Tanium CEO’s Refreshingly Honest Take on the State of Internet Security

This is your Cyber Saturday edition of Fortune’s tech newsletter for October 7, 2017.

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business—a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

—Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax. 

ONE MORE THING

The adventures of John Titor.  Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

Who Will Take Responsibility for Facebook?

Just after the collapse of the World Trade Center in 2001, Leslie E. Robertson, the twin towers’ chief engineer, plunged into a period of moral reckoning.

As a young hotshot in the 1960s, Robertson had defied the engineering establishment to erect the iconic skyscrapers. Now, at age 73, he brooded. Over and over, observers suggested that the arrogant silhouette of the towers was their undoing. Robertson seemed surpassingly sad. He emailed a colleague in verse: “It is hard / But that I had done a bit more … / Had the towers stood up for just one minute longer … / It is hard.” As The Wall Street Journal reported, when asked at a public forum if he wished he had done anything differently, he wept.

But Robertson also conducted a careful audit of his work. The blueprints, the physics, the math came in for close review. He knew he had designed the buildings expressly to brook the impact of an airliner. But flaming jet fuel had brought them down. He concluded that inoculating the towers against those all-consuming fires would not have been feasible. “You could always prepare for more and more extreme events, but there has to be a risk analysis of what’s reasonable,” Robertson told a Newsweek reporter. In his reckoning, Robertson managed to avoid the twin seductions of defensiveness and ­self-savagery—and took responsibility for his work.

Mark Zuckerberg, an engineer in another key, has also seen his magnum opus breached, with a force that may yet shatter it. Over the past two and a half years, Facebook’s integrity as a place that “helps you connect and share with the people in your life” has been all but laid to waste—as it has served as a clearinghouse for propaganda, disinformation, fake news, and fraud accounts. More serious still: Facebook may not just have been vulnerable to information warfare; it may have been complicit.

Zuckerberg, however, has been unaccountably slow to make earnest amends. This week for Yom Kippur, 11 months after the election, he did post what’s known as a Chesbon HaHefesh—the moral accounting undertaken annually in a spirit of repentance. But his statement seemed pro forma—perhaps even aggrieved. “For the ways my work was used to divide people rather than bring us together, I ask forgiveness and I will work to do better.” Odd phrasing. Was Zuckerberg confessing to his own misconduct? Or was he saying that his work “was used” by such criminals, which suggested that he himself was owed the amends?

But even this pass-agg penance marked a change of course for Zuckerberg personally, if not for Facebook. In November, fresh off the US election, he dismissed as “crazy” the idea that fake news on Facebook had influenced the race. (He disavowed the word when he came in for criticism ten months later.) When President Obama reportedly urged Zuckerberg to take seriously that Facebook could be exploited by hostile powers intent on undermining democracy, even then Zuckerberg shrugged.

Meanwhile, he whistled in the dark, lighting off on a 50-state walkabout dense with Insta opportunities. It looked for all the world like he was running for president himself. That impression was bolstered when he later hired Joel Benenson, a former campaign adviser to Obama and ­Hillary Clinton.

As the summer wore on, it became unmistakable that Facebook’s problems ran deeper than fake news. In June, Facebook officials reportedly met with the Senate Intelligence Committee as part of that body’s investigation into Russia’s election interference. In August the BBC released an interview with a member of the Trump campaign saying, “Without Facebook we wouldn’t have won.”

At last, in September, Facebook broke its silence. The company admitted it had received payments for ads placed by organizations “likely operated out of Russia.” These were troll operations with a wide range of phony ads designed to fan the flames of American racism, anti-LGBT sentiment, and fervor for guns­—as well as to build opposition to Clinton. Zuckerberg announced that the ads had been turned over to Congress, and he ­intimated that an internal investigation at Facebook would likely turn up more such ad deals: “We are looking into foreign actors, including additional Russian groups and other former Soviet states, as well as organizations like the campaigns, to further our own understanding of how they used all of our tools.”

The statement sounded more like fact-­finding than soul-searching. Zuckerberg seemed to be surveying a different Facebook from the one that allowed possibly Kremlin-­backed entities to target people who “like” hate speech with racist propaganda. A Facebook like that would need a gut renovation; Zuckerberg’s Facebook just needed tweaks.

Facebook is indeed a new world order. It determines our digital and real-world behavior in incalculable ways. It does all this without any kind of Magna Carta except a vague hypothesis that connectivity is a given good. And yes, it’s largely unregulated, having styled itself as nothing more than a platform—a ­Switzerland pose that lets it seem as benign as its bank-blue guardrails, which stand as a kind of cordon sanitaire between Facebook and the rest of the unwashed internet.

