WebProNews

Category: DatabaseProNews

DatabaseProNews

  • Microsoft is Reportedly on the Verge of Acquiring Github

    Microsoft is Reportedly on the Verge of Acquiring Github

    Microsoft is reportedly in acquisition talks with GitHub, according to sources privy to the matter. Based on the Bloomberg report, the deal to purchase one of the biggest code repository companies will be announced as early as Monday.

    Founded in 2008, GitHub was a popular hosting site of codes, projects, and documentation for several developers and companies. It is the commonly used platform for open-source software projects, boasting of more than 20 million developers working across 67 million repositories in 2017. GitHub has come a long way from having just 2,000 users when it first started 10 years ago.

    Back then, Microsoft disparaged open-source programs built on GitHub because of its proprietary software in the market. Open-source software allows developers to play around, improve, and share codes, making it a threat to Microsoft applications. Over time, the software giant became more receptive to the idea, launching its own open-source community over a decade ago and shifting its bigger projects on GitHub in 2015.

    These days, Microsoft is the top contributor to the site, while other big tech companies like Google, Amazon, and Apple also use GitHub. Microsoft’s seismic move to open-source technology, as well as cloud computing, began when CEO Satya Nadella took over the top post in 2014. Since then, the company has been pushing for ways to support Linux as it veers away from depending on the Windows operating system.

    It’s likely that Nadella’s vision has impressed GitHub, opting to sell instead of going public. Although the terms of the deal remain under wraps, GitHub was reportedly valued at $2 billion in 2015. This was lower than its $5 billion asking price when acquisition talks were discussed previously, say sources familiar with the deal.  

     GitHub is viewed by many as the de-facto source code platform where developers can connect and collaborate. However,  it suffers from a few operational problems such as monetizing its products and turnover in its executive ranks. One of the company’s co-founders, Chris Wanstrath, stepped down as its CEO in August 2017. Since then, there has been no replacement while Chief Business Officer Julio Avalos handles daily leadership in the interim.          

    GitHub posted losses of about $66 million for three quarters in 2016 but reported revenue of $98 million during the same year, according to Bloomberg. However, its annual revenue doubled to $200 million in 2017, driven mainly by its paying corporate accounts. The company began offering GitHub Enterprise, a paid option for corporations with additional features and services, such as 24/7 support, dynamic hosting alternatives, and private workspaces, among others.

    With GitHub’s push for more corporate clients, investors anticipate an initial public offering in the future. The company seems to benefit significantly from selling out instead of going public, particularly since Microsoft appears eager to snap up the platform based on their intermittent talks over the years.

  • Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability

    Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability

    Google Chrome and Mozilla Firefox might have inadvertently leaked the Facebook usernames, profile pictures and even the likes of their users because of a side-channel vulnerability.

    A side-channel vulnerability was discovered in a CSS3 feature dubbed the “mix-blend-mode.” This allowed a hacker to discover the identity of a Facebook account holder using Chrome or Firefox by getting them to visit a specially-designed website.

    This critical flaw was discovered in 2017 by security researchers Dario Weißer and Ruslan Habalov and also by independent researcher Max May.

    The researchers created a proof-of-concept (POC) exploit to show how the vulnerability could be misused. Weißer and Habalov’s concept showed how they were able to visually harvest data like username, profile picture, and “like” status of a user. What’s more, this insidious hack could be accomplished in the background when the user visits a malicious website.

    The visual leak could happen on sites using iFrames that connect to Facebook in via login buttons and social plugins. Due to a security feature called the “same-origin policy,” sites can’t directly access iFrame content. But the researchers were able to get the information by developing an overlay on the cross-origin iFrame in order to work with the underlying pixels.

    It took Habalov and Weißer’s POC about 20 seconds to get the username and about five minutes to create a vague copy of the profile picture. The program also took about 500 milliseconds to check the “like” status. Keep in mind, however, that for this vulnerability to work, the user should be logged into their Facebook account.

    Habalov and Weißer privately notified both Google and Mozilla and steps were taken to contain the threat. Google was able to fix the flaw on their end when version 63 was released last December. On Firefox’s end, a patch was made available 14 days ago with the release of the browser’s version 60. The delay was due to the researchers’ late disclosure of their findings to Mozilla.

    IE and Edge browsers weren’t exposed to the side-channel exploit as they don’t support the needed feature. Safari was also safe from the flaw.

    [Featured image via Pixabay]

  • AWS Announces General Availability of Amazon Neptune

    AWS Announces General Availability of Amazon Neptune

    Amazon Web Services (AWS)  rolled out its graph database service in a number of egions including US East (N. Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) on Wednesday. Called “Amazon Neptune,” it is one of several offerings introduced during the company’s annual developer event last November.

    Database technology may be a debatable segment of enterprise tech, but for Amazon, it is essential in managing increasingly large data groups across various industries. Graph databases like AWS’s Neptune are designed to analyze and create relationships rapidly between different sets of data. Rather than building several queries to obtain information, a graph database simplifies the operation by using structures like nodes and edges to store related data.

    Raju Gulabani, AWS vice president for Databases, Analytics, and Machine Learning, highlighted Neptune’s ease of use and functionality. “We are delighted to give customers a high-performance graph database service that enables developers to query billions of relationships in milliseconds using standard APIs, making it easy to build and run applications that work with highly connected data sets,” he said.

    Built to recover from database failures in less than 30 seconds, Neptune is also touted for its flexibility. It has support for graph application programming interface (API) like TinkerPop Gremlin and SPARQL, making the fully managed service compatible with numerous applications. Graph databases are useful in social networking, fraud detection, life sciences, knowledge graphs, and network security, among others tasks. To date, Neptune has many high-profile users, namely, Intuit, Pearson, Blackfynn, and Amazon’s own Alexa team.

