Kiran Upadhyay

LastPass officials warned Monday that attackers have compromised servers that run the company's password management service and made off with cryptographically protected passwords and other sensitive user data. It was the second breach notification regarding the service in the past four years. In all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses, LastPass CEO Joe Siegrist wrote in a blog post. It emphasized that there was no evidence the attackers were able to open cryptographically locked user vaults where plain-text passwords are stored. That's because the master passwords that unlock those vaults were protected using an extremely slow hashing mechanism that requires large amounts of computing power to work. "We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist wrote. "LastPass strengthens the authentication hash with a random salt

Most people didn’t notice last month when a 35-person company in San Francisco called HoneyBook announced a $22 million Series B*. What was unusual about the deal is that nearly all the best-known Silicon Valley VCs competed for it. That’s because HoneyBook is a prime example of an important new category of digital company that combines the best elements of networks like Facebook with marketplaces like Airbnb — what we call a market network. Market networks will produce a new class of unicorn companies and impact how millions of service professionals will work and earn their living. What Is A Market Network? “Marketplaces” provide transactions among multiple buyers and multiple sellers — like eBay, Etsy, Uber and LendingClub. “Networks” provide profiles that project a person’s identity, then lets them communicate in a 360-degree pattern with other people in the network. Think Facebook, Twitter and LinkedIn. What’s unique about market networks is that they: Combine the

YC-backed Cymmetria, which is uncloaking from stealth now after around a year working its cyber security startup business, wants to tilt the traditional security odds so it’s hackers who are left feeling vulnerable and on their guard — by giving the businesses whose systems are under attack a ‘home advantage’. How does it flip the attacker/attacked dynamic? By creating decoys which are embedded into the network and designed to draw hackers to them, making it quicker and easier for a business to detect and mitigate a security breach. And harder for a hacker to know what’s what. “I’ve been sitting on this idea for several years, really, waiting for the right timing,” says co-founder Gadi Evron, who used to head up the Israeli government’s Internet security operation, and has also worked in senior security roles for PwC and Kaspersky. “I got somewhat exhausted with the security industry. From various directions. In a way we’re very defeatist — we go to work everyday knowing that

Euphoric reaction to superstar tech businesses is rampant — so much so that the tech industry is in denial about looming threats. The tech industry is in a bubble, and there are sufficient indicators for those willing to open their eyes. Rearing unicorns, however, is a distracting fascination. The Perfect Storm Raising funding for tech startups has never been so easy. Some of this flood of money has been because of mutual funds and hedge funds, including Fidelity, T. Rowe Price and Tiger Global Management. This is altering not only the funding landscape for tech startups, but also valuation expectations. There are many concerns that valuations for businesses are confounding rationale. Entrepreneurs and their investors are deviating from more traditional valuation and performance metrics to more unconventional ones. Another cause cited for increasing valuations is the trend of protections for late investors that cause valuations to inflate further. The combination of a number o

LOS ANGELES—Microsoft's press conference included the unveiling of a surprising new piece of hardware: a "pro" Xbox One controller coming to stores in October. The new Xbox Elite Controller earns its classification—though perhaps not its $150 price tag—with a huge number of tweaks and options. What has changed? A lot, and much more than the updated standard controller. For starters, this controller has four "paddle" buttons on the back, which replicate other normal buttons. They're reachable by middle and ring fingers—meaning Microsoft has finally replicated third-party offerings that let players keep their thumbs on the joysticks at all times. The paddles are also removable and replaceable, as are the controller's d-pad and twin joysticks—meaning players can switch between concave and convex joystick tops to suit their preferences. The Elite controller will ship with a total of three joystick-head options, along with two lengths of paddle and tw

LOS ANGELES—While Microsoft's pre-E3 press conference focused largely on newer video games, the event also filled in a pretty major gap for hardware-upgrading holdouts: backward compatibility. Starting later this year, the company's newest console, the Xbox One, will support a limited number of older Xbox 360 games—and Xbox One preview program users will get a shot even sooner than that. Gamers will have two ways of playing old games that are part of the backward-compatible initiative. If users already purchased the games digitally through Xbox Live, they can simply log in and re-download the game on Xbox One without paying any additional cost. If they own the game as a disc, they'll have to download the game to their Xbox One hard drive, and the system will then check for the disc before launching the game. Technical details on how this works are still unknown. The hardware of the Xbox 360 is very different from the hardware of the Xbox One, and pure emulation of th

