Menu

Timesdelhi.com

March 24, 2019

Hackers conquer Tesla’s in-car web browser and win a Model 3

Delhi/India/Politics by

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program

News Source = techcrunch.com

Elon Musk defends tweets in SEC’s contempt proceedings

Delhi by

Tesla CEO Elon Musk argued Friday that his Twitter use did not violate a settlement agreement with the U.S. Securities and Exchange Commission and that the agency’s request to have him held in contempt is based on a “radical interpretation” of the order, according to court papers filed in Manhattan federal court.

The SEC has asked a judge to hold Musk in contempt for violating a settlement agreement reached last year over Musk’s now infamous “funding secured” tweet. Under that agreement, Musk is supposed to get approval from Tesla’s board before communicating potentially material information to investors.

Musk contends he didn’t violate the agreement and that the problem lies in the SEC’s interpretation, which he describes as “virtually wrong at every level.” The filing also reveals new details about the settlement negotiations, notably that the SEC sent Musk a draft agreement that would have required him to obtain pre-approval for all public statements related to Tesla, in any format.

Musk and Tesla never agreed to those terms. Instead, Musk says the agreement requires him to comply with Tesla own policy, which would require pre-approval for “written communications that contain, or reasonably could contain, information material to the company or its shareholders.”

The barbs traded via court filings are the latest in an escalating fight between the billionaire entrepreneur and SEC that began last August when Musk tweeted that he had “funding secured” for a private takeover of the company at $420 per share.  The SEC filed a complaint in federal district court in September alleging that Musk lied.

Musk and Tesla settled with the SEC last year without admitting wrongdoing. Tesla agreed to pay a $20 million fine; Musk had to agree to step down as Tesla chairman for a period of at least three years; the company had to appoint two independent directors to the board; and Tesla was also told to put in place a way to monitor Musk’s statements to the public about the company, including via Twitter.

But the fight was re-ignited last month after Musk sent a tweet on February 19 that Tesla would produce “around” 500,000 cars this year, correcting himself hours later to clarify that he meant the company would be producing at an annualized rate of 500,000 vehicles by year end.

The SEC argued that the tweet sent by Musk violated their agreement. Musk has said the tweet was “immaterial” and complied with the settlement.

Elon Musk defends tweets in SEC’s contempt proceedings

Delhi by

Tesla CEO Elon Musk argued Friday that his Twitter use did not violate a settlement agreement with the U.S. Securities and Exchange Commission and that the agency’s request to have him held in contempt is based on a “radical interpretation” of the order, according to court papers filed in Manhattan federal court.

The SEC has asked a judge to hold Musk in contempt for violating a settlement agreement reached last year over Musk’s now infamous “funding secured” tweet. Under that agreement, Musk is supposed to get approval from Tesla’s board before communicating potentially material information to investors.

Musk contends he didn’t violate the agreement and that the problem lies in the SEC’s interpretation, which he describes as “virtually wrong at every level.” The filing also reveals new details about the settlement negotiations, notably that the SEC sent Musk a draft agreement that would have required him to obtain pre-approval for all public statements related to Tesla, in any format.

Musk and Tesla never agreed to those terms. Instead, Musk says the agreement requires him to comply with Tesla own policy, which would require pre-approval for “written communications that contain, or reasonably could contain, information material to the company or its shareholders.”

The barbs traded via court filings are the latest in an escalating fight between the billionaire entrepreneur and SEC that began last August when Musk tweeted that he had “funding secured” for a private takeover of the company at $420 per share.  The SEC filed a complaint in federal district court in September alleging that Musk lied.

Musk and Tesla settled with the SEC last year without admitting wrongdoing. Tesla agreed to pay a $20 million fine; Musk had to agree to step down as Tesla chairman for a period of at least three years; the company had to appoint two independent directors to the board; and Tesla was also told to put in place a way to monitor Musk’s statements to the public about the company, including via Twitter.

But the fight was re-ignited last month after Musk sent a tweet on February 19 that Tesla would produce “around” 500,000 cars this year, correcting himself hours later to clarify that he meant the company would be producing at an annualized rate of 500,000 vehicles by year end.

The SEC argued that the tweet sent by Musk violated their agreement. Musk has said the tweet was “immaterial” and complied with the settlement.

