By Robbie Forkish as written on techcrunch.com
It seems like a fair trade: Get your favorite mobile apps for free, be shown annoying ads in return.
But that’s not all you’re doing in return. In reality, this trade has you giving up a great deal of personal information. Mobile apps collect a massive amount of personal data — your location, your online history, your contacts, your schedule, your identity and more. And all that data is instantly shared with mobile advertising networks, which use it to determine the best ad for any given user at any given time and place.
So, the trade-off isn’t really ads for apps — it’s intrusive mobile surveillance for apps. By agreeing to free, ad-sponsored mobile apps, we’ve consented to an economic model that entails continuous and comprehensive personal surveillance. It’s what Al Gore accurately characterized as the stalker economy.
Why is our personal, locational and behavioral data so coveted by marketers? Because a smartphone is something that we as consumers carry everywhere we go, and it’s constantly broadcasting personal data of all kinds. If advertisers know who we are, where we are and what we’re doing, they can deliver more effective ads. It’s called proximity marketing. It’s the Rite Aid ad that pings your phone as you walk through the aisles: “Save 10% now on mouthwash.”
Sounds innocuous, if annoying. But it goes much further than this. We’ve now enabled a system where a major retailer can know, for example, that a teenager is pregnant before her parents do simply by correlating her activity, search and purchase data. That retailer can then reach out via mail or email, or target her via phone when she is near a point of sale. This intrusion on our collective privacy isn’t going away anytime soon (if ever), as the economic incentives for app developers and advertisers are too strong.
A compromised smartphone represents a threat not just to the targeted employee but to the entire company.
OK, agreed, this kind of consumer surveillance is intrusive and creepy. But how does it threaten enterprise security? Simple. As more personal mobile devices invade the business world, leaks from those devices are opening the door to corporate hacks, stolen business data and crippling cyberattacks.
For instance, if a company lets its employees sync their corporate calendars and email accounts to their personal mobile devices, this opens up all sorts of risks. Suddenly, employees’ phones contain or can access the contact information of everyone in the organization. Further, any other mobile app that requests access to the employees’ contacts and calendar also gets access to the names and titles of company employees, as well as the dial-in codes for all private conference calls. This information can easily be put to effective use in a spear-phishing attack by a malicious app or hacker.
Worse, many apps monetize their user bases by sharing data with ad networks that share and combine data with other networks, so it’s impossible to know where exactly data is going and whether it’s being handled in a secure fashion by any of the many parties that have access to it. All of this sharing means a malicious hacker doesn’t even have to directly access an employee’s phone to attack a company. He can hack an ad network that has information from millions of users and go from there.
Stolen information can also be used to attack an enterprise through a watering-hole attack. Say a small group of executives have lunch regularly at a local restaurant. An attacker with access to their geolocation data could easily know this. The attacker correctly assumes that some of the execs are accessing the restaurant’s website to make reservations and browse the menu before lunch. By placing malware on the lightly defended site, the attacker is able to compromise the office computer or mobile device of one or more company executives. From there, a successful breach is launched.
A compromised smartphone represents a threat not just to the targeted employee but to the entire company. Information about employees’ activities, both on the job and elsewhere, combined with any company-related emails, documents or sensitive information, can be devastating to an organization if it gets into the wrong hands.
So what should enterprises do to combat the threat?
The first step is to get visibility into your mobile environment. Your organization needs to know which apps employees are using, what those apps are doing and whether or not they comply with corporate security policies. For example, is there a particularly risky file-sharing app you don’t want employees to use? Is it already being used? If you don’t know the apps employees are using for work, you are flying blind and taking a huge risk.
It is imperative that your enterprise include mobile threat protection as part of its overall security strategy.
Second, you’ll need a policy for managing the use of mobile devices. Most organizations already have policies for other platforms, including managing firewalls and sharing data with partners. It’s equally important to create these policies for mobile. For instance, if employees are using free versions of apps that are approved by the company but ad-supported, create a policy that requires employees to upgrade to the paid version to minimize, if not eliminate, unsanctioned data in the form of ads being sent to employees — though it doesn’t eliminate the relentless collection of personal and private data.
