Start up: vote counting, Android malvertising, Theranos sued, Skype hacks, see USB-C grow!, and more

Lucky you! Ads are coming to Messenger bots. Photo by portalgda on Flickr.

A selection of 11 links for you. Happy don’t-have-to-think-about-US-elections-for-four-years-or-so day. I’m charlesarthur on Twitter. Observations and links welcome.

Alphabet taps brakes on drone project, nixing Starbucks partnership • Bloomberg

Mark Bergen:


The latest Google drones have just started taking flight in the real world. But the team behind the technology is slowing down, trimming headcount and shelving initiatives as the experimental unit becomes the latest target of tightening budgets across parent company Alphabet Inc. 

Project Wing, a unit of Alphabet’s X research lab, nixed a partnership with coffee giant Starbucks Corp., according to people familiar with the decision. Following the departure of project leader Dave Vos in October, the unit also froze hiring and began asking some staff to seek jobs elsewhere in the company, according to some of those people. They asked not to be identified speaking about private company moves. 

The decisions are part of a broader Alphabet effort to rein in spending and try to turn more experimental projects from loss-making risky bets into real businesses. Drones are in a particularly knotty place. US federal regulation does not yet allow for delivery, except in select test zones. However, Alphabet’s deceleration comes as other technology companies, including Inc., plough money into drone delivery.


The Wall Street Journal says that the top two Wing execs were “pushed out”, “in large part because of conflict between the group’s engineers and its commercial team”.

Boston Dynamics, Google Glass, Google Fiber – what’s the betting the next one to get a spending cut will be Project Loon, the internet-balloons-for-developing-countries scheme?

(Benedict Evans reckons the cuts are because Google is going all-in on machine learning. It would make sense.)
link to this extract

Why Twitter must be saved • Stratechery

Ben Thompson:


When information was scarce, limiting speech was a real danger; when information is abundant shielding people from speech they might disagree with has its own perverse effects.

To be clear, Twitter has a real abuse problem that it has been derelict in addressing, a decision that is costly in both human and business terms; there is real harm that comes from the ability to address anyone anonymously, including the suppression of viewpoints by de facto vigilantism. But I increasingly despair about the opposite extreme: the construction of cocoons where speech that intrudes on one’s world view with facts is suppressed for fear of what it does to the bottom line, resulting in an inert people incapable of finding common ground with anyone else.

This is why Twitter must be saved: the combination of network and format is irreplaceable, especially now that everyone knows it might not be a great business. For all the good that the Washington Post has done it is but one publication among many; the place where those publications disseminate information is the true scale, but Facebook has made its priorities clear: engagement and dollars, leavened with the certainty that engineers can make it all better; the externalities that result from a focus on making people feel good are not their concern.


The panel which I moderated on Tuesday at Web Summit felt that Facebook in particular should act to steer away from the model where it simply monetises attention without any regard to verity or effects.
link to this extract

Demand for USB Type-C to pick up with more notebook adoption, says paper • Digitimes

Joseph Tsai:


Market watchers expect Apple’s decision to fully adopt USB Type-C connectors for its new MacBook Pros to accelerate other notebook vendors’ adoption of USB Type-C technology in their products which should benefit connector makers including BizLink Holding, Good Way Technology and Foxlink, according to a Chinese-language Economic Daily News (EDN) report.

Tom Huang, Investor Relation Manager, BizLink said that mobile device I/O ports will become fewer and fewer and docking station-type of products will become more popular. BizLink has been cooperating with clients to develop USB Type C-related applications and these businesses are expected to become growth drivers for the company, the paper noted.


Gotta love those market watchers.
link to this extract

Why are Skype accounts getting hacked so easily? • The Verge

Tom Warren:


If you’ve received a weird message on Skype with a link to Baidu or LinkedIn recently, you’re not alone. In the past couple of weeks, I’ve received spam links to Baidu from six of my Skype contacts, one of whom works for Microsoft’s PR agency and another is a former Microsoft employee. All were surprised to see their accounts breached, and some believed they were protected by Microsoft’s two-factor authentication. That wasn’t the case, though.