    Amazon Alexa director David Hardcastle pointed out that they use Amazon Neptune to expand the virtual assistant’s knowledge graph of its customers and create associations with data sets. With a well-built knowledge graph, users can discover related information based on their previous and current interests. In turn, this gives a better shopping experience for the customers.

    Despite its general availability status, Neptune will only be available online and in other regions in the coming months.

  • Facebook Improves Admin Tools for Groups, Introduces Enterprise Collaboration

    Facebook Improves Admin Tools for Groups, Introduces Enterprise Collaboration

    Facebook has launched several updates for its Groups to help admins manage them efficiently and keep communities safe. The rollout of new tools, controls, and additional features are in line with the company’s focus on creating engagement in various communities on the site.

    With more than a billion members across millions of active groups, Facebook is putting in an effort to help community managers handle nearly every activity each day. That’s why admins will now have a dedicated customer support service to handle queries and reported issues. And with more people on board, Facebook intends to give quick feedback as well. For now, the free service is only available to selected group admins on iOS and Android in English and Spanish but will continue its rollout in the coming weeks.  

    Another tool that will benefit group admins is the launching of an online educational resource. The live site contains short tutorials, product demos, and actual case studies drawn from the experience of fellow admins. Done in audio and video formats, content on the learning portal aims to give a better understanding of how Facebook and Groups work.

    As Facebook promises to build resources according to its users’ needs, the company has introduced two admin tools. One new feature will allow community admins and moderators to inform members of their rule violations that merited removal of the post. Admins and moderators can even add comments in the activity log when a post is taken down.

    Another update is allowing admins and moderators to choose certain Facebook users, otherwise called pre-approved members. Whenever they post, their content will no longer require approval since they are tagged as trusted members. This means less moderation of content for managers and more time in connecting with others.

    Apart from creating communities, Facebook wants to bring social networking to the workplace as well. Called Workplace by Facebook, the collaboration tool is one of the many available in the market now. It faces stiff competition from Slack, Atlassian’s Stride, and Microsoft’s Team, but none of them have a userbase that comes close to Facebook’s over two billion.

    Facebook is banking on its partnership with identity management developer Okta to bring in more business accounts and convince larger companies that Workplace is an enterprise app. With the proposed integration, employees can securely sign in Okta and gain easy access to Workplace and other cloud apps.   

  • Google Upgrades Its Paid Storage Plans with More Options

    Google Upgrades Its Paid Storage Plans with More Options

    On Monday, Google announced updates to its paid storage plans under Google Drive. Called Google One, customers will have access to expanded storage at lower price points, plus a bevy of other benefits.

    With Google One, consumers can get 100GB and 200 GB of storage for monthly fees of $1.99 and $2.99, respectively. The 2TB plan was priced at $19.99 previously but will now cost $9.99 a month after the 1TB plan gets discontinued. And for heavy users, the rates for 10TB, 20TB, and 30TB will remain unchanged.

    But, why the need for increased storage? Google pointed that users nowadays have more mobile devices, shoot more 4K videos, and take high-resolution photographs, requiring more storage and easier sharing of files online.

    Following public clamor, paid consumers can now share their storage limit with up to five family members. Each will have their own private storage space, aside from the extra benefits that come with Google One. Users, even with the basic storage account, will have ‘one-tap’ access to round-the-clock support with live experts onboard, and not just AI-powered chatbots to answer queries.     

    Google promises to add more benefits to its available plans, but for now, users can look forward to credits on Google Play, discounts on select hotels discovered in Google Search, or premium rates on other services. After all, the tech giant noticed that people with paid storage plans are often heavy users of Google products.

    Despite the exciting announcement, rollout will happen gradually over the next few months so users should look out for email confirmation regarding the update. Existing storage plans in the US will be upgraded to Google One first before they are made available worldwide. The tech giant revealed that it will launch an Android app to help users in managing their accounts, and not their files.

    On the other hand, Google assured that G Suite business customers will not be affected by the upgrade. The free 15GB storage quota under Google Drive will also remain available to all accounts.  

    Google’s latest storage plans will most likely be extended to include other services and packaged under a single subscription offering. It will be poised to compete with OneDrive, a subscription worth $99.99 annually or $9.99 monthly through the Microsoft Store. Similar to Google One, it has 1TB storage quota that can be shared with five users. There are, however, no options to modify storage space or plans for over 1TB. The subscription comes with access to Office suite apps, such as Word, Excel, and PowerPoint, as well as a monthly allocation of 60 minutes of Skype calls per user.

  • Google’s Web Store Spreads Malware Again, 100,000 Users Infected By Malicious Chrome Extensions

    Google’s Web Store Spreads Malware Again, 100,000 Users Infected By Malicious Chrome Extensions

    Security firm Radware has uncovered malicious extensions believed to infect more than 100,000 Google Chrome users. According to a report released on Thursday, malware was discovered in the browser’s official Web Store.

    Using machine-learning algorithms, Radware was able to pinpoint a zero-day malware threat to one of its clients. These malicious extensions spread via links sent over Facebook, pilfering login credentials, mining cryptocurrencies, and engaging in click fraud, among others.

    Cybercriminals involved with the latest malware campaign were said to have been active since March 2018. Since that time, they infected 100,000 users worldwide, the company said in its blog post. Called “Nigelthorn”— a name derived from the Nigelify application, the malware redirects victims to a fake Youtube page and prompts them to install a Chrome extension to play the video. Once installed, these computers become part of the botnet as harmful JavaScript download additional code from the command center. The infection process continues when the victim’s Facebook contacts click on the sent malicious link.