Next, your organization should educate employees about the risks of the apps they download. It’s in your best interest to empower users by arming them with tools and training to make better decisions about which apps they download. For instance, coach your employees to question apps that ask for permission. There are lots of apps that want to access location, contacts or camera. Employees don’t have to say yes automatically. Most apps will work fine if the request is denied, and prompt users if a permission is actually needed. If an app does not say why it needs access, that’s a big red flag.
Finally, all of these areas can be addressed with a good mobile security solution. Any enterprise without a mobile threat protection solution is by definition unaware of what information is leaking and from where, and unable to address the risks that exist in its environment. It is therefore imperative that your enterprise include mobile threat protection as part of its overall security strategy in order to protect employee privacy and company data from the ever-growing threat of mobile surveillance and data gathering.
Mario arrives as Pokemon Go peaks, with declining downloads, falling revenue
By Sarah Perez as written on techcrunch.com
The phenomenal mobile hit Pokémon Go has peaked, just as the anticipated Nintendo title Super Mario Run hits the App Store, vying for mobile users’ attention and the chance to best Pokémon’s record-breaking numbers. According to new data from App Annie, Pokémon Go has seen declines in both downloads and revenue over the past several months, though it’s still highly ranked because of the massive size of its active user base.
Pokémon Go’s U.S. downloads fell from over 80 million in July 2016 to 1.5 million in November, the firm found in a new analysis of Pokémon Go data. The figures indicate the app is nearing market saturation, as November accounted for only 5 percent of all U.S. downloads for the game since its U.S. debut. (Or, in other words, most of the people who want to play the game, already have it installed.)
Despite the drop, the game was decently ranked at #16 in the U.S. in November, in a ranking of all iOS and Google Play Games downloads combined. For comparison’s sake, however, it was #1 in July.
More importantly, perhaps, is the fact that Pokémon Go’s active users are declining, which, in turn has affected how much revenue the game is pulling in.
Though it still has a sizable audience with 23 million mobile active users in the U.S., that’s down by a little less than a third from July to November. In July, the game saw 66 million monthly actives playing, said App Annie.
When the game launched, U.S. users were spending an hour each day in the game, and now that’s down to 45 minutes per day.
In addition, Pokémon Go has seen its U.S. revenue drop from $125 million in July down to over $15 million in November. This saw it fall from #1 on the combined iOS and Android Games revenue chart to #6 during the same time frame.
The game has tried to juice its declining numbers through special events, like the one it held during Halloween which helped it bring in more revenue than the week prior. App Annie found that the week boosted U.S. revenue by 170% over the previous week, thanks to this event.
It also tried to get players to return with daily bonuses introduced last month. But neither of these initiatives were enough to bring Pokémon Go back to its earlier record numbers.
Of course, earnings and engagement like what Pokémon Go continues to see are something other mobile developers would kill to have. And U.S.-only stats only tell part of the story. But these new figures can help to illustrate where this massive mobile hit may end up leveling off, now that all the hype is winding down. (Expect the Mario hype to take over going forward!)
Pokémon maker Niantic Labs has prepared for the game’s slowing traction, though, and has been moving to monetize the app through other means. This includes the sponsorship deals with businesses like McDonald’s in Japan, Sprint, and most recently, Starbucks.
“It’s not surprising to see Pokemon Go’s performance peaked after it’s exceptional, record-breaking launch,” notes App Annie SVP of Research, Danielle Levitas. “The heart of the story, however, is that the game’s 23 million monthly active users [U.S.] in November was more than 50% greater than the #2 most popular game,” she adds.
If that’s what Pokémon Go’s peak looks like, it’s not a bad place to be.
[vc_row][vc_column][vc_column_text]
By Jordan Crook as written on techcrunch.com
If you’re still playing Pokemon Go, then you’ve likely invested enough time and energy to care about this DIY Pokemon Go helmet.
Before we go any further, this video is obviously for fun and isn’t available for sale — worth mentioning since I’m sure more than a few people actually got excited about this.
YouTuber (and self-proclaimed Queen of Shitty Robots) Simone Giertz created this video for some giggles, first spotted by the folks at Kotaku.
Hopefully this brings a giggle to your Monday routine.