A thread on Microsoft’s Skype support forums reveals this has been occurring to hundreds of Skype users since at least August. Breached Skype accounts are used to send thousands of spam messages before they’re locked and the owners have to regain access. Skype has fallen victim to similar attacks before, and hackers were able to spoof messages on the system last year after using lists of stolen usernames and passwords to gain access to accounts.


So why isn’t two-factor authentication working?


Skype users might think they’re protected by Microsoft’s two-factor security, when in reality they’re probably not. Microsoft offers the ability to link a Skype and Microsoft Account together to make sign-in and security easier. If you already enabled this months ago, it turns out that Microsoft has kept your original Skype account password separate so that it can still be used to access the service with a Skype username. If that password isn’t secure or you used it elsewhere then hackers can use it to gain access to Skype, bypassing any two-factor authentication provided by Microsoft.


link to this extract

Google stops AdSense attack that forced banking trojan on Android phones • Ars Technica

Dan Goodin:


Google has shut down an operation that combined malicious AdSense advertisements with a zero-day attack exploiting Chrome for Android to force devices to download banking fraud malware.

Over a two-month span, the campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 devices monitored by Kaspersky Lab, researchers from the Moscow-based anti-malware provider reported in a blog post published Monday. While the malicious installation files weren’t automatically executed, they carried names such as last-browser-update.apk and WhatsApp.apk that were designed to trick targets into manually installing them. Kaspersky privately reported the scam to Google, and engineers from the search company put an end to the campaign, although the timing of those two events wasn’t immediately clear.

“So far, those behind Svpeng have limited their attacks to smartphone users in Russia,” Kaspersky Lab researchers Nikita Buchka and Anton Kivva wrote in Monday’s post. “However, next time they push their ‘adverts’ on AdSense they may well choose to attack users in other countries; we have seen similar cases in the past. After all, what could be more convenient than exploiting the most popular advertising platform to download their malicious creations to hundreds of thousands of mobile devices?”


Only works on Google Chrome for Android; exploits AdSense; exploits Android. Quite the trifecta. (Exploits like this, of course, are part of the externality cost of advertising on users, besides attention and bandwidth.)
link to this extract

With Theranos lawsuit, Walgreens hoping to squeeze single drop of blood from stone • Dealbreaker

Owen Davis:


When it comes to entries in the it-couldn’t-possibly-get-any-worse department, Theranos has become a true standout. So it’s a bit of a bummer that the latest turn of events for the embattled blood testing startup occurred late on election day, when most eyes are trained elsewhere.

As intrepid WSJ reporter John Carreyrou reports, via Twitter, Walgreens has filed a $140m lawsuit against Theranos. It’s not the first lawsuit to follow revelations that the company’s once-vaunted technology – which promised to test for a wide array of ailments using a single drop of blood – may have been a giant sham all along. A hedge fund investor got that ball rolling last month.


Put it on the gravestone.
link to this extract

Here’s Facebook’s plan to get you chatting with Messenger business bots • Buzzfeed News

Alex Kantrowitz:


The first tweak is a simple one: News Feed advertisements designed to engage you in conversation with a chat bot. Let’s say H&M is touting a new line of winter coats in a Facebook ad campaign. Instead of directing people interested in the coats to H&M’s website or the H&M app, these ads would put them in conversation with Messenger’s H&M chat bot, which could answer questions about the coats and potentially orchestrate an in-app sale. These ads roll out globally today.

Facebook’s second tweak, sponsored messages, also rolls out globally today. These are exactly what they say on the tin: branded in-Messenger messages sent to Messenger users by advertisers they’ve interacted with in the past. Together with bot-integrated News Feed ads, these new products offer developers opportunities to more proactively engage people on Facebook.

“We now have the ability to drive massive traffic to bots through News Feed,” Facebook Messenger head David Marcus told BuzzFeed News, “and that’s great for developers.” Marcus noted that these new products have worked well in test runs. Absolut Vodka, for example, recently used a bot-integrated News Feed ad as part of a vodka giveaway campaign. Marcus said the company found that acceptance rates on Messenger were three times what they were on the mobile web.


