passionate about the cause as they have lost a family member in a disaster. Secretly, they know the victim they’ve contacted has lost someone, too, and this helps build up a camaraderie.
Touched by the caller, the victim then offers up a credit card number over the phone to donate to the alleged charity. Now they have your address, your name, relative’s name from the web site and also a credit card. It’s basically every piece of information they need to steal one’s identity.
About your job application…
Both job seekers and head-hunting organizations alike are being hit by social engineers who know they are looking for employment or seeking new employees.
In both instances, this is a dangerous scam. Whether you’re the person looking for work or the company posting new jobs, both parties are stating – I’m willing to accept email attachments and information from strangers.
According to a warning from the FBI, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware that resulted from a job posting.
The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company, the FBI alert reads. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses.
Malicious attachments have become such a problem that many organizations now require job seekers to fill out an online form, rather than accept resumes and cover letters as an attachment. And the threat for job seekers of receiving a malicious message from a social engineer is high, as well. Many people now used LinkedIn to broadcast that they’re looking for work, a quick way for a social engineer to know who is a potential target.
@Twitterguy, what do you think about what Obama said on #cybersecurity? http://shar.es/HNGAt ”
Social engineers are taking the time to regularly observe what people tweet about and using that information, launch attacks that seem more believable. One way this is happening is in the form of popular hashtags. In fact, earlier this month, the U.K. debut of the new season of Glee prompted social engineers to hijack the hashtag #gleeonsky for several hours. British Sky Broadcasting paid to use the hashtag to promote the new season, but spammers got ahold of it quickly and began embedding malicious links into tweets with the popular term.
These spammers can redirect you to any webpage they like once you have clicked on the link. It could be a phishing site designed to steal your Twitter credentials, it could be a fake pharmacy, it could be a porn site or it could be a website harboring malware.
Twitter mentions are another way to get someone’s attention. If the social engineer knows enough about what you’re interested in, all they have to do is tweet your handle and add some information in that makes the tweet seem legitimate. Say you’re the politically active type who is tweeting quite a bit about the GOP primary race lately. A tweet that mentions you, and points you to a link asking you what you think about Mitt Romney’s latest debate statements can appear perfectly legitimate. Once you’ve clicked through – they’ve got you!
Get more Twitter followers!
Be warned of services claiming to get Twitter users more followers. If you spend any time at all on twitter, you’ll see tweets all over that say something like: GET MORE FOLLOWERS MY BEST FRIENDS? I WILL FOLLOW YOU BACK IF YOU FOLLOW ME – [LINK] Clicking on the link takes the user to a web service that promises to get them many more new followers.
The pages ask you to enter your Twitter username and password. That request alone should instantly have you running for the hills – why should a third-party webpage require your Twitter credentials? What are the owners of these webpages planning to do with your username and password? Can they be trusted? Twitter itself even warns about these services on their help center information page.
Remember, when you give out your username and password to another site or application, you are giving control of your account to someone else,” the Twitter rules explain. “They may then post duplicated, spam, or malicious updates and links, send unwanted direct messages, aggressively follow, or violate other Twitter rules with your account. Some third-party applications have been implicated in spam behavior, fraud, the selling of usernames and passwords, and phishing. Play it safe – do not give your username and password out to any third-party application that you have not thoroughly researched.
These are just some common sense rules to follow. For more information visit the Department of Homeland Security Website and blog: http://blog.dhs.gov/2011/07/protect-yourself-against-social.html
The Entire Cloud Is Your Hard Drive For Only $10 Per Month
The cloud is now your hard drive. And not just a few dozen Gigabytes, Terabytes or even Petabytes, but all of it – infinite storage – for only $10 per month. That’s the incredible promise of the new TechCrunch Disrupt finalist Bitcasa.
The company is launching a new cloud storage, syncing and sharing service that blows away its competitors, including hard drive manufacturers and online services like DropBox and SkyDrive, with ease. In fact, beyond the pricing and limitless storage, the most disruptive thing about the service is its complete integration with your device. You don’t see it, it’s not an icon on your desktop, you don’t drag-and-drop files or folders into it. Instead, you write to the cloud when you save a file on your computer. The cloud is your hard drive, and your actual hard drive is just the cache.
The idea of using the cloud to store files or sync files between devices is not new. Dropbox, SkyDrive, Google Docs, Amazon and countless others have been offering online storage for some time. Plus, companies like Mozy and Carbonite use the cloud to back up your files. Other services, like Megaupload or YouSendIt revolve around sharing files through the cloud.
But Bitcasa is not like any of those services. It doesn’t move files around. It doesn’t sync files. It deals in bits and bytes, the 1′s and 0′s of digital data.
When you save a file, Bitcasa writes those 1′s and 0′s to its server-side infrastructure in the cloud. It doesn’t know anything about the file itself, really. It doesn’t see the file’s title or know its contents. It doesn’t know who wrote the file. And because the data is encrypted on the client side, Bitcasa doesn’t even know what it’s storing.
So if you want to cloud-enable your 80 GB collection of MP3′s or a terabyte of movies (acquired mainly through torrenting, naughty you!), go ahead. Even if the RIAA and MPAA came knocking on Bitcasa’s doors, subpoenas in hand, all Bitcasa would have is a collection of encrypted bits with no means to decrypt them.