[/vc_column_text][grve_video video_link="https://youtu.be/Izcw10e9vPU"][vc_column_text]
And for what it’s worth, Giertz isn’t the only one still riding that Pokemon Go wave. Niantic, makers of the game, have seen more than $250 million in revenue since the game launched earlier this summer.
[/vc_column_text][/vc_column][/vc_row]
[vc_row][vc_column][vc_column_text]
Recently confirmed Myspace hack could be the largest yet
By Sarah Perez as written on techcrunch.com
You might not have thought of – much less visited – Myspace in years. (Yes, it’s still around. Time, Inc. acquired it and other properties when it bought Viant earlier this year.) But user data never really dies, unfortunately. For Myspace’s new owner, that’s bad news, as the company confirmed just ahead of the Memorial Day holiday weekend in the U.S., that it has been alerted to a large set of stolen Myspace username and password combinations being made available for sale in an online hacker forum.
The data is several years old, however. It appears to be limited to a portion of the overall user base from the old Myspace platform prior to June 11, 2013, at which point the site was relaunched with added security.
Time, Inc. didn’t confirm how many user accounts were included in this data set, but a report from LeakedSource.com says that there are over 360 million accounts involved. Each record contains an email address, a password, and in some cases, a second password. As some accounts have multiple passwords, that means there are over 427 million total passwords available for sale.
Despite the fact that this data breach dates back several years, the size of the data set in question makes it notable. Security researchers at Sophos say that this could be the largest data breach of all time, easily topping the whopping 117 million LinkedIn emails and passwords that recently surfaced online from a 2012 hack.
That estimation seems to hold up – while there are a number of other large-scale data breaches, even some of the biggest were not of this size. The U.S. voter database breach included 191 million records, Anthem’s was 80 million, eBay was 145 million, Target was 70 million, Experian 200 million, Heartland 130 million, and so on.
The issue with these older data breaches is that they’re from an era where security measures were not as strong as today. That means these passwords are easily cracked. LeakedSource notes that the top 50 passwords from those cracked account for over 6 million passwords – or 1.5 percent of the total, to give you a sense of scale.
The passwords were stored as unsalted SHA-1 hashes, as LinkedIn’s were, too.
That allowed Time, Inc. to date the data breach to some extent, as the site was relaunched in June 2013 with strengthened account security, including double-salted hashes to store passwords. It also confirmed that the breach has no effect on any of its other systems, subscriber information, or other media properties, nor did the leaked data include any financial information.
Myspace is notifying users and has already invalidated the passwords of known affected accounts.
The company is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts, it says.
“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” said Myspace’s CFO Jeff Bairstow, in a statement. “Our information security and privacy teams are doing everything we can to support the Myspace team.”
However, while the hack itself and the resulting data set may be old, there could still be repercussions. Because so many online users simply reuse their same passwords on multiple sites, a hacker who is able to associate a given username or email with a password could crack users’ current accounts on other sites.
Of course, it’s not likely users even remember what password they used on Myspace years ago, which makes protecting your current accounts more difficult. A better option is to always use more complicated passwords, reset them periodically, and take advantage of password management tools like Dashlane or LastPass to help you keep track of your logins.
Myspace also confirmed that the hack is being attributed to the Russian cyberhacker who goes by the name “Peace.” This is the same person responsible for the LinkedIn and Tumblr attacks, too. In Tumblr’s case, some 65 million plus accounts were affected. But these passwords were “salted,” meaning they are harder to crack.
Myspace is working with law enforcement as this case is still under investigation, the company says.
[/vc_column_text][/vc_column][/vc_row]
All the facts worth knowing about IT leaders' tech budgets, spending plans, hiring priorities and strategic initiatives for 2016.
As Written by: Computerworld Staff and Contributors on computerworld.com
Ready, set, disrupt!
If an overarching conclusion can be drawn from the results of Computerworld's Forecast survey of 182 IT professionals, it's that 2016 is shaping up to be the year of IT as a change agent.
IT is poised to move fully to the center of the business in 2016, as digital transformation becomes a top strategic priority. CIOs and their tech organizations are well positioned to drive that change, thanks to IT budget growth, head count increases and a pronounced shift toward strategic spending.
Amid the breakneck pace of change in technology and business alike, where should you direct your focus in the new year?
