Menu

Timesdelhi.com

February 24, 2019
Category archive

microsoft windows

Decrypted Telegram bot chatter revealed as new Windows malware

in api/Australia/botnet/computing/Delhi/encryption/Hack/India/malware/microsoft windows/Pavel Durov/Politics/Security/security breaches/Software/Telegram/Twitter/United States/vietnam by

Sometimes it take a small bug in one thing to find something massive elsewhere.

During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the encrypted messaging app Telegram .

The researchers described their newly discovered malware, dubbed GoodSender, as a “fairly simple” Windows-based malware that’s about a year old, which uses Telegram as the method to listen and wait for commands. Once the malware infects its target, it creates a new administrator account and enables remote desktop — and waits. As soon as the malware infects, it sends back the username and randomly generated password to the hacker through Telgram.

It’s not the first time malware has used a commercial product to communicate with malware. If it’s over the internet, hackers are hiding commands in pictures posted to Twitter or in comments left on celebrity Instagram posts.

But using an encrypted messenger makes it far harder to detect. At least, that’s the theory.

Forcepoint said in its research out Thursday that it only stumbled on the malware after it found a vulnerability in Telegram’s notoriously bad encryption.

End-to-end messages are encrypted using the app’s proprietary MTProto protocol, long slammed by cryptographers for leaking metadata and having flaws, and likened to “being stabbed in the eye with a fork.” Its bots, however, only use traditional TLS — or HTTPS — to communicate. The leaking metadata makes it easy to man-in-the-middle the connection and abuse the bots’ API to read bot sent-and-received messages, but also recover the full messaging history of the target bot, the researchers say.

When the researchers found the hacker using a Telegram bot to communicate with the malware, they dug in to learn more.

Fortunately, they were able to trace back the bot’s entire message history to the malware because each message had a unique message ID that increased incrementally, allowing the researchers to run a simple script to replay and scrape the bot’s conversation history.

The GoodSender malware is active and sends its first victim information. (Image: Forcepoint)

“This meant that we could track [the hacker’s] first steps towards creating and deploying the malware all the way through to current campaigns in the form of communications to and from both victims and test machines,” the researchers said.

Your bot uncovered, your malware discovered — what can make it worse for the hacker? The researchers know who they are.

Because the hacker didn’t have a clear separation between their development and production workspaces, the researchers say they could track the malware author because they used their own computer and didn’t mask their IP address.

The researchers could also see exactly what commands the malware would listen to: take screenshots, remove or download files, get IP address data, copy whatever’s in the clipboard, and even restart the PC.

But the researchers don’t have all the answers. How did the malware get onto victim computers in the first place? They suspect they used the so-called EternalBlue exploit, a hacking tool designed to target Windows computers, developed by and stolen from the National Security Agency, to gain access to unpatched computers. And they don’t know how many victims there are, except that there is likely more than 120 victims in the U.S., followed by Vietnam, India, and Australia.

Forcepoint informed Telegram of the vulnerability. TechCrunch also reached out to Telegram’s founder and chief executive Pavel Durov for comment, but didn’t hear back.

If there’s a lesson to learn? Be careful using bots on Telegram — and certainly don’t use Telegram for your malware.

News Source = techcrunch.com

How open source software took over the world

in apache/author/cloud computing/Cloudera/cockroach labs/Column/computing/Databricks/Delhi/designer/executive/free software/Getty/GitHub/HashiCorp/hortonworks/IBM/India/linus torvalds/linux/Microsoft/microsoft windows/mongo/MongoDB/mulesoft/mysql/open source software/operating system/operating systems/oracle/Politics/red hat/RedHat/sap/Software/software as a service/TC/Yahoo by

It was just 5 years ago that there was an ample dose of skepticism from investors about the viability of open source as a business model. The common thesis was that Redhat was a snowflake and that no other open source company would be significant in the software universe.