As many as 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps, a security researcher said. The vulnerability is in the update mechanism for a Samsung-customized version of SwiftKey, available on the Samsung Galaxy S6, S5, and several other Galaxy models. When downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic—such as those on the same Wi-Fi network—to replace the legitimate file with a malicious payload. The exploit was demonstrated Tuesday at the Blackhat security conference in London by Ryan Welton, a researcher with security firm NowSecure. A video of his exploit is here. Phones that come pre-installed with the Samsung IME keyboard, as the Samsung markets its customized version of SwiftKey, periodically query an authorized ser

Lavu, an Albuquerque-based startup that provides iPad-centric point of sale systems for restaurants, has raised $15 million in new funding led by Aldrich Capital Partners. Previously bootstrapped, Lavu has been profitable since its second month in operation, according to founder Andy Lim. The company charges a licensing fee (around $1k per POS terminal) and a recurring monthly fee determined by the size of the restaurant. Lim says that Lavu is currently being used by over 4,000 restaurants in 86 countries. Australia, Thailand, and Singapore are a few regions with especially high adoption. The $15 million will be used to ramp up sales and marketing efforts. “That’s what we lack; we don’t really do quite well in terms of sales and marketing… the investment is really to get those resources and connections to reach out to more of the big chains,” Lim says. By partnering with an international fast food chain, for example, Lavu would be able to scale its platform globally at a r

During testimony today in a grueling two-hour hearing before the House Oversight and Government Reform Committee, Office of Personnel Management (OPM) Director Katherine Archuleta claimed that she had recognized huge problems with the agency's computer security when she assumed her post 18 months ago. But when pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, she said, "It is not feasible to implement on networks that are too old." She added that the agency is now working to encrypt data within its networks. But even if the systems had been encrypted, it likely wouldn't have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would "not have helped in this case" because the attackers had gained valid user credentials to

During periods of chronic stress, we often up our caffeine consumption. This works better than you might expect—the increase can reduce some of the negative effects of long-term stress, including depression and memory deterioration. In a new study published in PNAS, researchers dug further into this finding, examining the signaling networks that caffeine influences within the brain. One of the proteins they identify is a potential treatment target for the symptoms of long-term stress. Chronic unpredictable stress alters neural circuits in the hippocampus. It dampens mood, reduces memory performance, and increases an individual’s susceptibility to depression. The researchers studied this phenomenon in mice by exposing them to chronic, unpredictable, long-term stress in a variety of forms: cage-tilting, damp sawdust, predator sounds, placement in an empty cage, switching cages, and inversion of day/night light cycles. Just like humans experiencing chronic stress, the mice showed weigh

The Federal Communications Commission today said it plans to fine AT&T $100 million for throttling the wireless Internet connections of customers with unlimited data plans without adequately notifying the customers about the reduced speeds. "The Commission charges AT&T with violating the 2010 Open Internet Transparency Rule by falsely labeling these plans as 'unlimited' and by failing to sufficiently inform customers of the maximum speed they would receive under the Maximum Bit Rate policy," the announcement said. The action isn't yet final. The FCC issued a Notice of Apparent Liability against AT&T that includes the proposed fine and provisions designed to bring AT&T into compliance with the commission's rules about making proper disclosures to customers. AT&T can ask the commission to reduce or eliminate the fine, which would be deposited into the US Treasury. But even if AT&T opposes the fine, the commission says the company

Researchers have uncovered huge holes in the application sandboxes protecting Apple's OS X and iOS operating systems, a discovery that allows them to create apps that pilfer iCloud, Gmail, and banking passwords and can also siphon data from 1Password, Evernote, and other apps. The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers' apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers' cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms. &q

You probably don’t always like/share/comment on the stuff that pops up in your Facebook feed, even if it’s something you care to see. Take, for example, a breaking news items about an earthquake on the other side of the world — you’d probably feel weird hitting a button labeled “Like” on that one, and you might not have anything to say… but that doesn’t mean you don’t care. Realizing this, Facebook is tweaking its algorithms to account for a new metric: the amount of time you spend looking at things in your feed, regardless of whether or not you actively interact with it. Scroll past something without stopping for long, and Facebook’s algorithms will slowly learn that you don’t particularly care for that sort of content. Camp out on a post for a bit, though, and Facebook starts the timer behind the scenes. If you spend more time on this story than you spend on most things in your feed — studying a picture, perusing the comment thread — they’ll take that as a signal that it’s