If you’re still having a hard time wrapping your head around this idea, think of it like this: instead of relying on the fallible and limited hard drive in your computer (and soon, your smartphone), your data is stored on an array of thousands of hard drives and streamed to you on demand. And in order to deal with the “offline” problem, the files you use the most are intelligently cached on your computer, allowing you to work when the cloud goes down, which is rare, as well as when you don’t have an Internet connection, which is more common.
Sharing files via Bitcasa is simple too: just copy and paste a file’s or folder’s link (a URL, available on right-click) and send to someone via email, IM or some other service. They click the link to have the file delivered directly to their desktop.
And the pricing! How on earth is it so cheap?
That’s the easy part, actually. Explains Bitcasa CEO Tony Gauda, $10/month still gives the company good margins. The fact is, 60% of your data is duplicate. If you have an MP3 file, someone else probably has the same one, for example. Each person only tends to have around 25 GB of unique, personal data, he says. Using patented de-duplication algorithms, compression techniques and encryption, Bitcasa keeps costs down (way, way down, but that’s it’s secret sauce), which is what makes it so affordable. Bitcasa also explained that a freemium model is on its way with less-than-unlimited storage for free.
This service sounds almost too good to be true, leaving us with questions that need still need to be answered. Does it really work? Does it slow down your computer? Can it scale? The company is positive it’s ready, but we need to see it to believe it.
Bitcasa currently has 20 patents for its technology and plans to add more in the future. It will also offer mobile applications that run in the background to do on mobile what it does on the desktop today. And it will work on other features, like real-time video transcoding, so your movies can stream to any device, without any manual effort on your part. There are even more things in the works, too, but those are being kept tightly under wraps for now.
The Bitcasa founders include CEO Tony Gauda, Joel Andren and Kevin Blackham, whose combined work experience includes time spent at MasterCard, VeriSign, Classmates.com, Mozy and more. In total, Bitcasa has raised $1.3 million from Andreessen Horowitz, First Round Capital and Pelion Venture Partners.
Bitcasa will be free while in limited beta trials. Sign up for beta access here.
http://www.bitcasa.com/
Google to Buy Motorola Mobility for $12.5 Billion!
In a bid to strengthen its mobile business, Google announced on Monday that it would acquire Motorola Mobility Holdings, the cellphone business that was split from Motorola, for $40 a share in cash, or $12.5 billion.
The offer — by far Google’s largest ever for an acquisition — is 63 percent above the closing price of Motorola Mobility shares on Friday. Motorola manufactures phones that run on Google’s Android software.
Android has become an increasingly important platform for Google, as global smartphone adoption accelerates. The platform, launched in 2007, is now used in more than 150 million devices, with 39 manufacturers.
The acquisition would turn Google, which makes the Android mobile operating system, into a full-fledged cellphone manufacturer, in direct competition with Apple.
It appears that this is clearly a defensive deal, they were backed in a corner and they had to protect the Android platform. The deal answers a big question about Google’s next strategic step in wireless. Google has also been battling with Apple and Microsoft over patents.
Last month, Apple and Microsoft led a consortium of technology companies in a $4.5 billion purchase of roughly 6,000 patents from, now defunct, Nortel Networks, the Canadian telecommunications maker that filed for bankruptcy in 2008. Google, which lost out in the bidding, criticized the deal as an anticompetitive strategy. Several weeks later, Google acquired more than 1,000 patents from I.B.M.
Motorola holds more than 17,000 patents.
While the acquisition will move Google directly into the telecommunications hardware business, Larry Page, Google’s chief executive, said in a blog post that “this acquisition will not change our commitment to run Android as an open platform. Motorola will remain a licensee of Android and Android will remain open. We will run Motorola as a separate business.”
Still, the deal is certain to attract significant antitrust scrutiny. The Federal Trade Commission is already investigating Google’s dominance in several areas of its business. The company has agreed to pay a $2.5 billion reverse termination fee, if it walks away, and Motorola will pay a $375 million break-up fee if it takes another offer, according to a person close to the transaction, who was not authorized to speak.
In a conference call on Monday morning, Google said it was confident that it will be able to win regulatory approval, since the deal will ultimately improve competition in the smart phone market.
The acquisition of a major handset maker may still pose a significant challenge to the search giant, which has not specialized in manufacturing or marketing of smartphones. Last year, it closed down the online store for its first Google-branded phone, the Nexus One, citing the store’s underwhelming performance. A Motorola tie-up may also irk other phone manufacturers, like Samsung and HTC, which will now be competing directly with Google.
And while Google has made dozens of acquisitions in recent years, most of them have been for less than $1 billion — despite a current war chest of some $40 billion in cash. On the company’s official blog, Mr. Page said Google was purchasing the handset maker to bolster its Android mobile operating system and increase the number of patents it owned.
Android accounted for 43.4 percent of smartphone sales in the second quarter, according to Gartner Research, a major increase from the year ago period, when it made up about 17 percent of sales. The acquisition has been approved by both boards.
Carl C. Icahn, Motorola Mobility’s second-largest shareholder, had urged the company last month to “explore alternatives regarding its patent portfolio to enhance shareholder value.” Mr. Icahn owns 9.03 percent of Motorola Mobility. On Monday, he applauded the transaction, calling it “a great outcome for all shareholders of Motorola Mobility, especially in light of today’s markets. His 9.03 percent equates to over 33 million shares….. Monday was a VERY GOOD day for Mr. Icahn.