Fast forward to today and we’ve witnessed the growing excitement in the space: Redhat is being acquired by IBM for $32 billion (3x times its market cap from 2014); Mulesoft was acquired after going public for $6.5 billion; MongoDB is now worth north of $4 billion; Elastic’s IPO now values the company at $6 billion; and, through the merger of Cloudera and Hortonworks, a new company with a market cap north of $4 billion will emerge. In addition, there’s a growing cohort of impressive OSS companies working their way through the growth stages of their evolution: Confluent, HashiCorp, DataBricks, Kong, Cockroach Labs and many others. Given the relative multiples that Wall Street and private investors are assigning to these open source companies, it seems pretty clear that something special is happening.

So, why did this movement that once represented the bleeding edge of software become the hot place to be? There are a number of fundamental changes that have advanced open source businesses and their prospects in the market.

David Paul Morris/Bloomberg via Getty Images

From Open Source to Open Core to SaaS

The original open source projects were not really businesses, they were revolutions against the unfair profits that closed-source software companies were reaping. Microsoft, Oracle, SAP and others were extracting monopoly-like “rents” for software, which the top developers of the time didn’t believe was world class. So, beginning with the most broadly used components of software – operating systems and databases – progressive developers collaborated, often asynchronously, to author great pieces of software. Everyone could not only see the software in the open, but through a loosely-knit governance model, they added, improved and enhanced it.

The software was originally created by and for developers, which meant that at first it wasn’t the most user-friendly. But it was performant, robust and flexible. These merits gradually percolated across the software world and, over a decade, Linux became the second most popular OS for servers (next to Windows); MySQL mirrored that feat by eating away at Oracle’s dominance.

The first entrepreneurial ventures attempted to capitalize on this adoption by offering “enterprise-grade” support subscriptions for these software distributions. Redhat emerged the winner in the Linux race and MySQL (thecompany) for databases. These businesses had some obvious limitations – it was harder to monetize software with just support services, but the market size for OS’s and databases was so large that, in spite of more challenged business models, sizeable companies could be built.

The successful adoption of Linux and MySQL laid the foundation for the second generation of Open Source companies – the poster children of this generation were Cloudera and Hortonworks. These open source projects and businesses were fundamentally different from the first generation on two dimensions. First, the software was principally developed within an existing company and not by a broad, unaffiliated community (in the case of Hadoop, the software took shape within Yahoo!) . Second, these businesses were based on the model that only parts of software in the project were licensed for free, so they could charge customers for use of some of the software under a commercial license. The commercial aspects were specifically built for enterprise production use and thus easier to monetize. These companies, therefore, had the ability to capture more revenue even if the market for their product didn’t have quite as much appeal as operating systems and databases.

However, there were downsides to this second generation model of open source business. The first was that no company singularly held ‘moral authority’ over the software – and therefore the contenders competed for profits by offering increasing parts of their software for free. Second, these companies often balkanized the evolution of the software in an attempt to differentiate themselves. To make matters more difficult, these businesses were not built with a cloud service in mind. Therefore, cloud providers were able to use the open source software to create SaaS businesses of the same software base. Amazon’s EMR is a great example of this.

The latest evolution came when entrepreneurial developers grasped the business model challenges existent in the first two generations – Gen 1 and Gen 2 – of open source companies, and evolved the projects with two important elements. The first is that the open source software is now developed largely within the confines of businesses. Often, more than 90% of the lines of code in these projects are written by the employees of the company that commercialized the software. Second, these businesses offer their own software as a cloud service from very early on. In a sense, these are Open Core / Cloud service hybrid businesses with multiple pathways to monetize their product. By offering the products as SaaS, these businesses can interweave open source software with commercial software so customers no longer have to worry about which license they should be taking. Companies like Elastic, Mongo, and Confluent with services like Elastic Cloud, Confluent Cloud, and MongoDB Atlas are examples of this Gen 3.  The implications of this evolution are that open source software companies now have the opportunity to become the dominant business model for software infrastructure.