Your phone is about to get a lot more Fallout; Bethesda Softworks held its own E3 press event last night, wherein they revealed a lot about upcoming title Fallout 4, and launched a new Fallout dedicated mobile game called Fallout Shelter. True fans of the series will probably be most excited by in-game support in Fallout 4 for a real-world Pip-Boy, powered by your very own smartphone. A version of Fallout 4 called the “Fallout 4 Pip-Boy Edition” will ship on November 10, the same day the game is generally released, with a retail price of $120 and a package that includes a Pip-Boy replica, designed to actually be worn on your wrist. The replica has a slot suitable to accommodate a number of different kinds of smartphones thanks to included foam inserts to adjust sizing, and works with the Pip-Boy companion app that lets players actually manipulate their in-game inventory, character perks, holotapes and beyond. As far as second screen experiences go, this one sounds pretty damn am

Forget about your supermarket and buy directly from your local farmers and foodmakers. French startup La Ruche qui dit oui (also known as The Food Assembly in the U.K.) has been making waves in its home country for a while now. But it seems like international investors also got the word as Fred Wilson from Union Square Ventures and Frédéric Court from Felix Capital are leading a $9 million Series B round (€8 million) in the food startup, with XAnge and Quadia also participating. This startup is fascinating for many reasons — La Ruche may have found the most efficient business model when it comes to building a food startup. “Last year, we launched in the U.K., Germany, Spain and Italy. This round means that we need to solidify our existing markets,” co-founder and CEO Marc-David Choukroun told me. “We need to go faster when it comes to our innovation power.” Here’s how La Ruche works. There are hundreds of ruches in many different places in France. You first need to find your loc

Fitbit went public this morning, soaring more than 50 percent at one moment. The wearables firm priced its equity at $20 per share. Early trading saw the shares crest the $30 mark. At the time of writing, Fitibit is currently trading for $29.60, a 48 percent gain. Regardless, the company is having the sort of debut that most startups dream of. It’s worth keeping in mind that Fitbit originally proposed a $14 to $16 share price for its flotation. As such, it’s even further ahead than some perhaps expected. This chart is the porn you were looking for: Originally, Fitbit filed for a $100 million public offering. That figure — often a placeholder — rose to $358 million, using its original share pricing. The company raised even more today. In short, whatever Fitbit had planned for that money it can do, and more.

AHHHHHHHH. I feel like I’ve been waiting years for this. The first real footage of Star Wars Battlefront — an EA-made sequel to the wonderful first person shooter of the same name that LucasArts (RIP) made back in 2004 — just dropped at E3. Unlike previously released footage (which was made with the game’s engine but all pre-rendered) this clip is said to be ripped straight from actual gameplay running on a PS4. I’m perhaps more excited about this than I am about The Force Awakens. Okay, probably not — but it’s close. For anyone who never played it, Battlefront is what happens when you take the Star Wars universe and smash it into a first person shooter with epic, 40-person multiplayer battles. Hoth! Flyable TIE fighters versus flyable X-Wings! AT-ATs versus snowspeeders! Lasers! THE LAAASEEEERS. Fans have been begging for a new Battlefront game for over a decade now — but, despite a number of attempts, LucasArts just couldn’t get one out the door. After LucasArts got

Amazon is apparently enlisting everyday humans in its network of endless online shopping delivery. The WSJ reports that the ecommerce giant is working on an app internally that would allow the average consumer to make a little cash by picking up Amazon packages at various retail locations and dropping them off at their final destination. WSJ’s sources did not have a timeline for the release of this product, internally called ‘On My Way,’ and were unsure whether it would launch at all. Amazon has spent years not only iterating the way it tailors your online shopping experience — the mega retailer has one of the best suggestion engines in the business — but also the way that it gets you your products with speed and convenience. Besides the standard shipping (or two-day for Prime members), Amazon has fiddled with the idea of letting Uber drivers and yellow cabs deliver products same-day, as well as using bike messengers and third-party delivery services for Prime Now and AmazonFr

Microsoft just announced that Xbox One will soon be able to play Xbox 360 games, which gives it backwards compatibility with the previous generation hardware for the first time. Microsoft’s Phil Spencer announced the news on stage at the E3 2015 Xbox keynote today, and the crowd went wild. This will work with over 100 titles beginning this holiday season, with 100 more to follow later. “Our goal is to deliver the largest games library on Xbox One,” Spencer said. Microsoft is developing patches for individual games, and this will work both for online titles and retail discs (with a download). Backwards compatibility has been a top ask from Xbox One owners in the past, so it’s obviously great news to see this happening. It’ll also mean people won’t have to re-buy their old favorites, something which has been spurring many HD remakes. Today, there’s already an initial set of backwards compatible titles available for Xbox preview program members.