Sounds delightful. Also, don’t worry – rather like banner ads, I’d wager the “acceptance rate” will fall fairly quickly as they become ubiquitous and people weary of them.
link to this extract

Decision 2016: counting the vote • Associated Press

Lauren Easton spoke to Don Rehill, who is in charge of the AP’s collection of voting data:


We’ll be tabulating almost 5,000 contested races from over 4,600 reporting units in 50 states, plus Washington, D.C. The states and counties that do provide unofficial results do so in myriad formats and in a variety of ways. Our reporting is based on a spectrum of reporting modes, from an AP stringer at a town election official’s office calling our vote entry center with results given to him on a printout; to a county election official faxing or emailing us a tally receipt from their optical scanner; to folks at one of our centers manually gathering results from a county website; to a secretary of state elections office sending us XML documents with the most recent updates in all of their counties. Even within a state, we often get results on different media, and in different formats, because of differences in the counties’ election equipment, their procedures or their budgets.

As developers and folks involved in compiling election data like to say, there is no “common data format.” At AP we essentially take this crazy quilt of formats and we create our own common data format to process it. Then we run it through our quality control checks, and format and disseminate the results in a variety of ways to our thousands of newspaper, broadcast and digital members and customers.


You don’t see Google or Facebook hurrying to take that over.
link to this extract

Google says it is now OK to put content behind tabs • Search Engine Journal

Matt Southern:


It sounds like that [exchange on Twitter, mentioned in the story] means we can disregard the knowledge previously thought to be true when Google’s John Mueller stated crawlers may “actively ignore” content that is “hidden”:

»“From our point of view, it’s always a tricky problem when we send a user to a page where we know this content is actually hidden. Because the user will see perhaps the content in the snippet, they’ll click through the page, and say, well, I don’t see where this information is on this page. I feel kind of almost misled to click on this to actually get in there. So that’s…the problem that we’re seeing. …we’ve gone a little bit further now to actively ignore the information that’s not directly visible. So if you want that content really indexed, I’d make sure it’s visible for the users when they go to that page.”«

So, there you have it. Time to update your technical audits, checklists, and so on. Click-to-expand content, and content hidden behind tabs, are not negative SEO factors anymore.


This doesn’t feel like good news. Does this feel like good news to you? I envisage lots more having to click things to make them go away.
link to this extract

Boffins turn phone into GPS tracker by abusing pairing with – that’s right – IoT kit • The Register

John Leyden:


Black Hat EU Security researchers have worked out how to hack into a smartphone and turn it into a tracking device by abusing its pairing with a Belkin home automation device.

Joe Tanen and Scott Tenaglia of Invincea Labs were able to root a WeMo device before injecting code into the WeMo Android app from a compromised WeMo device. The attack, which involved using an IoT device to hack into a phone, involved abusing normal functionality in order to exploit the app, the researchers explained during a presentation at Black Hat Europe on Friday.

Vulnerabilities in both the device and the Android app can be abused to obtain a root shell on the device, before running arbitrary code on the phone paired with it. The same approach might be used to crash the device, and launch DoS attacks without rooting it.

“We were able to turn your phone into a GPS tracker because your IoT kit is kinda insecure,” Tenaglia explained.

The talk – entitled Breaking BHAD: Abusing Belkin Home Automation Devices – also covered details of heap overflow, SQL injection, and code injection zero days, as well as their associated exploits. These various flaws were resolved by a recent update from Belkin.


link to this extract

Apple picked up talent, tech from defunct music startup Omnifone in August • Techcrunch

Ingrid Lunden:


As the race continues to pick up more subscribers for streaming music services, TechCrunch has learned that one of the most prominent players in the field quietly picked up some talent and tech to advance its position. Apple hired at least 16 employees and purchased select technology from Omnifone, an early player in streaming music services that filed for bankruptcy this summer.

The news emerged as Omnifone’s original founder, Rob Lewis (who was no longer with Omnifone in its final years), prepares for his latest streaming music venture, Electric Jukebox, to launch its first product this week: a music player that plugs into your TV, and a controller that looks a little like a microphone.


Do we think Rob is soon going to be hoping to be acquihired? But this is early consolidation. The list of streaming music services that have gone bust is already quite long.
link to this extract

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.