The Role of the Community

While the products of these Gen 3 companies are definitely more tightly controlled by the host companies, the open source community still plays a pivotal role in the creation and development of the open source projects. For one, the community still discovers the most innovative and relevant projects. They star the projects on Github, download the software in order to try it, and evangelize what they perceive to be the better project so that others can benefit from great software. Much like how a good blog post or a tweet spreads virally, great open source software leverages network effects. It is the community that is the source of promotion for that virality.

The community also ends up effectively being the “product manager” for these projects. It asks for enhancements and improvements; it points out the shortcomings of the software. The feature requests are not in a product requirements document, but on Github, comments threads and Hacker News. And, if an open source project diligently responds to the community, it will shape itself to the features and capabilities that developers want.

The community also acts as the QA department for open source software. It will identify bugs and shortcomings in the software; test 0.x versions diligently; and give the companies feedback on what is working or what is not.  The community will also reward great software with positive feedback, which will encourage broader use.

What has changed though, is that the community is not as involved as it used to be in the actual coding of the software projects. While that is a drawback relative to Gen 1 and Gen 2 companies, it is also one of the inevitable realities of the evolving business model.

Linus Torvalds was the designer of the open-source operating system Linux.

Rise of the Developer

It is also important to realize the increasing importance of the developer for these open source projects. The traditional go-to-market model of closed source software targeted IT as the purchasing center of software. While IT still plays a role, the real customers of open source are the developers who often discover the software, and then download and integrate it into the prototype versions of the projects that they are working on. Once “infected”by open source software, these projects work their way through the development cycles of organizations from design, to prototyping, to development, to integration and testing, to staging, and finally to production. By the time the open source software gets to production it is rarely, if ever, displaced. Fundamentally, the software is never “sold”; it is adopted by the developers who appreciate the software more because they can see it and use it themselves rather than being subject to it based on executive decisions.

In other words, open source software permeates itself through the true experts, and makes the selection process much more grassroots than it has ever been historically. The developers basically vote with their feet. This is in stark contrast to how software has traditionally been sold.

Virtues of the Open Source Business Model

The resulting business model of an open source company looks quite different than a traditional software business. First of all, the revenue line is different. Side-by-side, a closed source software company will generally be able to charge more per unit than an open source company. Even today, customers do have some level of resistance to paying a high price per unit for software that is theoretically “free.” But, even though open source software is lower cost per unit, it makes up the total market size by leveraging the elasticity in the market. When something is cheaper, more people buy it. That’s why open source companies have such massive and rapid adoption when they achieve product-market fit.

Another great advantage of open source companies is their far more efficient and viral go-to-market motion. The first and most obvious benefit is that a user is already a “customer” before she even pays for it. Because so much of the initial adoption of open source software comes from developers organically downloading and using the software, the companies themselves can often bypass both the marketing pitch and the proof-of-concept stage of the sales cycle. The sales pitch is more along the lines of, “you already use 500 instances of our software in your environment, wouldn’t you like to upgrade to the enterprise edition and get these additional features?”  This translates to much shorter sales cycles, the need for far fewer sales engineers per account executive, and much quicker payback periods of the cost of selling. In fact, in an ideal situation, open source companies can operate with favorable Account Executives to Systems Engineer ratios and can go from sales qualified lead (SQL) to closed sales within one quarter.

This virality allows for open source software businesses to be far more efficient than traditional software businesses from a cash consumption basis. Some of the best open source companies have been able to grow their business at triple-digit growth rates well into their life while  maintaining moderate of burn rates of cash. This is hard to imagine in a traditional software company. Needless to say, less cash consumption equals less dilution for the founders.

Photo courtesy of Getty Images

Open Source to Freemium

One last aspect of the changing open source business that is worth elaborating on is the gradual movement from true open source to community-assisted freemium. As mentioned above, the early open source projects leveraged the community as key contributors to the software base. In addition, even for slight elements of commercially-licensed software, there was significant pushback from the community. These days the community and the customer base are much more knowledgeable about the open source business model, and there is an appreciation for the fact that open source companies deserve to have a “paywall” so that they can continue to build and innovate.

