Technology

A new ‘Zombieload& flaw hits Intelnewest Cascade Lake chips

Time to reset your &days since last major chip vulnerability& counter back to zero.

Security researchers have found another flaw in Intel processors — this time ita new variant of the Zombieload attack they discovered earlier this year, but targeting Intellatest family of chips, Cascade Lake.

Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. Itsimilar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.

The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.

Zombieload was discovered by the same researchers who found Meltdown and Spectre, a set of flaws that could be used to pick out secrets — like passwords — from the processor. It was believed later chip architectures, like Cascade Lake, were toughened against speculative execution attacks, while Intel rolled out software patches to reduce the attack surface.

Neither of the other vulnerabilities in the same family as Zombieload — notably Fallout and RIDL — work on Cascade Lake, they added.

But the researchers said that Intelefforts to change the chip design in Cascade Lake are ¬ sufficient& to protect against these kinds of side-channel attacks.

The same researchers warned Intel about the vulnerability in April — as it did with the other flaws they discovered that were patched a month later. Intel took until this month to investigate, the researchers said.

Intel released patches again for its vulnerable chips on Tuesday, acknowledging that its newest chips are vulnerable to the newest Zombieload variant. But the chip making giant recognizes that the mitigations &may not completely prevent the inference of data through a side channel using these techniques.&

The chip maker said there have been &no reports& of real-world exploits of the vulnerabilities.

New secret-spilling flaw affects almost every Intel chip since 2011

Details
Category: Technology

Write comment (97 Comments)

Facebook wants you to pay people on Messenger, Instagram, and WhatsApp with Facebook Pay

Square. Venmo. PayPal. Apple Pay. Google Pay.

Therereally no shortage of ways to give people money via your phone, but that — nor growing calls that the company is already getting too damned big — isn&t stopping Facebook.

Facebook has just announced Facebook Pay, a single payment system that ties into all of the things under the FB umbrella — Messenger, Instagram, WhatsApp, and, of course, Facebook proper (for sections like Marketplace). Add a payment method once, and it&ll work across any of the Facebook apps you enable it for.

Facebook says that Pay should start rolling out this week, albeit only on Facebook/Messenger at first, and only for folks in the US. The company says it should work with most major credit/debit cards and PayPal, and they&re being careful to note that this is separate from its whole cryptocurrency wallet effort.

Does anyone need this? Probably not. It removes some friction from the Facebook Marketplace process and will probably find a natural user base there — but, honestly, when it comes to paying a friend back for dinner or paying for that used guitar, therean absolutely monstrous mountain of alternatives here.

Details
Category: Technology

Write comment (92 Comments)

Facebook pilloried over iPhone ‘secret camera access& bug

Facebook has faced a barrage of concern over an apparent bug that resulted in the social media giantiPhone app exposing the camera as users scroll through their feed.

A tweet over the weekend blew up after Joshua Maddux tweeted a screen recording of the Facebook app on his iPhone. He noticed that the camera would appear behind the Facebook app as he scrolled through his social media feed.

Several users had already spotted the bug earlier in the month. One person called it &a little worrying&.

Some immediately assumed the worst — as you might expect given the long history of security vulnerabilities, data breaches and inadvertent exposures at Facebook over the past year. Just last week, the company confirmed that some developers had improperly retained access to some Facebook user data for more than a year.

Will Strafach, chief executive at Guardian Firewall, said it looked like a &harmless but creepy looking bug.&

The bug appears to only affect iPhone users running the latest iOS 13 software, and those who have already granted the app access to the camera and microphone. Itbelieved the bug relates to the &story& view in the app, which opens the camera for users to take photos.

One workaround is to simply revoke camera and microphone access to the Facebook app in their iOS settings.

Despite the apparent widespread concern from users on social media, Facebook did not respond to repeated requests for comment from TechCrunch. That said, Facebook vice president of integrity Guy Rosen tweeted this morning that it &sounds like a bug& and the company was investigating.

&I guess it does say something when Facebook trust has eroded so badly that it will not get the benefit of the doubt when people see such a bug,& said Strafach.