Read on for key highlights and data points on budgeting, hiring, business priorities and disruptive technologies that promise to define the IT landscape in 2016.
IT budgets on the rise...again
As companies continue to rely upon technology to help differentiate themselves in the marketplace, tech budgets remain on an upward trajectory.
Almost one half (46%) of respondents to the Forecast 2016 survey indicated that their technology spending will increase in 2016, on average by 14.7%. (By comparison, last year 43% said spending would increase, on average by 13.1%.)
Close to an equal number (42%) reported that their technology spending will remain the same, with only 12% anticipating a decrease in IT budgets.
Security, cloud computing are top areas for investing
With security concerns top-of-mind for IT professionals as they gear up for 2016, it's no surprise that exactly half of respondents chose security as the top area where their companies plan to increase spending.
Cloud computing came in a close second, and the top area where organizations plan to decrease spending is on-premises software -- both of which indicate that companies' journey to the cloud will continue in 2016.
IoT tops new areas of spending for 2016
After several years of languishing in the tech hype cycle, the Internet of Things finally looks to be commanding tech execs' attention, with 29% of respondents identifying it as a new area of spending for 2016.
Green IT, which likewise had been back-burnered at many organizations, popped up on respondents' radars as well, with 16% saying energy-saving technologies will be a new spend for them in the year ahead.
IT pros' No. 1 challenge: Budgeting
As they do every year, budget constraints top the list of leadership challenges identified by survey respondents.
Security came in second among IT pros' concerns after a year of ever bigger and more serious corporate hacks.
Sam Redden, chief security officer at Brazos Higher Education Service, a Waco, Texas-based student loan servicing company, sums up the feelings of many IT leaders when he says, "I wouldn't be foolish enough to say I stay ahead of the bad guys. The bad guys stay ahead of everybody."
Dueling goals for IT in 2016
Survey respondents' goals for their most important tech projects betray the bimodal nature of the modern IT department.
Tech leaders say they're striving to maintain or improve service levels, long one of IT's core responsibilities. At the same time, they're seeking to generate new revenue streams or increase existing ones, a new responsibility in most evolving technology departments.
"As technology becomes an integral part of every aspect of business and the way we interact with customers, it's raising the profile of the IT group and forcing IT to think about more than just keeping the lights on," says David Cearley, a fellow at Gartner. "We are seeing greater alignment as IT steps up to drive digital business.
A piecemeal journey to the cloud
Heading into 2016, cloud computing shows no signs of slowing down, as tech leaders indicate that spending and new cloud initiatives remain on the upswing.
In terms of where organizations are in their cloud transition, 29% of survey respondents confirmed they had already moved some enterprise applications to the cloud, with more to come, while 7% said they're in the process of migrating mission-critical systems to a cloud environment.
Interestingly, a full 20% of respondents are bucking the trend entirely, reporting they're not moving to the cloud at all.
IT staffs to increase in 2016
As budgets rise and projects abound, many firms are looking to increase IT head count. Some 37% of survey respondents said they're planning to increase staff levels, up from 24% last year.
In keeping with IT's new role as an organizational agent of change, 42% of survey respondents with hiring plans are in search of people with combined tech and business backgrounds that will allow them to articulate the value of IT in meeting business goals.
Architecture, app dev among most wanted skills
The list of most in-demand IT skills starts off with a surprise. Although IT architecture is a fundamental area of expertise for techies at all levels and in various roles, it rarely makes anyone's list of hot skills.
The term "IT architect" encompasses a wide range of specialists, from enterprise architects to cloud architects, so recruiters say it makes sense that IT architecture expertise is in demand as companies move forward with all sorts of technology-driven projects.
Beyond that, application development, project management, big data, BI, help desk and cloud all remain high on hiring managers' lists as IT gears up for the year ahead.
(Download and save or print a free PDFof Computerworld's top tech skills for 2016.)
John Reed, senior executive director of IT staffing firm Robert Half Technology, says those hiring managers could be facing a challenge. "The IT market has been really strong, and we're expecting it will stay that way for the foreseeable future," he says. "I don't think you'll see explosive growth, but you'll see single-digit growth in demand, consistent with what we've seen over the past few years."
