Thursday, September 3, 2015

Checking on the Baby

It's been SHOT DEAD by Rapid fire!!!!

"Baby monitors fall short in security tests" by Bree Fowler Associated Press  September 03, 2015

NEW YORK — Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a report from a cybersecurity firm. 

Great! Another crap product with government trapdoors and a $elf-$erving report to boot!

The possibility of an unknown person watching a baby’s every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person’s home, such as a personal computer or security system.

Yes, this total $urveillance tyranny that has been built upon fear and $ecurity doesn't protect you and puts you at even greater risk. Yay! 

So when does the rash of baby kidnappings start appearing in the paper? I mean, there are already human adoption mills and kids snatched by the hundreds every day, etc, etc. It's not like missing children is anything new (what is new is that we now know they didn't just vanish in alien spaceships, but were likely the victims of elite pedophile rings).

The research, released Wednesday by Boston-based Rapid7 Inc., looks at nine baby monitors made by eight companies. They range in price from $55 to $260.

I'll bet that would be a good investment, what with the car hacking and all -- but go get that app from Flo!

The cameras are often mounted over a crib or another place where the baby spends a large amount of time. They work by filming the child, then sending that video stream to a personal website or to an app on a smartphone or tablet. Some of the cameras also feature noise or motion detectors to alert parents when the baby makes a sound or moves.

‘‘There’s a certain leap of faith you’re taking with your child when you use one of these,’’ says Mark Stanislav, a senior security consultant at Rapid7 and one of the report’s authors. 

'scuse me?

The Rapid7 researchers found serious security problems and design flaws in all of the cameras they tested. Some had hidden, unchangeable passwords, often listed in their manuals or online, that could be used to gain access. In addition, some of the devices didn’t encrypt their data streams, or some of their Web or mobile features, Stanislav says.

Gee, I woNder who would have reaSon to tap into your datA stream.

The problems with the cameras highlight the security risks associated with what’s become known as the ‘‘Internet of things.’’ Homes are becoming increasingly connected, but many consumer devices often don’t undergo rigorous testing and could be easy targets for hackers.

And yet the advertising ad bu$ine$$ pre$$ are giving the society a big shove in that direction, especially with the millennials! Some hacks are more important than others, I suppose.

And if a hacker has access to one connected device, he or she could potentially access everything tethered to that home’s Wi-Fi network, whether it’s a home computer storing personal financial information or a company’s computer system that’s being accessed by an employee working from home.

In the Rapid7 study, researchers rated the devices’ security on a 250-point scale. The scores received a grade of between ‘‘A’’ and ‘‘F.’’ Of those tested, eight received an ‘‘F,’’ while one received a ‘‘D.’’ All of the camera manufactures were notified of the problems and some have taken steps to fix the problems.

I feel soooooo much safer now.

‘‘When one gets an ‘F’ and one gets a ‘D minus,’ there isn’t an appreciable difference,’’ Stanislav says.

For example, researchers noted that the Phillips In.Sight B120 baby monitor, which retails for about $78, had a direct, unencrypted connection to the Internet. That could allow a hacker to watch its video stream online, as well as remotely access the camera itself and change its settings, the report says.

Was it run through Hillary Clinton's private e-mail server?

Phillips NV released a statement noting that the model in question has been discontinued. It added that its brand of video baby monitors is now licensed to Gibson Innovations, which is aware of the problems and it working on a software update designed to fix it.

The researchers also tested the iBaby and iBaby M3S, Summer Infant’s Summer Baby Zoom WiFi Monitor & Internet Viewing System, Lens Peek-a-View, Gynoii, TRENDnet WiFi Baby Cam TV-IP743SIC, WiFiBaby WFB2015 and Withings WBP01.

Officials for iBaby and Lens Laboratories Inc. didn’t immediately respond to requests for comment. A spokesman for Withings said he couldn’t immediately comment on the report.

Summer Infant says in a statement that it’s reviewing the report’s findings and will make sure that precautions are taken to protect its customers’ security. Gynoii says that it’s reaching out to Rapid7 in hopes of fixing the issues with its camera.