Mark Zuckerberg is ‘proud& of how Facebook handled its scandals this year

Details
Category: Technology

Write comment (91 Comments)

Earlier this year, Google in-house incubator launched CallJoy, a virtual customer service phone agent for small businesses that could block spammers, answer calls, provide callers with basic business information, and redirect other requests like appointment booking or to-go orders to SMS. Today, CallJoy is rolling out its first major update, which now enables the computer phone agent to have more of a conversation with the customer by asking questions and providing more information, among other improvements.

Originally, CallJoy could provide customers with information like the business hours or the address, or could ask the customer for permission to send them a link over text message to help them with their request. With the update, CallJoyphone agent can answer questions more intelligently.

This begins by CallJoy asking the customer, &can I help you?,& which the customer then responds to, as they would usually. Their answer allows CallJoy to offer more information than before, based on what the caller had said.

For example, if a caller asked a restaurant if they had any vegetarian options, the phone agent might respond: &Yes! Our menu has vegetarian and vegan-friendly choices. Can I text you the link to our online menu?&

This isn&t all done through some magical A.I., however. Instead, the business owner has to program in the sort of customer inquiries it wants CallJoy to be able to respond to and handle. While some, like vegetarian options, may be common inquiries, it can be hard to remember everything that customers ask. That where CallJoyanalytics could help.

GoogleCallJoy phone agent for small businesses gets smarter, more conversational

The service already gathers call data — like phone numbers, audio and call transcripts& into an online dashboard for further analysis. Business owners can tag calls and run reports to get a better understanding of their call volume, peak call times, and what people wanted to know. This information can be used to better staff their phone lines during busy times or to update their website or business listings, for example. And now, it can help the business owner to understand what sort of inquiries it should train the CallJoy phone agent on, too.

Once trained, the agent can speak an answer, send a link to the customerphone with the information, or offer to connect the caller to the businessphone number to reach a real person. (CallJoy offers a virtual phone number, like Google Voice, but it can ring a &real& phone line as needed to get a person on the line.)

Another feature launching today will allow business owners to implement CallJoy as they see fit.

Some business owners may prefer to answer the phone themselves and speak to their customers directly, for example. But they could still take advantage of a service like this at other times — like after hours or when they&re too busy to answer. The updated version now allows them to program when CallJoy will answer, including by times of day, or after the phone rings a certain number of times, for example.

The business owner will also receive a daily email recap of everything CallJoy did, so they know how and when it was put to use.

The product to date has been aimed at small business owners, who can&t afford the more expensive customer service phone agent systems. Instead, itpriced at a flat $39 per month.

A spokesperson for CallJoy says the service has signed up &thousands& of small businesses since its initially invite-only launch in May 2019.

GoogleArea 120 incubator is a place for Google employees to try out new ideas, while still operating inside Google instead of leaving for a startup. Itconsidered a separate entity — some the apps produced by Area 120 don&t even mention their Google affiliation in their App Store descriptions, for instance. CallJoy, however, has received more of a spotlight than some. Iteven being featured on Googlemain corporate blog, The Keyword, today. However, if CallJoy makes the leap to Google — something that hasn&t been decided yet — it wouldn&t be the first Area 120 project to do so.

Area 120Touring Bird recently landed inside Google as did learn-to-code app Grasshopper and others.

We understand that joining Google is something thatstill on the table for CallJoy, but itnot at the point of making that switch just yet.

Details
Category: Technology

Write comment (98 Comments)

Raksha Muthukumar Contributor
Raksha is a software engineer at Google who is passionate about social justice and liberation through technology.

We&ve heard the criticisms that there were fewer black women speakers than white men at Grace Hopper Celebration in the past, but event organizers heard our complaints and created an entire conference pathway and new grants for &women of color from underrepresented groups and women from untapped pathways.&

We feel better now that our panels include hijabi and transgender women. The work done by women of color and others to broaden our understanding of diversity and inclusion in these spaces cannot go without recognition.

But at the end of it all, my question after a long day of panels and handshakes is, why? What are we really doing here? What ideas are we planting and fostering behind our massive paywall? Are we breaking down barriers for future generations, or simply congratulating ourselves for reaching the upper echelons of women who have vaulted them? Are we pushing to change toxic systems, or asking women to change themselves to navigate them?

Who are we benefiting and elevating with our efforts?

