Kiran Upadhyay

LastPass officials warned Monday that attackers have compromised servers that run the company's password management service and made off with cryptographically protected passwords and other sensitive user data. It was the second breach notification regarding the service in the past four years. In all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses, LastPass CEO Joe Siegrist wrote in a blog post. It emphasized that there was no evidence the attackers were able to open cryptographically locked user vaults where plain-text passwords are stored. That's because the master passwords that unlock those vaults were protected using an extremely slow hashing mechanism that requires large amounts of computing power to work. "We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist wrote. "LastPass strengthens the authentication hash with a random salt

Most people didn’t notice last month when a 35-person company in San Francisco called HoneyBook announced a $22 million Series B*. What was unusual about the deal is that nearly all the best-known Silicon Valley VCs competed for it. That’s because HoneyBook is a prime example of an important new category of digital company that combines the best elements of networks like Facebook with marketplaces like Airbnb — what we call a market network. Market networks will produce a new class of unicorn companies and impact how millions of service professionals will work and earn their living. What Is A Market Network? “Marketplaces” provide transactions among multiple buyers and multiple sellers — like eBay, Etsy, Uber and LendingClub. “Networks” provide profiles that project a person’s identity, then lets them communicate in a 360-degree pattern with other people in the network. Think Facebook, Twitter and LinkedIn. What’s unique about market networks is that they: Combine the

YC-backed Cymmetria, which is uncloaking from stealth now after around a year working its cyber security startup business, wants to tilt the traditional security odds so it’s hackers who are left feeling vulnerable and on their guard — by giving the businesses whose systems are under attack a ‘home advantage’. How does it flip the attacker/attacked dynamic? By creating decoys which are embedded into the network and designed to draw hackers to them, making it quicker and easier for a business to detect and mitigate a security breach. And harder for a hacker to know what’s what. “I’ve been sitting on this idea for several years, really, waiting for the right timing,” says co-founder Gadi Evron, who used to head up the Israeli government’s Internet security operation, and has also worked in senior security roles for PwC and Kaspersky. “I got somewhat exhausted with the security industry. From various directions. In a way we’re very defeatist — we go to work everyday knowing that

Euphoric reaction to superstar tech businesses is rampant — so much so that the tech industry is in denial about looming threats. The tech industry is in a bubble, and there are sufficient indicators for those willing to open their eyes. Rearing unicorns, however, is a distracting fascination. The Perfect Storm Raising funding for tech startups has never been so easy. Some of this flood of money has been because of mutual funds and hedge funds, including Fidelity, T. Rowe Price and Tiger Global Management. This is altering not only the funding landscape for tech startups, but also valuation expectations. There are many concerns that valuations for businesses are confounding rationale. Entrepreneurs and their investors are deviating from more traditional valuation and performance metrics to more unconventional ones. Another cause cited for increasing valuations is the trend of protections for late investors that cause valuations to inflate further. The combination of a number o

LOS ANGELES—Microsoft's press conference included the unveiling of a surprising new piece of hardware: a "pro" Xbox One controller coming to stores in October. The new Xbox Elite Controller earns its classification—though perhaps not its $150 price tag—with a huge number of tweaks and options. What has changed? A lot, and much more than the updated standard controller. For starters, this controller has four "paddle" buttons on the back, which replicate other normal buttons. They're reachable by middle and ring fingers—meaning Microsoft has finally replicated third-party offerings that let players keep their thumbs on the joysticks at all times. The paddles are also removable and replaceable, as are the controller's d-pad and twin joysticks—meaning players can switch between concave and convex joystick tops to suit their preferences. The Elite controller will ship with a total of three joystick-head options, along with two lengths of paddle and tw

LOS ANGELES—While Microsoft's pre-E3 press conference focused largely on newer video games, the event also filled in a pretty major gap for hardware-upgrading holdouts: backward compatibility. Starting later this year, the company's newest console, the Xbox One, will support a limited number of older Xbox 360 games—and Xbox One preview program users will get a shot even sooner than that. Gamers will have two ways of playing old games that are part of the backward-compatible initiative. If users already purchased the games digitally through Xbox Live, they can simply log in and re-download the game on Xbox One without paying any additional cost. If they own the game as a disc, they'll have to download the game to their Xbox One hard drive, and the system will then check for the disc before launching the game. Technical details on how this works are still unknown. The hardware of the Xbox 360 is very different from the hardware of the Xbox One, and pure emulation of th

As many as 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps, a security researcher said. The vulnerability is in the update mechanism for a Samsung-customized version of SwiftKey, available on the Samsung Galaxy S6, S5, and several other Galaxy models. When downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic—such as those on the same Wi-Fi network—to replace the legitimate file with a malicious payload. The exploit was demonstrated Tuesday at the Blackhat security conference in London by Ryan Welton, a researcher with security firm NowSecure. A video of his exploit is here. Phones that come pre-installed with the Samsung IME keyboard, as the Samsung markets its customized version of SwiftKey, periodically query an authorized ser