TRENDnet notes that physical access to its camera would be needed to exploit its security bug but it has prepared a patch, and a software update will be available soon.

That's when I $tart wondering who is this all benefitting?

And WiFiBaby released a statement defending its camera’s security, noting that its latest software requires users to set their own unique password when they set up their camera.

--more--"

Any clue jwho might be at the bottom of the hacking epidemic?

And now that I'm started:

"Investors tighten scrutiny of cybersecurity startups; Focus on profits instead of growth could be a trend" by Nicole Perlroth New York Times   September 03, 2015

SAN FRANCISCO — A funny thing happened to Orion Hindawi while he was raising $120 million for his cybersecurity startup last month: Investors asked him about profits.

I'm not liking the joke already.

A year ago, Hindawi raised $90 million, followed by an additional $52 million this year from the Silicon Valley venture firm Andreessen Horowitz. Investors were willing to place a $900 million valuation on his company, called Tanium, without so much as a glance at revenue or profit margin.

Really been a buzz about them lately.

This time, not so. As he made the rounds with such investors as Institutional Venture Partners and T. Rowe Price, Hindawi said, he was asked to show profits and sales margins. “A lot of the funders we spoke with are starting to get really scared,” he said. “This time the questions were, ‘Is this a sustainable business? Do you guys actually make money?’ ” 

It's as I have been saying: venture capital is a way for the elite (pick your percentage) to funnel down all the loot they are swimming in to agenda-pushing causes and well-connected friends. If they "burn" through it and it doesn't work, oh well. College endowments and pension funds lose out, so what? Where do you think the venture capital run by private equity comes from, Federal Reserve printing presses? Did you know the CIA has a venture capital wing(?)? have you seen who is living in $ilicon Valley?

That sudden dose of skepticism about cybersecurity startups, which as a group recorded record investments last year, may be a harbinger of change across the entire technology sector. With global stock markets struggling, investors may be ready to move away from their emphasis on growth rather than profits.

Uh-oh. Bubble's popped, you missed the boat.

If that shift persists, it will be a dramatic turnabout. Cybersecurity entrepreneurs in recent years have had an easy time raising money as breaches at the nation’s largest companies and government agencies have become front-page news.

In 2014, US venture capitalists poured $1.77 billion, a record amount, into private security startups, topping the previous record of $1.62 billion invested in 2000, at the height of the dot-com bubble, according to Dow Jones VentureSource.

“There was a big rush to fund cyber companies over the past 12 to 24 months,” said David Cowan, a partner at Bessemer Venture Partners. “But now there’s a sense that there are many, many out there already, and a good story is not enough to attract capital anymore.” 

Despite the epidemic of hacking we are told is happening.

And there are too many companies trying to do the same thing: identify “anomalous” behavior on computer networks and respond to attacks in real time, Cowan said.

“That pretty much sums up 95 percent of the companies raising money at the RSA show,” he said, referring to the RSA cybersecurity conference held in San Francisco in April. “If that’s what you’re promising and you think you’ve found a really sexy value proposition, guess what — it’s not that sexy when the room is full of people just like you.”

Did Colbert ever make it

See: Jeb Bush a scheduled guest on Stephen Colbert’s first night hosting

No, I guess he would not have

So despite offending W, he is actually an enabler and straw man for the family. How he got to Late Night, no doubt.

If interest by venture firms is any indication, Tanium must still be sexy. The Emeryville, Calif., company’s technology can test the millions of computers attached to corporate networks, ask them questions, and patch them or shut them down in seconds, if need be.

Tanium, founded in 2007, became profitable shortly after it started working with customers in 2012. Hindawi and his father, David, were not initially interested in raising venture capital, but the value Andreessen Horowitz was willing to put on their company and the business connections the venture firm could provide were too good to ignore.

Still, Hindawi said he was surprised that venture capitalists were willing to place a $900 million valuation on a young company without so much as a glance at revenue or margin.