In 2006, a college kid talked me off ­Myspace and onto Facebook by insisting that Facebook was orderly while Myspace was emo and messy. That kid was right. Facebook is not passionate; it’s blandly sentimental. It runs on Mister Rogers stuff: shares and friends and likes. Grandparents and fortysomethings are not spooked by it. Like the animated confetti that speckles Facebook’s anodyne interface, our lives on Facebook—the bios and posts—seem to belong to us and not to the company’s massive statehouse, which looks on in­differently as we coo over pups and newborns. (Or is it a penal colony? In any case, it keeps order.) Facebook just is the internet to huge numbers of people. Voters, in other words.

But that order is an illusion. Nothing about Facebook is intrinsically organized or self-regulating. Its terms of service change fitfully, as do its revenue centers and the ratio of machine learning to principled human stewardship in making its wheels turn. The sheen of placidity is an effect of software created by the same mind that first launched Facemash—a mean-­spirited ­hot-or-not comparison site—but then reinvented it as Facebook, an “online directory,” to prevent anyone from shutting it down. The site was designed to make the libertarian chaos of the web look trustworthy, standing against the interfaces of kooky YouTube and artsy Myspace. Those places were Burning Man. Facebook was Harvard.

Siva Vaidhyanathan, whose book about Facebook, Anti-Social Media, comes out next year, describes Zuckerberg as a bright man who would have done well to finish his education. As Vaidhyanathan told me, “He lacks an appreciation for nuance, complexity, contingency, or even difficulty. He lacks a historical sense of the horrible things that humans are capable of doing to each other and the planet.”

Zuckerberg may just lack the moral framework to recognize the scope of his failures and his culpability. Like Robertson, he was a defiant hotshot when he launched Facebook. Maybe he still is. It’s hard to imagine he will submit to truth and reconciliation, or use Facebook’s humiliation as a chance to reconsider its place in the world. Instead, he will likely keep lawyering up and gun it on denial and optics, as he has during past ­litigation and conflict.

To be sure, unlike on 9/11, there are no mass casualties; there’s no flaming wreckage. But that may only heighten how important it is for Zuckerberg to take responsibility. Because there are 2 billion of us on Facebook. We’re all inside his tower. And, heaven help us, we have nowhere else to go.

This article will appear in the November issue. Subscribe here.

Tech

The iPhone 7 might let you take it for a shower without breaking


If you’ve ever accidentally soaked your phone with water (or more frequently in my case, a pint of beer), you know the anxiety of having to let it dry in rice, and not knowing if your handset is irreparably busted. But this might be a thing of the past with the latest iPhone 7, as it’s rumored to come with IPX7 waterproofing. This essentially means that it is properly waterproof, and can “cope with being dropped in a puddle or stream with no ill effects.” This puts it on the same level as the Apple Watch. iPhones have been getter better at handling…

This story continues at The Next Web


All articles

Here’s why it’s hard to take a game from China to Europe

Patrick Streppel, head of IME, at ChinaJoy.

Disclosure: The organizers of ChinaJoy paid my way to Shanghai. Our coverage remains objective.

SHANGHAI — Lots of Chinese game companies are flooding out of China into the West. Patrick Streppel, chief executive of consulting live operations firm IME helps make that happen. But he sees a ton of problems that can trip up the Chinese publishers that try to do it themselves and do it too fast.

The mobile gaming market has become tough, since it is dominated by long-term hits such as Supercell’s Clash of Clans, King’s Candy Crush Saga, and Machine Zone’s Game of War: Fire Age.

From VentureBeat

2 days, 6 topics, 80+ speakers, 500+ growth marketers. Only a few days left to register for GrowthBeat!

“Too many Chinese game developers spend money on marketing, not quality,” said Cai Cai, founder of Pine Capital, as she introduced Streppel for a talk at the ChinaJoy game trade show in Shanghai.

“I agree about the importance of the quality of games, the toughness of the market now, and the carefulness of investors and companies overall,” Streppel said. “I don’t think it is possible to just publish globally from one place, like Korea, China, or the U.S.”

“To go global, you have to be local because of the state of the competition,” said Streppel, former head of Gamigo.

Hamburg, Germany-based IME partners with game publishers in regions such as Western and Eastern Europe. Started two years ago, IME acts as a co-publisher, content agency, and consulting company for global free-to-play games. The company is a business-to-business operator, so it doesn’t put its own brand on games.

This freaking big mech was in a promiment position at ChinaJoy.

Above: This freaking big mech was in a prominent position at ChinaJoy.

Image Credit: Dean Takahashi

The company helps secure licenses and figures out where those licenses will work. The licenses can attract users, but sometimes a game company winds up with just 20 percent of the profits in a licensing deal.