Security, BI talent expected to be scarce
With all eyes on security in the coming year, it's little surprise that survey respondents expect to have a difficult time hiring technologists with that expertise.
According to Robert Half Technology's 2016 Salary Guide, salaries in the security field will rise about 5% to 7% next year, ranging from $100,000 on up to nearly $200,000 on average.
Disruptive technologies 3 - 5 years out
When asked what technologies are likely to have an impact in the next three to five years, survey respondents chose cloud computing/software-as-a-service by a wide margin, followed by self-service IT, predictive analytics, the Internet of Things and unified communications.
The cloud will continue to reshape enterprise IT, according to research firm IDC, which predicts that more than half of enterprise IT infrastructure and software investments will be cloud-based by 2018. Specifically, spending on public cloud services will grow to more than $127 billion by 2018, according to an IDC forecast report.
Kicking the tires on new technologies
All manner of virtualization and "as-a-service" options topped survey respondents' lists of technologies being piloted or beta tested at their organizations, with BI/analytics, cloud computing and mobile/wireless rounding out the top five.
"Virtualization 2.0" is of particular interest to survey respondents, as companies move beyond the first steps of server virtualization to explore virtualized desktop, storage, mobile and network options.
2016 is IoT's year to shine
In 2016, the Internet of Things (IoT) will no longer be the stuff of science fiction, but rather a near-future reality for IT organizations across many industries, observers say.
In Computerworld's Forecast 2016 survey, 29% of the respondents identified IoT initiatives -- and related machine-to-machine and telematics projects -- as new areas of spending for the year ahead. In comparison, just 12% of those polled last year said IoT work would be a new IT expenditure in 2015.
Likewise, the percentage of respondents who said they planned to launch IoT projects over the next 12 months rose from 15% last year to 21% this year. Additionally, 14% of this year's respondents said they plan to beta-test IoT technologies, up from 7% last year.
Wearables in the enterprise? Not so much
While consumer-oriented wearable devices like Google Glass and the Apple Watch launched to great fanfare, the reality is that enterprises aren't ready to make practical use of wearable systems, at least for the foreseeable future.
Wearable technology was last on the Forecast 2016 list of systems currently being assessed in beta tests and pilot projects, with only 4% of respondents saying they had projects underway involving wearables.
Furthermore, 78% said they were not currently working on wearable apps or anticipating the need to support wearables in the near future. And only 8% of those polled said wearables would play a role in their business or technology operations, while just 12% indicated that they were adjusting their mobile device management strategies to include wearables.
US researchers have created a robot that can use its body shape to move through a densely cluttered environment. The team from the University of California Berkeley based the robot on the humble cockroach and hope their design could be used to inspire future robot designs for use in monitoring the environment and search and rescue operations.
The Berkeley team, led by postdoctoral researcher Chen Li, designed the shell so it could perform a roll maneuver to slip through gaps between grass-like vertical beam obstacles without the need for additional sensors or motors.
The initial test results of the robot's performance are published in IOP Publishing's journal Bioinspiration & Biomimetics, released Tuesday.
Other terrestrial robots have been developed with the ability to avoid obstacles, but few have been designed to traverse them.
Researchers used high-speed cameras to study the movement of Blaberus discoidalis, otherwise known as the discoid cockroach, through an artificial obstacle course containing grass-like vertical beams with small spacing. Living on the floor of tropical rainforests, the Blaberus encounters a wide variety of cluttered obstacles, such as blades of grass, shrubs, leaf litter, tree trunks, and fungi.
After examining the cockroaches the researchers tested their small, rectangular, six-legged robot and observed whether it was able to traverse a similar obstacle course. They found that with a rectangular body the robot could not often traverse the grass-like beams and frequently collided with the obstacles, regularly becoming stuck.
When the robot was fitted with the streamlined shell it was much more likely to successfully move through the obstacle course using a similar roll maneuver to the cockroaches. This adaptive behavior came about with no change to the robot programming, showing that the behavior came from the shell itself.
According to Li, "our next steps will be to study a diversity of terrain and animal shapes to discover more terradynamic shapes, and even morphing shapes. These new concepts will enable terrestrial robots to go through various cluttered environments with minimal sensors and simple controls."