“Up until a year ago, nobody cared that we were cash flow positive,” he said. “None of those things factored in. They basically said, ‘We don’t really care. What’s the growth rate?’ ”

The diligence he encountered during the company’s latest funding round was almost a relief, he said, maybe an indication that some semblance of sobriety had returned to tech funding.

But it may be just a semblance. Hindawi turned away $400 million in cash offers in the latest round. The investors who made the cut — Institutional Venture Partners, TPG Capital and T. Rowe Price — valued Tanium at $3.5 billion, nearly four times the $900 million valuation it received last year and double the $1.75 billion valuation that Andreessen Horowitz gave it last March, according to two people familiar with the deal who spoke on the condition of anonymity because the terms were confidential.

The numbers they toss around are like a lullaby.

Tanium did not need the cash, Hindawi conceded, but he chose to raise money now, in part, because word that he had recently turned down an acquisition offer sent investors flocking to the company’s door — and a quarter-billion dollars in the bank would help it survive if a downturn hit.

“I never want to raise money again,” Hindawi said. “If there’s a market downturn or a ‘black swan’ occurs, I want to make sure we cross that bar.”

Saving up cash from private investors may also be wise because the public markets have not been kind to security companies lately.

What?

So-called next-generation security companies like FireEye, the company that owns Mandiant; Palo Alto Networks; Qualys; and Splunk have all experienced sharp drops in their share prices. Qualys’s stock is down to half the $55 it traded at last May, Palo Alto Networks’ stock is down nearly 18 percent since July, Splunk’s stock is down 20 percent since July, and FireEye’s stock, which reached a high of $85.64 last year, now hovers under $40.

What a thumb in the FireEye of ro$e-colored gla$$es!

--more--"

RelatedAfter building a sprawling empire, EMC battles calls to break up.... EMC is locked in a battle that could remake the data-center company’s corporate structure, a collage of overlapping businesses and executives that EMC concedes is unique in the tech world."

What will EMC do?!

And what about the infant Rapid7 and their future?

"Cybersecurity firm Rapid7 surges in IPO, the year’s first for Boston tech" by Curt Woodward, 07/17/2015

Digital security software company Rapid7 Inc. saw its shares jump 58 percent in an initial public offering Friday, reflecting a spike of investor interest in security companies following the theft of personal data belonging to millions of federal employees.

Hmmmmmmmm! Makes you wonder who might really be behind that and not the accused.

Rapid7, based in Boston, sells software that identifies weaknesses that malicious hackers might exploit in computer programs and digital networks. It claims around 4,000 customers, including several large corporate buyers.

Rapid7 sold 6.45 million shares to investors Thursday night at $16 per share, raising about $103 million before subtracting its fees. The company’s shares shot up to $27 in early trading and closed the day at $25.28. The company had previously said it expected to price its shares at $13 to $15 each. Rapid7 is trading on the Nasdaq exchage under the ticker symbol RPD.

Rapid7 was founded 15 years ago and now has about 550 employees. It’s the first Boston-based technology company to hold an IPO this year, following the IPOs of Care.com Inc., Hubspot Inc., Wayfair Inc., and Imprivata Inc. in 2014.

Analysts expect another security company, Burlington-based Veracode, to follow Rapid7 to the public markets in the coming months.

Rapid7’s IPO comes about a week after the Obama administration’s top personnel executive was forced to resign over a massive data breach that revealed Social Security numbers and other private information for millions of federal workers.

The federal hacking episode is the latest example of what has become a steady drumbeat of large security failures in recent years, including last fall’s thefts of customer payment-card data from Target and Home Depot. 

That's been long forgotten and Americans are still shopping! So I've been told. All those billions plowed into surveillance and data collection all these years, and yet it is failures up and down the line (except ATMs which are correct down to the penny when they spit out your loot).

$omething $tinks.

Rapid7’s strong debut shows that investors are starting to pay attention to these attacks and the companies that profit from thwarting them, Forrester Research analyst Tyler Shields said....

Cui bono?

--more--"

I haven't checked the stock price amidst the looming crash, sorry.

UPDATE: Almost forgot to feed the thing.