    Image via Radware Blog

    To bypass Google’s extension validation checks, attackers modified copies of legitimate extensions and added malicious script inside. Thanks to Google’s security algorithms, seven of these extensions were removed right after their discovery, including Nigelify, PwnerLike, Alt-j, Fix-case, Divinity 2 Original Sin: Wiki Skill Popup, keeprivate, and iHabno. Radware emphasized that the malware only infected Chrome users on Windows and Linux so other browsers are unaffected by the attack.

    Radware pointed out that the malware went undetected despite tight security over the network. The firm also warned that attackers might identify other ways to bypass security controls with mutated malware disguised as browser plug-ins. And it seemed that bad Chrome extensions are one of Google’s weak spots.  

    Meanwhile, Trend Micro has identified the return of FacexWorm, a malicious extension that propagates via socially engineered links on Facebook Messenger similar to Digmine. Apart from stealing credentials, FacexWorm redirects potential victims to cryptocurrency scams and referral links of attackers, installs bad mining codes, and takes over transactions on trading platforms and in web wallets. It was first spotted in August of last year but resurfaced recently in certain countries.

    In January, analytics firm ICEBRG identified four extensions that were likely used in a click-fraud scam to generate revenue. These were removed from the Web Store once discovered, but not after infecting 500,000 Chrome users.

    Despite being regarded as one of the safest browsers, Chrome is far from being invulnerable. Attackers continue to work around security protocols through third-party extensions loaded with malicious codes. Chrome users should verify an extension before installing it. That, or just stay away from third-party providers, even if they’ve been vetted by Google’s stringent security process.

    [Featured image via Pixabay]

  • Firefox Moves Closer to Password-Free Browsers

    Firefox Moves Closer to Password-Free Browsers

    On Wednesday, Mozilla released its Firefox 60 browser, moving a step closer to password-free login for several websites. Equipped with WebAuthn, this new standard in authentication technology does away with several passwords to reduce phishing attacks.

    The World Wide Web Consortium (W3C) and FIDO Alliance jointly developed WebAuthn, which has been years in the making. It is a secure login standard that relies on physical authentication devices, such as biometrics and USB tokens, instead of passwords to grant website access. That’s because reliance on passwords has been identified as one of the “weakest links” in web security.

    Passwords have been the de facto method of logging in anywhere on the Internet. However, it gets problematic when login credentials are re-used on multiple websites. And even with combinations of characters, uppercase and numbers, passwords often do not provide sufficient cybersecurity. Using phishing scams, criminals have resorted to creating fake websites to weasel out login details and personal information from unsuspecting users.

    Tech experts pointed out that passwords will still be relevant, and a post-password future is still far from happening. Fortunately, WebAuthn is a nudge towards making sites more secure and resistant to data breaches and password theft.

    Physical authentication keys are nothing new as numerous tech firms with the need for tight cybersecurity already have their own drivers in place. The type of authentication is currently implemented on Google and Facebook and allows easy login through a YubiKey token. As an open-source code with commonly available libraries, WebAuthn lets other developers implement password-free logins across the web.   

    Although Mozilla is the first to come out with the WebAuthn support, Google and Microsoft will add the function to their updated flagship browsers in the coming months. The move is expected to be an improvement to web authentication, compared to prior attempts. Moreover, WebAuthn is capable of supporting older authentication hardware so early adopters don’t have to go back to square one.

  • Microsoft and Red Hat Team Up to Offer OpenShift on Azure

    Microsoft and Red Hat Team Up to Offer OpenShift on Azure

    Microsoft and Red Hat have announced their collaboration in offering the first jointly managed OpenShift on Azure, the former’s public cloud. At the Red Hat Summit that opened on Tuesday, the teamup will allow enterprise developers to run container-based applications across on-premises and public clouds.

    Red Hat OpenShift, the company’s Kubernetes container application platform, has been identified as the industry’s most comprehensive solution. With its availability on Azure, container management will become easier since it will be a fully managed service by Microsoft and Red Hat.

    So, how does container application platform works? Runtime components, such as files, environment variables, and libraries needed in executing an application, are distributed into so-called containers. They use fewer resources since app containers can share with the host’s operating system in order to run, unlike virtual machines that have their own OS.

    Red Hat president Paul Cormier pointed out that several organizations often have a mixture of on-premises and public cloud footprint for their IT operations. Its partnership with Microsoft gives customers the opportunity to tap into an innovative hybrid cloud platform without making major adjustments in their existing operations.

    During the summit, Burr Sutter of Red Hat demonstrated how users can load-balance across a hybrid cloud comprised of an on-site rack, Azure in Texas, and Amazon Web Services in Ohio. He showed that the task could be done automatically and in real time using Kubernetes.

    As more companies turn to containerized applications as part of the digital transformation, the demand for managed services around containers is also increasing, observed Red Hat vice president Mike Ferris. Red Hat OpenShift on Azure gives enterprises the flexibility to move workloads around and across on- and off-premises, such as the public cloud. Moreover, OpenShift customers no longer need to manage Kubernetes themselves – a strategy that Microsoft has been nudging on.

    Other advantages of the collaboration to developers include faster connections with enhanced security under hybrid networking, and access to managed services like Azure Cosmos DB, Azure Machine Learning, and Azure SQL DB. Thanks to available extensive technology platforms, OpenShift customers can now build cloud-native apps and update existing ones. There will be an overarching support for containerized applications, operating systems, infrastructure, and orchestrator.

    “Microsoft and Red Hat are aligned in our vision to deliver simplicity, choice, and flexibility to enterprise developers building cloud-native applications,” said Scott Guthrie, Microsoft’s executive vice president for cloud and enterprise. “Today, we’re combining both companies’ leadership in Kubernetes, hybrid cloud, and enterprise operating systems to simplify the complex process of container management, with an industry-first solution on Azure.”