Equity Shot: Pinterest and Zoom file to go public

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

What a Friday. This afternoon (mere hours after we released our regularly scheduled episode no less!), both Pinterest and Zoom dropped their public S-1 filings. So we rolled up our proverbial sleeves and ran through the numbers. If you want to follow along, the Pinterest S-1 is here, and the Zoom document is here.

Got it? Great. Pinterest’s long-awaited IPO filing paints a picture of a company cutting its losses while expanding its revenue. That’s the correct direction for both its top and bottom lines.

As Kate points out, it’s not in the same league as Lyft when it comes to scale, but it’s still quite large.

More than big enough to go public, whether it’s big enough to meet, let alone surpass its final private valuation ($12.3 billion) isn’t clear yet. Peeking through the numbers, Pinterest has been improving margins and accelerating growth, a surprisingly winsome brace of metrics for the decacorn.

Pinterest has raised a boatload of venture capital, about $1.5 billion since it was founded in 2010. Its IPO filing lists both early and late-stage investors, like Bessemer Venture Partners, FirstMark Capital, Andreessen Horowitz, Fidelity and Valiant Capital Partners as key stakeholders. Interestingly, it doesn’t state the percent ownership of each of these entities, which isn’t something we’ve ever seen before.

Next, Zoom’s S-1 filing was more dark horse entrance than Katy Perry album drop, but the firm has a history of rapid growth (over 100 percent, yearly) and more recently, profit. Yes, the enterprise-facing video conferencing unicorn actually makes money!

In 2019, the year in which the market is bated on Uber’s debut, profit almost feels out of place. We know Zoom’s CEO Eric Yuan, which helps. As Kate explains, this isn’t his first time as a founder. Nor is it his first major success. Yuan sold his last company, WebEx, for $3.2 billion to Cisco years ago then vowed never to sell Zoom (he wasn’t thrilled with how that WebEx acquisition turned out).

Should we have been that surprised to see a VC-backed tech company post a profit — no. But that tells you a little something about this bubble we live in, doesn’t it?

Equity drops every Friday at 6:00 am PT, so subscribe to us on Apple PodcastsOvercast, Pocket Casts, Downcast and all the casts.

News Source = techcrunch.com

HoneyBook, a client management platform for creative businesses, raises $28M Series C led by Citi Ventures

HoneyBook co-founders Oz and Naama Alon

HoneyBook, a customer-relationship management platform aimed at small businesses in creative fields, announced today it has raised a $28 million Series C led by Citi Ventures. All of its existing investors, including Norwest Venture Partners, Aleph, Vintage Investment Partners and Hillsven Capital, also returned for the round. Citi is a strategic partner for HoneyBook and this will enable it to offer new financial products to freelancers, its co-founder and CEO Oz Alon told TechCrunch.

This brings HoneyBook’s total raised so far to $72 million. It is using the funds to grow its teams in San Francisco and Tel Aviv and build new features for its user base, including small companies, people who work by themselves (“solopreneurs”) and freelancers. Like other CRMs, HoneyBook helps them develop relationships with potential new clients, manage projects, send invoices and accept payments, but with tools scaled for their business’ needs.

Alon told TechCrunch in an email that one segment HoneyBook is focused on is millennials (he cites a survey that found 49 percent of people under 40 plan to start their own business). HoneyBook currently claims tens of thousands of customers and has passed $1 billion in business booked using its software, along with 75,000 members in Rising Tide, the company’s online community for creative entrepreneurs.

Other management software platforms competing for the attention of entrepreneurs and freelancers include Tave, Dubsado and 17hats. One of the main ways HoneyBook differentiates is by enabling its users to accept online payments without integrating with a third-party service. Thanks to this, its users “transact more than 80 percent of their business online, significantly more than any other payments platform serving this audience, Alon said. It’s partnership with Citi will also allow the company to develop more unique services for its target customers, he added.

In a prepared statement, Citi Ventures’ Israel director and venture investing lead Omit Shinar said “We are in the midst of a period of extensive changes in societal structures and economic models. The fintech ecosystem is producing more and more breakthrough innovations that serve the needs of modern consumers, and we believe, as a pioneer in its space, HoneyBook can become a market leader in the U.S.”

News Source = techcrunch.com

1 2 3 12,670
Go to Top