What we can say about the majority of corporate women is that we are currently wealthy and educated. What we can say about many corporate women in the American tech sector is that we are white or Asian-American, heterosexual, abled and a plethora of other dimensions of privileged. Through most of our women in tech events, we self-select into a space where others are educated like us, or aspire to be educated like us, and erect barriers to the tune of thousands of dollars and up to a week off from work/school. Conferences tout scholarships to offset the cost of attendance for the up and coming generation of tech women, but often times those students are required to show existing proclivities to STEM.

Extending resources to students who already have exposure to STEM biases our outreach to those with privilege already; low-income schools in California are four times less likely to offer AP computer science A courses than high-income schools, according to an independent study done by the Kapor Center. Unfortunately, ithard to make a case to allocate resources any other way when these events rely on corporate sponsorship and attendance and a business case must be made for return on investment (re: tech talent pipeline).

The following is a (non-comprehensive) list of recommendations for improving the way we build power as women in tech:

1. Increase economic accessibility by supporting smaller conferences

Attending a conference costs more than its ticket price, so increasing accessibility must be more comprehensive than offering scholarships. Some examples of questions to ask ourselves as organizers: will attendees with mobility needs spend more than others for their travel and lodging? Are students who receive financial aid more fearful about taking days off?

At first glance, these questions seem like they can be addressed by throwing money at the problem — more scholarships for disabled and lower-income attendees, easy! But trying to level the playing field in this manner is an exercise in futility; bringing a few lucky underprivileged people into our space does little to address the underlying hierarchy. A better way to look at it is to ask how we can make the benefits available to those of us with privilege equally accessible to those with less.

Smaller, regional events usually cost less to host and attend and spread value more widely. New speakers can practice leadership, attendees can network with professionals in their local area, and students can receive more attention and mentorship. Resources move into local communities and nonprofits instead of into recruiting pipelines for tech giants. Some examples of regional conferences targeting minorities but with more granular goals are CodeNewbies, AfroTechand Take Back Tech. These are the efforts we need to support if we want to effectively grow power in our communities that don&t already have it.

2. Focus on systemic change

If every takeaway from your event is how women can change their actions, then it might be a shallow event. Women and others are not held down because we cry at work, or because we take maternity leave, but because of how those around us perceive those things. Challenging ourselves to change our perceptions is more difficult but ultimately more valuable than stifling our authentic choices and personality to be more convenient.

Itimportant to ask ourselves why we, a group of traditionally mistreated professionals, are gathering. Why are we sharing our stories of vulnerability and to what end are we building our collective strength? Marginalized people coming together helps consolidate our power so that we can change the system we&re in. Ita form of collective action — when dozens of women want maternity leave, their employer is more inclined to provide it than when one woman asks alone. When multiple women talk to each other and realize they&ve been harassed by the same co-worker, they feel empowered to do something about it. We organize and gather so we can change injustices.

Conversations where the whole room may not agree with you can be more impactful than the ones that earn you the most laughs and nods. Challenge your audience; discomfort is where we grow. If you&re holding an event for allies, make them earn the title of ally. Catch yourself when you fall to the instinct of making everyone feel good when your goal is to make a difference.

3. Support grassroots-led change instead of corporate-lead change

Letnot forget who the greatest winners are after a Women @ Qualcomm weekend, a Microsoft Women in Technology Event or Grace Hopper Celebration — the event organizer.

They recruit from the highly qualified pool of attendees while cultivating positive PR for valuing diversity, gaining much more overall than any one individual, though a single person may stand to gain from the opportunity. Companies have made a major push for students and employees from underrepresented groups to stay in the &tech talent pipeline.& As from any affirmative action, there are positive outcomes from that, but there are also studies that find that the pipeline has not addressed deeper issues with workplace cultures, power asymmetries, and harassment.

Put another way, companies often recruit diversity in ways that bring value to themselves without taking responsibility for the quality of life of those within the pipeline. Itimportant to remind ourselves that these are not purely philanthropic goals for corporations and that recruitment and retention are to their benefit. At the very least, we&re entitled to substantive policy change in exchange for our labor.

Grassroots and community-led change is better than corporate-led change if our goal is to empower and further the opportunities for women. We must create opportunities for leadership and support efforts that truly build our strength. We should be fearless in asking for real change. By all means, do the work within the companies and within the mainstream conferences if that empowers you, but be wary of the ways that you might be keeping power in already powerful communities and keep your goals in sight. Don&t be afraid to ask why, even for things that seem to have the best of intentions. Even well-meaning systems can perpetuate harmful power dynamics if those of us within them aren&t constantly questioning and pushing back.