    The rollout of the collaboration will happen in two phases, with support for the OpenShift Container Platform and Red Hat Enterprise Linux on Azure. Meanwhile, the jointly developed and managed Red Hat OpenShift on Azure is slated for preview in the coming months.

  • Publishers Express Discontent Over Google’s GDPR Plan

    Publishers Express Discontent Over Google’s GDPR Plan

    A group of international publishers is dissatisfied over Google’s compliance strategy for the General Data Protection Regulation (GDPR) privacy rules. Set to take effect on May 25, the rules require companies to gain explicit consent for personal data collection and use for ad targeting.

    The trade groups, namely, Digital Content Next, European Publishers Council, News Media Alliance, and News Media Association, published an open letter addressed to Google CEO Sundar Pichai on April 30. In it, they criticized the tech giant for passing on an unreasonable burden to them in exchange for continued access to its advertising services.

    Google outlined its consent plan on its AdWords blog in late March. However, the publishers protested that the plan was revealed too late and encumbered them with the bulk of the compliance responsibilities. As publishers using Google ad services, they have to obtain consent directly from EU users. They expressed their discontent in the open letter:

    “As the major provider of digital advertising services to publishers, we find it especially troubling that you would wait until the last minute before the GDPR comes into force to announce these terms, as publishers have now little time to assess the legality or fairness of your proposal and how best to consider its impact on their own GDPR compliance plans, which have been underway for a long time.” 

    Under the new privacy framework, there are stricter consent requirements for processing personal data collected from EU users. It protects the rights of EU citizens regarding how their data can be used. The law will also impose hefty fines and significant legal liabilities for noncompliance or mishandling of user data, which will likely fall on the publishers’ shoulders.

    However, the groups pointed out that Google’s singular approach in ensuring compliance from its publishers and advertisers is inaccurate. They added that it only protects Google’s existing business model, given its dominance in online advertising.

    According to the group, Google wants to identify itself as a data controller and asks publishers to share their gathered data. For its other ad services like Google Analytics, the company considers itself a data processor but with extensive rights over gathered information.

    The publishers underscored the lack of transparency under the compliance plan. They are wary of Google’s reluctance to provide specific information about its planned use of data, a must in obtaining legal consent under GDPR.

    But Google pointed out that it will only use the data for testing algorithms, enhancing user experiences, and improving the accuracy of its ad forecasting system.  Google clarified in a statement:

    “Because we make decisions on data processing to help publishers optimize ad revenue, we will operate as a controller across our publisher products in line with GDPR requirements, but this designation does not give us any additional rights to their data.”

    The tech giant also added that the draft on guidance consent was released in December and continues to be revised, prompting Google to put out the new ad policy only this year.

  • 5 Slackbots to Improve Your Business Operations in 2018

    5 Slackbots to Improve Your Business Operations in 2018

    Slack has become one of the most widely used team collaboration tools on the market due in large part to its flexibility. More than just a messaging platform, Slack offers a variety of customizable tools and apps to its over six million daily active users, two million of which are paid.  Among the tools that make Slack flexible and easy to use are chatbots.

    Called Slackbots, these chatbot assistants are integrated into Slack conversations. And contrary to what their name suggests, these bots do not slack off. They are designed to sort through messages, monitor assigned tasks, track performance, and even integrate with your email to monitor urgent correspondence, all within the platform. Virtual assistants like Slackbots efficiently handle tedious and time-consuming work, allowing you and your team to focus more on revenue-generating activities.

    Whether it’s for productivity, marketing or anything else, there is a Slackbot for just about every business need. Here are some that can make a difference in your daily operations in 2018.  

    1. BusyBot

    Related image

    Busybot is a productivity-focused Slackbot that manages tasks for everyone on the team. Users can ask the bot to schedule meetings, assign tasks, and set automated reminders for deadlines—all based in your Slack conversations. With this bot, you don’t need separate software for project management and communication. You also have the option to monitor all assignments on the Busybot website to ensure you stay on track.

    2. Astrobot

    Related image

    Another productivity-geared bot, Astrobot manages your email in the comforts of your chat environment. Astrobot is known for its email app and which seamlessly integrates with the Slack platform. Its powerful AI flags high priority messages and sorts them into a separate inbox for easy access. You can also respond to these important emails directly on Slack without switching back to your inbox. Send quick messages by using the slash command/email. Take actions on emails, such as unsubscribe from mailing lists, move emails from specific senders, and empty trash or junk mail by typing ‘Zap.’

    3. Workbot

    Image result for workbot

    Workbot by Workato is a bot that executes approval workflows – from social media posts to sales estimates and budgets – within the Slack platform. You don’t need another software or spreadsheet to keep track of approvals and rejections. This bot also has integrations with platforms like Workday, Zendesk, and JIRA, among others to quickly resolve issues within Slack. You can communicate with multiple teams across your company. This seamless experience reduces time for resolution and response, thus improving customer experience.

    4. Statsbot

    Related image

    Performance metrics is important to every business owner, and Statsbot offers this data conveniently. Its integration with Google Analytics, Salesforce, SQL, Mixpanel, and other platforms allows you to get insights, such as performance summary. This bot analyzes raw data from various sources to deliver reports for easier understanding, right from Slack. It also alerts you of any unusual spikes on your metrics. Thanks to its machine learning features, Statsbot can generate data about customers and their buying patterns. Marketing teams can then tweak their strategies based on available information.  

    5. Dbot by Demisto

    Image result for Dbot by Demisto

    Sharing makes Slack a great collaborative tool. However, it’s difficult to know which shared content is safe or malicious and the last thing you want is a cyber attack. Demisto’s DBot is a Slackbot that scans every URL, file, and IP address shared on the platform. Its multiple security threat feeds and malware analysis engines to protect and warn Slack users real-time. The bot is updated with the latest cybersecurity threats and provides detailed reports for security analysts. And if it notices any suspicious activity, it will notify your team immediately.