It would appear that the California Labor Commission has ruled that at least one Uber driver is an employee. As it stands now, Uber employs its drivers as third-party contractors, operating as a logistics company that provides access to customer demand and directions, transactions, etc. for the drivers. Uber has argued repeatedly in various courts that it is not a transportation or taxi company, but rather a software platform that matches customer demand with supply. This ruling changes all that, turning Uber into a transportation startup instead of a logistics software company. That puts the company in a position to face a number of legal obstacles, as well as rising costs of employing those drivers directly and offering them benefits, etc. As BI points out, one of Uber’s main costs is its full-time employees that work out of Uber corporate offices. If Uber drivers are deemed employees, the business model shifts drastically. Uber is said to have more than a million drivers

Google, Microsoft, Mozilla and the engineers on the WebKit project today announced that they have teamed up to launch WebAssembly, a new binary format for compiling applications for the web. The web thrives on standards and, for better or worse, JavaScript is its programming language. Over the years, however, we’ve seen more and more efforts that allow developers to work around some of the limitations of JavaScript by building compilers that transpile code in other languages to JavaScript. Some of these projects focus on adding new features to the language (like Microsoft’s TypeScript) or speeding up JavaScript (like Mozilla’s asm.js project). Now, many of these projects are starting to come together in the form of WebAssmbly. The new format is meant to allow programmers to compile their code for the browser (currently the focus is on C/C++, with other languages to follow), where it is then executed inside the JavaScript engine. Instead of having to parse the full code, though,

Contract work is becoming the new normal. Consider Uber: The ride-sharing startup has 160,000 contractors, but just 2,000 employees. That’s an astonishing ratio of 80 to 1. And when it comes to a focus on contract labor, Uber isn’t alone. Handy, Eaze and Luxe are just a few of the latest entrants into the “1099 Economy.” Though they get the most attention, it’s not just on-demand companies that employ significant contract workforces. Microsoft has nearly two-thirds as many contractors as full-time employees. Even the simplest business structures, sole proprietorships, have increased their use of contract workers nearly two-fold since 2003. Four trends are converging to make contracting more attractive for both employers and workers, and reshaping how businesses and employees look at the traditional full-time model. Pick A Platform, Find Customers Historically, contractors have needed serious hustle to get referrals, early customers, and a stream of repeat business. For local

There are remote control cars and then there are Remote Control Cars. This is the latter of the two. Range Rover UK developed a prototype system that allows a Range Rover Sport to be controlled remotely through a smartphone app. And not just the door locks. The vehicle can be driven from the app. As the video here shows, this functionality allows drivers to safely traverse treacherous terrain or tight parking spots. It seemingly works as expected. The app control’s the vehicle’s speed and direction. Speed is limited to 4 mph and the smartphone needs to be within 10 feet of the vehicle. The company says that it could eventually build voice commands into the system. Right now this is just an engineering prototype so don’t expect to go down to your local Range Rover dealer and try this out. Range Rover didn’t specify if or when this technology will hit production models. Security would of course be a top priority. The last thing Range Rover would want is to give car thieves the

How much does a terabyte of photo storage cost? On iCloud, $240 a year. Dropbox, $100. Microsoft OneDrive, $84. Google, $0. It’s free on desktop, Android, and iOS. Today, Google announced its new Google Photos product, which offers unlimited free storage of photos and videos. The only limits are that photos must be under 16 megapixels, and video resolution is capped at 1080P. If the photos and videos are bigger, Google will compress them, but says the visual quality is virtually untouched. With auto-backup from its iOS and Android apps, you can forget worrying about saving your photos, and you can forget paying to store them. Photos Are A Computer Vision Goldmine Other services are still trying to make money more directly from photos. Flickr offers 1 terabyte free, but you and your viewers have to endure frequent full-page ads from its parent company Yahoo. Amazon offers free unlimited storage, but you have to buy a $99 a year Prime subscription. But Google is willing t