In Europe, he said, “The good old days are over where it was very easy to get money and make money. Wargaming, Riot Games, Innogames, and GoodGame are growing. But a lot of companies that hit 150 million euros in revenue are declining and restructuring.

“The companies with a lot of titles are falling behind, and those with just a few are leading,” he said.

Streppel said he encourages companies to self-publish their titles. But investing in a team and a local subsidiary in major regions takes a lot of time and money. The cost of advertising to get new users is rising. There’s very little visibility into how well that advertising works, and it costs a lot of money to build the systems to verify it and prevent fraud.

“Maybe you are advertising on the wrong platform or others are cheating on you,” he said. “It costs money to find out.” A lot of money is being pumped into ads. Chinese companies are investing a lot in user acquisition, and not in a smart way. It drives up the advertising costs for everybody.”

And some advertising channels don’t work anymore. TV ads are less effective because fewer people watch them. Most people multitask when they watch TV these days, so the ads have less impact, Streppel said.

Another thing that makes the market tough are the media companies themselves, which create a big presence on Google related to key advertising words for games. Those media companies get more search engine optimization than the games themselves. So the game companies have to advertise with those media companies.

“Your traffic is diverted because they write content to claim the traffic,” Streppel said. “Then they call the publisher to advertise on the web site. You buy your own users back for money.”

Sony showed off a Chinese-made game at the front of its PlayStation booth at ChinaJoy 2015.

Above: Sony showed off a Chinese-made game at the front of its PlayStation booth at ChinaJoy 2015.

Image Credit: Dean Takahashi

Smaller companies have to create games with good key performance indicators, or those that measure growth.

“Platforms want good KPIs if they are going to feature you, but how can you prove good KPIs without a lot of users,” Streppel said. “It’s a chicken and egg problem.”

Ad networks hold more power in Europe now, and Streppel said that ‘s a problem. There are a ton of cloned games that are heavily advertised, but  those clones destroy consumer confidence and make the market tougher. Lifetime value (LTV) calculations are key to figuring out if a game is profitable or not, and how much a publisher can spend on advertising. But LTV is declining for the games that are not in the top tier.

To win users back, publishers are discounting heavily. But users are being trained by promotions such as Steam sales to expect discounts.

The mature markets are seeing tons of new game launches still. Some companies are fleeing to less crowded territories.

Publishers can expand into markets such as India or South America, but it’s hard to generate revenue in those markets because users spend less and don’t have as much disposable income.

“A lot of companies are fleeing to mobile, but that makes the situation worse,” Streppel said. “So you have to focus on game quality.”

Streppel also said that publishers should focus on customization, a small dedicated team, and retention of existing users. And that’s what his team specializes in.

VB’s research team is studying web-personalization… Chime in here, and we’ll share the results.



All articles

Netflix Will Let New Moms and Dads Take a Year of Leave

Netflix Will Let New Moms And Dads Take A Year of Leave

The new policy is consistent with Netflix’s larger mandate that employees should be free to figure out their own work-life balance.

The post Netflix Will Let New Moms And Dads Take A Year of Leave appeared first on WIRED.




All articles

Related:


All articles

Cloud Hosting Services ? Take The Pain out of Moving

Cloud hosting is the buzz word these days. Cloud computing is reshaping the IT marketplace, creating new opportunities for suppliers and catalyzing changes in traditional IT offerings. Cloud hosting, also known as enterprise or cluster hosting, is a service offered from a network of servers located in different internet data centers spread across the globe. In fact, you are already part of the cloud by surfing the net or conducting Google searches, all of which are operating under the cloud. Over the next five years, IDC expects global spending on IT cloud services to grow almost threefold, reaching billion by 2012.

Companies looking to achieve better performance without adding any extra cost may opt for cloud web hosting. Cloud hosting services ensure better security, convenience and far better results at lower costs. Traditional hosting services (dedicated/shared) were limited to a single server. With cloud services you have access to multiple servers with unlimited processing power, and you can always add a new server and scale up.

Private cloud hosting helps organizations maximize their organization’s resources and align their IT services with their business needs. The major advantage of cloud hosting is that it helps lower your hardware inventory and therefore leads to much less power usage and lower overhead costs.

]]>

Cloud hosting is designed to address key challenges of IT departments, allowing them to:

Maintain availability of applications without having to invest double the amount of capital expenditures in hardware and software.

Provide companies with the benefit of scaling and reducing computer resources as per business demands without having to worry about hardware management issues.

Contribute to the green initiative by subscribing to a service rather than having underutilized in-house resources.

Cloud hosting is highly beneficial to users because:

The technology is highly scalable (load balancing, hardware software upgrades etc.).

Website expansion can be done with minimum limitations.

No more server crashes to deal with.

Migrating website to the cloud is easy.