    There are numerous Slackbots in the market and some might seem repetitive in their offerings. No single bot can handle your specific needs since every business is different. Try several bots to find the right match in automating some of your tasks. Doing so allows you to prioritize in improving your bottomline and save on expenses.

  • Amazon Web Services Now has a Tool for Managing ‘Secrets’

    Amazon Web Services Now has a Tool for Managing ‘Secrets’

    Even companies have secrets that must never be revealed to outsiders. These include passwords,  API keys and other credentials that could spell trouble and even cost the company money if they fall into the wrong hands.

    In this age where data breaches are a fact of life, securing company data has become even more important since businesses are now moving their systems into the cloud. In response to this need, cloud computing giant Amazon Web Services (AWS) just launched a slew of services that provide businesses with easy-to-use tools to help them secure their cloud data.

    One of these new services is the appropriately named Secrets Manager, which can be used by companies to store very important information such as passwords. AWS’s new offering is timely considering the latest round or reports saying that improperly stored passwords on the platform had been compromised by cyber attacks.

    “You never, ever again have to put a secret in your code,” Amazon CTO Werner Vogels assured audiences during the AWS Summit. Vogels added that the service “allows us to build systems that are way more secure than we could ever do in the past.”

    The Secrets Manager tool is not  AWS’s first tool geared toward enhancing cybersecurity for its clients. The company previously introduced a simpler security system which was capable of storing encryption keys and worked with dedicated hardware modules.

    This time, however, the brand new AWS Secrets Manager has a broader use. Aside from storing passwords, the tool can also be used for storing database login data as well as keys to application programming interfaces for other services.

    Along with Secrets Manager, AWS also launched the Firewall Manager. It gives clients centralized control over security policies across their entire organization and can also be used for control over multiple accounts and applications. The tool makes it easier for clients’ security teams to spot non-compliant applications and resolve issues in minutes.

    The recent tools are well-timed to address the security concerns clients might have raised in light of the recent incidents of data breaches in the cloud service. In October 2017, Accenture’s data stored by AWS was leaked and over 40,000 passwords were compromised. The Australian Broadcasting Corporation also experienced a data leak which included login information in November of last year.

    Of course, the new AWS tool isn’t free. The company charges 40 cents per secret per month as well as 5 cents per 10,000 programmatic requests.

    [Feature image via AWS website]

  • What You Should Know About Google’s GDPR Consent Plan for Publishers

    What You Should Know About Google’s GDPR Consent Plan for Publishers

    Google wants its publishers in Europe to solicit users’ consent on its behalf under the new General Data Protection Regulation (GDPR) privacy rules. The GDPR rules which will take effect on May 25, requires companies to gain explicit consent for collection and use of personal information in targeted ads. And Google’s consent plan is something that ad giants like Facebook and Amazon can follow.

    “To comply, we will be updating our EU consent policy when the GDPR takes effect and the revised policy will require that publishers take extra steps in obtaining consent from their users,” the company explained in its blog post on Thursday.

    Obtaining users’ permission secondhand is legal, according to the experts. But for own platforms such as Google.com, Gmail, and YouTube, Google will directly get consent from its users.

    Under the GDPR, there are two categories of data handlers, the controller, and the processor. Controllers are identified as the source of data, like website owners and publishers. Processors, such as marketing technology providers, do the actual processing of data collected from external sources.

    Google, with its myriad of products, platforms, and services, cannot be simply classified as a controller or processor. The company identifies itself as a controller for some of its ad products, including DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdWords, and AdSense. On the other hand, Google operates as a processor of personal data gathered in services like Ads Data Hub, and Google Analytics, among others.

    Image result for gdpr scale google

    However, Google said that it will introduce new contract terms and take on the role of co-controller of user data for its publishers. This gives the tech giant autonomy over gathered data and its for their own purposes. At the same time, Google is sharing the burden of protecting the data especially since noncompliance with the new law could result in hefty fines.

    “The concern with GDPR is, everybody in the data supply chain could become liable. If the publisher fails to get sufficient consent for Google when [Google’s] tags or pixels are on [the publisher’s] site, the publisher could be potentially liable. Google, of course, could certainly be liable for collecting that data without the proper GDPR compliance process,” Gary Kibel, partner at law firm Davis & Gilbert, explained.

    By formulating its own consent plan as a joint controller, Google may be able to ensure compliance from its publishers. Likewise, it reduces the risk of publishers collecting data without obtaining consent.

    But as more people decline to give consent for personal data use, publishers might have a hard time earning money from targeted ads. As a countermeasure, Google plans to roll out non-personalized ads to help publishers. It will also be working with industry groups, such as IAB Europe, for other solutions ahead of the May 25 deadline.

    [Featured image via Google]

  • Dropbox’s Initial Public Offering is Priced at $21, Company Market Cap Reaches $9.1 Billion

    Dropbox’s Initial Public Offering is Priced at $21, Company Market Cap Reaches $9.1 Billion

    Investors, especially those who specialize in picking tech stocks, will now have one additional company to consider as an investment option. A decade after its founding, Dropbox is now a publicly traded company starting Friday, March 23, 2018.

    The San Francisco-based firm successfully hosted its IPO on Thursday where investors bought Dropbox share at $21. Popular for its cloud-based files storage and syncing service, the company was able to raise a whopping $750 million from the event.

    The IPO price of $21 per share is already way above the $16 to $18 price range previously proposed by the company earlier this month. The final price was even higher than the latest estimate when Dropbox raised it to between $18 and $20 in its regulatory document filed on Wednesday.

    At its current share price, Dropbox is now a publicly traded behemoth with a market capitalization of $9.1 billion. However, this amount still falls short compared to the $10 billion valuation it received during its last round of private funding in 2014.