Details
Category: Technology

Write comment (100 Comments)

From a geographical perspective, the San Francisco Bay Area and Los Angeles startup ecosystems are no longer separated by a few hundred miles.

Top-tier VCs from SF visit LA regularly, and entrepreneurs raise from investors upstate and downstate in one process. Anecdotally, as an LA resident of 4 years, therebeen a palpable uptick of entrepreneurs from the Bay Area who move down here after exiting to found their next company.

The City of Angels is a hub for a wide range of startups, but it has two major groupings: consumer-facing startups that tap into Hollywoodmarketing culture, and the deep-tech ecosystem created by the cityrole as a hub for aerospace, defense and R-D.

To track how the ecosystem for software and digital media startups here is evolving, I asked a few of the top consumer VCs based there to share some of the trends they are most excited about investing in right now:

  • Kevin Zhang, partner at Upfront Ventures
  • Mike Palank, managing director at MaC Venture Capital
  • Effie Epstein, partner at Sound Ventures
  • Brett Brewer, partner at CrossCut Ventures
  • Courtney Reum, partner at M13
  • Ron Rofe, partner at Rainfall Ventures
  • Ryan Hoover, partner at The Weekend Fund
  • Dustin Rosen, partner at Wonder Ventures
  • Zach White, principal at Sinai Ventures

The key takeaway is perhaps the diversity of their responses: investors here are going deep into trends across the spectrum of consumer spending. Consumer health and transportation are mentioned, as they were in my surveys of VCs in London and in New York, but this group repeatedly predicts a new wave of interactive, social media startups (albeit with different perspectives on what it looks like).

Kevin Zhang, partner at Upfront Ventures

I&m a strong believer itthe best time to be a game developer now. Every 10 years or so distribution shakes up, now giants like MSFT, Google, Sony, Epic, etc. are rushing in to shift gamers to subscriptions and cloud gaming, which means big exclusive content library building with lots of &non-dilutive& capital for developers. Games themselves are becoming bigger, cross-platform, cheaper to build and more accessible than ever thanks to advancement in game engine and networking tech. Related: therea new generation of mobile entertainment brewing at the intersection of short-form video, live, audience participation and social play; itmarrying whatworked with UGC and live video with in-app-purchases and retention tactics of casual games to create more accessible and bite-sized entertainment destinations.

Mike Palank, managing director at MaC Venture Capital

While it used to be that great content alone made for a compelling entertainment experience, as we move into the future it will be the blending of great content and amazing tech that will truly capture and retain peopleattention. We&ve seen those funny Youtube videos of babies swiping pictures in physical magazines showcasing their expectations that everything is interactive. I think in much the same way, expectations around filmed media (movies + TV) will trend towards the interactive. We are seeing some truly interesting experimentation around interactive right now from companies like Netflix, Unrd, Eko, CtrlMovie, Playdeo, Hovercast, Aether, Within, Twitch and others.

The winners of the streaming wars understand this and I believe will supplement their content slates with interesting technology to make the viewing experience unique and participatory (Quibi has already announced some examples of this). At MaC, we are looking for those innovative companies that are re-thinking how consumers experience filmed entertainment to make it more experiential, interactive and engaging.

Effie Epstein, partner at Sound Ventures

At Sound, we believe that investors have an enormous responsibility to help shape the future we all want to see. To that end, we&ve been seeing a lot of promising innovation emerge around financial inclusion and digital healthcare. For example, Divvy Homes is a company that is making home ownership a possibility for the millions of Americans who struggle to afford a down payment, and Affirm is giving consumers a fair alternative to credit cards in an age where Americans are more in debt than ever. Meanwhile, TruePill is making it easier and more affordable for end consumers to access medication by changing the way medicine gets delivered, and Alma is making mental healthcare easier for consumers as well as for practitioners.

Details
Category: Technology

Write comment (91 Comments)
  1. Pan-African e-tailer Jumia grows 3Q revenue, e-payments and losses
  2. Formlabs is making a 3D printer just for dentists
  3. Work collaboration startup Notion Labs cozies up to Silicon Valley’s top accelerators
  4. New York’s Boldstart Ventures has raised $157 million across two funds to back nascent enterprise startups
  5. New 5G flaws can track phone locations and spoof emergency alerts