Highly cost efficient as it follows the rule of pay-per-use.

To obtain the highest benefit of a cloud infrastructure services, it is vital to look for a reputed and reliable cloud web hosting service provider that will meet your needs. Consider the factors given below when comparing various companies offering this latest hosting service.

– Compare the prices charged by cloud hosting providers to determine which one will provide you with higher computing power during prime time at lower costs. The service providers offering you price flexibility will also give the flexibility to pay only for services that you want, thus offering the best value for your money.

Data security is vital to any organization. Check the data security features maintained by different web hosting service providers. Confirm whether precautionary measures are followed by cloud hosting providers to keep their servers safe from any kind of security breach or physical danger. The user often makes an attacker’s job easier by configuring physical and cloud-based IT assets in such a poor fashion that easy-to-find-and-exploit flaws are left behind.

– Support is a critical offering needed to ensure success in today’s networked environment. Evaluate the type of technical support and services offered by various cloud hosting service providers when choosing one to make sure that you get dedicated technical and emergency support when you need it.

With cloud hosting services, hosting clients can effectively maintain the availability of their applications without needing to invest double the amount in the necessary hardware and software components. It also gives companies the added benefit of reducing and scaling their resources based on needs without the worry of hardware management.

 

Writing article is my hobby..

More Cloud Hosting Articles

Cloud computing convention will take place in early September

Cloud computing.
cloud computing
Image by Miran Rijavec
Cloud computing is an unavoidable future of IT. Actually the future of cloud computing is still a little bit cloudy but quickly converging in a stable and reliable form. Big players gonna dictate the pace and the degree of freedom, security and privacy.

Anyway, I am slowly moving in one of those clouds hoping that they unify and synergetically combine all concepts.

Cloud computing convention will take place in early September
Cloud computing seems to be taking over the news front as more people are beginning to use and, more importantly, understand it. Nearly 70 percent of businesses conducted in a survey by Mimecast said they plan to move even more applications onto their
Read more on CenterBeam

Salesforce.Com (CRM): Q2 2012 Earnings Preview; Cloud Computing Growth Might Help
Salesforce is a cloud computing enabler and offers various business applications on a subscription basis with a strong emphasis on customer relationship management (CRM). The company was recently positioned in Gartner's "Magic Quadrant for Sales Force
Read more on istockAnalyst.com (press release)

Cloud Computing: Samsung Wasn't Blindsided Like It Claimed
Turns out Samsung wasn't exactly straight when it claimed it was completely blindsided by the preliminary injunction Apple got last Tuesday barring the Galaxy Tab 10.1 from being distributed anywhere in the European Union except Holland.
Read more on SYS-CON Media (press release)

Pressure systems: Who is driving cloud adoption?
Some IT industry commentators and analysts have been drawing analogies between cloud computing and technologies such as electric power for a number of years. Nicholas Carr predicted the consumerisation of IT and the emergence of utility style computing
Read more on iT News

Question by Robyn Shapiro: What is cloud computing in simplest terms?
Im reading an article and it says “The threat: cloud computing, in which applications run on the web.”

What does that mean?

Best answer:

Answer by Capn
Instead of running applications on your computer they are run from central servers which you access to view data. The computing/calculating is done elsewhere, you just view the data and direct commands.

Add your own answer in the comments!

IceWEB Setting Target to Take Lead in the Cloud Computing Market

IceWEB Setting Target to Take Lead in the Cloud Computing Market
This dependence and usage is expected to rise further with the advent of cloud computing – a concept that is soon going to become mainstream and is expanding the breadth of its domain. Industry majors such as Microsoft, Google, Oracle (News – Alert),
Read more on TMC Net

iCloud: It's not the cloud, but it's good for the cloud
However, this synchronization service could be delivered to an audience that has yet to understand what cloud computing is, let alone know if they should accept it into their homes and offices. A recent survey from the NDP Group found that just 22
Read more on InfoWorld

RentTheCloud.com Debuts to Help CIOs Quickly and Safely Adopt Cloud Computing
The RENT methodology is particularly effective for large enterprise customers looking to move multiple applications to the cloud (eg Microsoft, SAP, Oracle, etc). "Although the economics of cloud computing are compelling, the market is fragmented,
Read more on PR Newswire (press release)

Cloud computing shines on Portland startups AppFog and Cedexis
Launched two years ago, the company's services help very large organizations maintain global websites and cloud computing networks. "Our customers tend to be fairly large, Fortune 1000 companies that are very concerned about global performance," said
Read more on OregonLive.com

Question by garlin104300: CLOUD COMPUTING?????????????
How can you protect your company from an outage caused by such an issue with cloud computing?

Best answer:

Answer by Hat
Backups

What do you think? Answer below!