    Of course, many are fearful that the tech company’s valuation trend will go downhill after its IPO, which seem to hound some tech listings. For instance, investors had to wait for almost a year before Snapchat’s shares rebounded and started trading above its June 2017 IPO price of $17 per share. This is a turn off for short-term investors who do not wish to hold on to a share for too long.

    But most investors remain upbeat on Dropbox’s future earning potential. The company is already cash flow positive and performed well last year. Its sales are on the rise, garnering a massive $1.11 billion in revenues for 2017 alone. The figure represents a 30 percent increase compared to 2016’s performance.

    [Featured image via Dropbox]

  • Ghostery Goes Open Source, Reveals Two Proposed Revenue Streams

    Ghostery Goes Open Source, Reveals Two Proposed Revenue Streams

    Ad-blocker Ghostery published its entire programming code on Thursday. By going open source, the company aims to clear the air on its old business model and invite others to contribute to its continuing development.

    “As a privacy product, especially one designed to give users a look behind the scenes at what data companies are collecting and doing with it, we thought it was important to give our users a look under the hood,” Ghostery’s product manager Jeffrey Tillman said.

    This unprecedented move was Ghostery’s response to conspiracy theories hounding the company. Before its acquisition by web browser Cliqz last year, previous owner Evidon earned money for Ghostery by selling users’ data. Software users chose to disclose information on ad trackers they encountered, but the compiled information was sold to eCommerce sites to help them discover why loading times slowed down.

    Ghostery’s old business model was contradictory—a privacy-focused tool selling user data—and confused its users. “It was never a really great fit for Ghostery the consumer product,” Tillman admitted.

    Recently, Ghostery announced two revenue streams as its new business model. First is Ghostery Insights, a paid analytics service for researchers to gather more data about the tracker ecosystem. Likewise, the analytics tool will aid web developers in quantifying the effect of trackers on site performance, such as loading speeds.

    Meanwhile, Ghostery Rewards is an affiliate marketing program designed for its users. They can choose to sign up for the service wherein users will receive relevant promotional offers, a tamer version of aggressive web ads. There will still be advertisements, but only those worthwhile and interesting to Ghostery users.

    Of course, affiliate programs are nothing new as many publications and bloggers already use them to generate revenue. However, Ghostery’s decided to make its program distinctly different from that of its main rival Adblock Plus. Unlike Ghostery Rewards, Adblock has an “acceptable ads program” that shows ads that may not be relevant to the user. As long as advertisers meet certain criteria and agree to split some of their ad revenue, Adblock lets them through.

    Exposing Ghostery’s code to the public makes it more vulnerable for software developers to sidestep the ad blocker’s system. But Tillman isn’t losing sleep over it.

    “There will always be a cat-and-mouse game with advertisers that are trying to find new ways to evade our technology but, if anything, going open-source should empower our community of contributors to help keep Ghostery ahead of the curve,” Tillman pointed out.

    [Featured image via YouTube]

  • Microsoft Previews New Privacy Controls for Windows 10 in Insider Test

    Microsoft Previews New Privacy Controls for Windows 10 in Insider Test

    With the rising concern over online privacy, Microsoft is taking greater steps to improve security for users of its browser. The software giant is testing out a new Windows 10 preview build for PCs which is already available on Windows Insider, its open software testing program. The new build comes with 13 bug fixes as well as a layout for the browser’s privacy screen settings.

    Microsoft released the Windows 10 preview build 17115 on Tuesday which offers a host of fixes and improvements. One of the major changes that will be introduced with the new update is the redesign of its privacy setting which, according to the company, “conveys focused information to help our customers make focused choices about their privacy.”

    A blog post by the company included a snapshot of the new privacy settings screen showing a very streamlined way Windows 10 users may tweak their browser experience. For instance, they can turn on or turn off Find My Device, Location, and even Speech Recognition very easily because these options can be all found on the same page.

    Windows 10 Privacy Setup

    For those who really want absolute control over their browser data, they can disable the Inking & Typing option which prevents the browser from sending data to Microsoft. This is good news for users who are a little bit concerned over the potential privacy issues posed by Windows 10’s built-in “keylogger,” a feature that records typed characters and other data with the aim of improving next word prediction and autocompletion features.

    However, Windows Insiders participants might not be seeing the same kind of privacy setting. Apparently, Microsoft is testing two very different styles of the redesign. While one design favors a single screen crammed with all options available, the other design opts for seven separate screens to handle all privacy settings tweaks. It seems that the software giant is hoping to gain insight from participant’s feedback to find the right balance between the two designs.  

    Microsoft announced that the Windows 10 update will arrive this spring. No specific release date was announced.

    [Featured image via Microsoft]

  • Google Drive Update Will Use AI to Help Organize and Retrieve Shared Files

    Google Drive Update Will Use AI to Help Organize and Retrieve Shared Files

    Google Drive is an indispensable cloud-based tool for countless organizations worldwide. Its file sharing and synchronization services allow users to store and share all kinds of data within their group, enhancing their overall productivity through seamless collaboration.

    However, Google Drive users inevitably learn that while sharing files and documents with anyone is easy, locating and retrieving a particular shared document tends to be a bit more complicated. The problem is especially cumbersome for large organizations that may need to sift through thousands of files in the “Shared With Me” section just to find a single document. 

    Thankfully, Google Drive has come up with a new way to make its users’ lives a lot easier. With the help of artificial intelligence technology, the service will now try to guess which files you might want to open.

    In a blog post, the company announced that will now be revamping Google Drive’s Share With Me and will soon “start intelligently organizing” files located in this section. Once updated, the drive will display a list of people along with the files they have shared.

    Because users mostly search content by owner, Google Drive aims to make these searches even faster with the help of AI.

    According to the company, the new system will “predict the people and files that you’re most likely to search for and make them more visible.” In addition, the system’s predictive capability will get better with use thanks to the inclusion of machine learning technology.

    Google announced that the update will be released in the coming two weeks and be available to G Suite.

    Meanwhile, Google Drive for Windows and Mac OS will no longer be supported come May 12. But users need not worry too much, all documents and files stored in Google Drive will be unaffected. They’ll just have to install one app to keep things up and running.

    Google Drive users running on Windows and Mac OS will only need to install the Backup & Sync app to continue the automatic syncing between their desktop and the cloud. Android and iOS users will be unaffected by the ending of support since it will only cover desktop users.

    [Featured image via Twitter.com/googledrive]

  • Salesforce Improves Einstein Analytics to Make it Easier for Customers to Extract Data

    Salesforce Improves Einstein Analytics to Make it Easier for Customers to Extract Data

    A lot of people find it challenging to use the different analytics tools at their disposal. But Salesforce hopes to change all that by making it possible for businesses to extract data by using conventional conversational language.

    Salesforce has been developing and filling artificial-intelligence features into its system so that users will be able to utilize their marketing and sales data to the fullest. The company introduced Einstein Analytics in June 2017. Now it has made improvements that allow the service to accept natural-language inquiries, thereby making it easier to use.

    Dubbed “Conversational Queries,” the feature recognizes popular phrases the user is typing and provides an automated method to develop queries and access data. For instance, a sales executive can type “show top accounts by yearly profit” into the Salesforce dashboard and it will immediately generate a report. Marketers previously had to set up the parameters and fields to get the data they need. Now Einstein Analytics can even suggest possible search terms to use, as well as the correct output vehicle, like a graph or a map.

    Technical users have used similar tools effectively for building queries, but it does require extensive knowledge on how to extract the data you need and fashion it into a specific query. By simplifying the system and using plain language to make queries, more people can access key analytics.

    According to VP of Product for Einstein Analytics Amruta Moktali, “Conversational Queries offers a new way to explore data and get answers to questions faster, eliminating clicks and the training required to create and drill down into charts.”

    There’s no question that enterprise tech is focusing on improving AI and machine-learning but for certain services, like customer-relationship management, ensuring that people can use the technology without having to hire a data scientist or going back to school is more critical.

    Salesforce’s Einstein Analytics is currently available in beta.

    [Featured image via Salesforce]

  • Hackers are Now Buying Legit SSL Certificates to Hide Malware

    Hackers are Now Buying Legit SSL Certificates to Hide Malware

    Making sure that you are secure every time you surf the net is getting more challenging these days. No matter what type of high tech security system you may have installed, it seems hackers will inevitably find some creative way to breach it. Reportedly, hackers are now buying SSL certificates to make their malware appear legit and, as a result, make them easier to bypass security protocols.

    This latest trend in cybercrime was discovered through research conducted by the Recorded Future’s Insikt Group. Apparently, there is an online market where anyone, including hackers, can just buy legitimate certificates from issuing authorities.

    Of course, this is a jarring contrast to the common belief that SSL certificates used in illegal activities were only obtained through theft from companies and developers. According to researchers, these certificates were not stolen from their rightful owners but were purposely created for specific buyers and registered under stolen corporate identities. When malware is given this level of apparent legitimacy, it will be harder for traditional network security measures to detect them.

    “It’s been generally accepted that security certificates circulating in the criminal underground were stolen from legitimate owners prior to being used in nefarious campaigns,” Recorded Future director of advanced collection Andrei Barysevich explained. “However, our most recent analysis indicates this is not the case. We have confirmed—with a high degree of certainty—that counterfeit certificates are created for specific buyers, per request only, and registered using stolen corporate identities.”

    SSL certificates are used in a process known as code signing. The process identifies the author or developer of a particular code and is used to authenticate its trustworthiness. They can be considered an extra layer of defense against cyber threats. In fact, some companies like Apple will not allow a program to be executed if it is not code-signed.

    Prices for these SSL certificates vary greatly in the underground digital market. According to the report, they can be purchased for as little as $299 while the pricier ones could cost up to $1,599. However, the Recorded Future team does not believe that the legitimate owners of these SSL certificates are aware that their corporate digital data is used for these activities.

    [Featured image via Pixabay]

  • AWS Makes Serverless Application Repository Available to Cloud Consumers

    AWS Makes Serverless Application Repository Available to Cloud Consumers

    Amazon Web Services (AWS) has announced the general availability of its serverless application service. After a brief beta testing phase, the AWS Serverless Application Repository, which was first announced in November of 2015, works as an app store where consumers can try out a variety of applications via Lambda, the company’s event-driven computing service.

    Lambda’s serverless computing service allows AWS to automatically manage the allocation of computing resources. With the service in place, developers no longer have to worry about the hardware and computing infrastructure needed to support the running of their applications. In effect, it significantly makes developers’ jobs a lot easier so they can focus more on what they do best—developing applications.

    The public availability of the Lambda ecosystem will now give cloud consumers access to a host of applications and components on the AWS Serverless Application Repository. With this access, consumers can make changes to the apps they deploy without having to write their own code. They can also use the apps found in the repository to complement projects for machine learning, image processing, IoT, and other general processes.

    Consumers can also opt to configure, take apart, or even build on and modify these applications. They can even add features that are needed for their business processes or submit pull requests to the app’s authors.

    The service also makes it easier for publishers to release their apps on the Serverless Application Repository. Publishers only need to supply a name, description, labels to boost discoverability as well as a README to get new users started.

    Amazon likewise revealed the regions where the AWS Serverless Application Repository can be accessed. These are US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), and South America (São Paulo) regions.

  • Is Your Company Wasting Money on the Cloud?

    Is Your Company Wasting Money on the Cloud?

    There’s no denying that cloud technology is the way to go for businesses that want to run more efficiently. Thanks to the cloud, numerous business processes can run smoothly and an untold amount of data can be stored. The technology has become so vital that companies are set to spend more money on the cloud in 2018 than the previous year. Conversely, businesses are also wasting a lot of money on it, too.

    Cloud Spending on the Rise

    RightScale recently came out with the results of a survey they conducted among almost a thousand technology specialists. According to the cloud delivery specialist, enterprises (or companies with more than a thousand employees) are spending more on the cloud. The report reveals that 26 percent of companies are allocating more than $6 million annually to spend on the public cloud. About 26 percent of companies also admit they currently spending around $1.2 to $6 million for cloud services.

    That number is expected to increase this year, with 71 percent of enterprises admitting they will increase their cloud budget by more than 20 percent. Meanwhile, 20 percent of companies plan to double what they previously spent on the cloud.

    Image result for right scale survey cloud spending

    And it’s not just large corporations that are shelling out money on this technology. Small and medium-sized companies spend an average of $120 thousand on cloud providers per year.

    Respondents in the RightScale survey use multiple cloud servers to run their applications. Some companies use about five different servers while experimenting with at least one more. Amazon remains the top provider of public cloud services, with AWS user numbers rising to 64 percent market share in 2018 as opposed to last year’s 57 percent. Azure and Google Cloud also saw a boost. Azure is up to 45 from 34 percent while Google Cloud saw an increase from 15 to 18 percent. IBM Cloud also rose from 8 to 10 percent.

    What Companies are Doing Wrong

    While different sectors view the increase in cloud spending in a positive light, the RightScale survey also implies that one-third of the money spent is wasted. Survey participants projected 30 percent wasted spending but RightScale has pegged the exact amount of waste to be nearer to 35 percent. So if an enterprise is paying their service cloud provider about $6 million annually, more than $2 million of that money goes to wasted or unused.

    Image result for right scale survey cloud spending

    The RightScale report does not clearly pinpoint or discuss what companies are doing wrong. However, it’s clear that the eagerness of companies to utilize the cloud has contributed to the wasted spending. For instance, people subscribe or buy cloud services for their department or for their own duties. This has led to identical accounts being created for the same services.

    The cloud’s reputation as being easy to use and affordable has also caused companies to become complacent about their budget. Businesses tend to be more open about expanding their cloud usage.

    There’s also the very fluid pricing structure used by cloud providers. Rates depend on supply and demand, so as the demand for data rises, so does the cost.

    How to Stop Wasting Money on Cloud Services

    Enterprises are aware of how much money is being wasted on the cloud and how easily this uncontrolled spending can end in disaster. Most admit that improving how they utilize the service is now their top priority.

    There are other strategies that companies can take to make cloud usage more beneficial and save money.

    • Determine and Stop Abandoned Applications: The ease that applications are developed or run on the cloud has led to numerous abandoned apps. Unfortunately, this doesn’t mean they have been disabled. Some are still running inside different cloud service environments (ex. SaaS) despite companies not using them anymore. Determining these forgotten apps and decommissioning them can save companies some serious money.
    • Picking the Appropriate Storage Model: Businesses are demanding data at an increasing rate due to cheap cloud storage options. But problems arise when the administrator chooses the wrong storage model. Remember that every data is different. Some are accessed more often while others are rarely used. The former needs to be stored somewhere where it can be retrieved quickly. This usually means a more expensive storage model. Meanwhile, older data or those that are rarely accessed can be stored in the more affordable storage tiers.
    • Schedule Server Use: There’s no reason to maintain all cloud instances running constantly, especially when applications are mostly used during specific periods. It’s better to set an automated schedule that turns off cloud services during off-peak hours. There are numerous scheduling tools that companies can use for this.

    Is your company’s budget evaporating into the cloud? Now is as good a time as any to run an audit to find out how you can use data services more efficiently to cut down on your operations cost.

    [Featured image via Pixabay]

  • Apple & Cisco Team Up to Offer Cybersecurity Insurance

    Apple & Cisco Team Up to Offer Cybersecurity Insurance

    Apple and Cisco are forging a new path in their partnership. The two companies announced on Monday that they are working with insurance company Allianz and Aon, a premier risk evaluator, to assist their customers in having the best cyber protection around.

    The goal of this new endeavor is to provide businesses a practical way to deal with cybersecurity risks caused by malware and ransomware. And what better way to do this than by integrating the best in cyber insurance and security technology, the most secure devices, and the premier experts in cybersecurity domain.

    It should be emphasized that Apple and Cisco are not directly selling insurance, but their deal with Allianz and Aon will ensure that businesses can avail of improved conditions in their cyber insurance coverage. This could mean lower, or even zero, deductibles. But for a business to avail of such a package, it has to be using specific Apple hardware and Cisco’s Ransomware Defense platform.

    Allianz reportedly found that that the two companies’ products can provide businesses with a “superior level of security.” Apple has confidently pointed out that the amalgamation of its software, services, and hardware in its iOS devices ensure that it has some of the most secure products on the market. Meanwhile, Cisco boasts of a platform that can block malicious internet websites. It also has email security and endpoint protection.

    On Aon’s part, its cybersecurity experts will assess the current security environment of its prospective clients and make recommendations on how to shore up their cyber defenses. And in case businesses who participate in this deal are attacked by malware, they will have access to Aon and Cisco’s Incident Response teams.

    This is not the first time that Apple and Cisco partnered up. The two companies worked together in 2015 when Cisco enhanced its software and networking gear for iOS devices and apps. This led to a number of optimizations for iOS 10 that gave iPad and iPhone users a smoother time on Cisco apps.