In fact, from a customer perspective the two value propositions of open source software are that you a) read the code; b) treat it as freemium. The notion of freemium is that you can basically use it for free until it’s deployed in production or in some degree of scale. Companies like Elastic and Cockroach Labs have gone as far as actually open sourcing all their software but applying a commercial license to parts of the software base. The rationale being that real enterprise customers would pay whether the software is open or closed, and they are more incentivized to use commercial software if they can actually read the code. Indeed, there is a risk that someone could read the code, modify it slightly, and fork the distribution. But in developed economies – where much of the rents exist anyway, it’s unlikely that enterprise companies will elect the copycat as a supplier.

A key enabler to this movement has been the more modern software licenses that companies have either originally embraced or migrated to over time. Mongo’s new license, as well as those of Elastic and Cockroach are good examples of these. Unlike the Apache incubated license – which was often the starting point for open source projects a decade ago, these licenses are far more business-friendly and most model open source businesses are adopting them.

The Future

When we originally penned this article on open source four years ago, we aspirationally hoped that we would see the birth of iconic open source companies. At a time where there was only one model – Redhat – we believed that there would be many more. Today, we see a healthy cohort of open source businesses, which is quite exciting. I believe we are just scratching the surface of the kind of iconic companies that we will see emerge from the open source gene pool. From one perspective, these companies valued in the billions are a testament to the power of the model. What is clear is that open source is no longer a fringe approach to software. When top companies around the world are polled, few of them intend to have their core software systems be anything but open source. And if the Fortune 5000 migrate their spend on closed source software to open source, we will see the emergence of a whole new landscape of software companies, with the leaders of this new cohort valued in the tens of billions of dollars.

Clearly, that day is not tomorrow. These open source companies will need to grow and mature and develop their products and organization in the coming decade. But the trend is undeniable and here at Index we’re honored to have been here for the early days of this journey.

News Source = techcrunch.com

China’s Tencent Music raises $1.1 billion in downsized US IPO

in apple music/Asia/China/computing/Delhi/funding/Fundings & Exits/India/Media/microsoft windows/music streaming services/Online Music Stores/Politics/Software/Spotify/TC/Tencent/tencent music/xbox by

Tencent Music, China’s largest streaming company, has raised $1.1 billion in a U.S. IPO after it priced its shares at $13 a piece ahead of a listing on the Nasdaq.

That makes it one of the largest tech listings of the year, but the pricing is at the bottom end of its $13-$15 range indicating that the much-anticipated IPO has felt the effects of an uncertain market. Indeed, the company is said to have paused the listing process, which it started in early October, for a time so choppy are the waters right now — and that’s not even mentioning a shareholder-led lawsuit that was filed last week.

Still, this listing gives TME — Tencent Music Entertainment, a spin-out of Tencent — an impressive $21.3 billion valuation which is just below the $30 billion that Spotify commanded when it went public earlier this year via an unconventional direct listing. TME was valued at $12 billion at the time of Spotify’s listing in Q1 of this year so this is also a big jump. (Meanwhile, Spotify’s present market cap is around $24 billion.)

The company operates a constellation of music streaming services in China which span orthodox Spotify-style streaming as well as karaoke and live-streaming services. Altogether, TME claims 800 million registered users — although there’s likely a little creative accounting or double counting across apps involved since the Chinese government itself says there are 800 million internet users in the entire country.

Notably, though, TME is profitable. The same can’t be said for Spotify and likely Apple Music — although we don’t have financials for the latter. That’s down to the unique business model that the Chinese firm operates, with subscription and virtual goods a major driver for its businesses, while Tencent’s ubiquitous WeChat messaging app helps it reach users and gain virality.

Tidy though the numbers are, its revenues are dwarfed by those of Spotify, which grossed €1.4 billion ($1.59 billion) in sales in its last quarter. For comparison, TME did RMB 8.6 billion ($1.3 billion) in revenue for the first six months of this year.

TME executives are taking that as a sign that there’s ample scope to grow their business, although it seems unlikely that will ever be as global as Spotify. The two companies might yet collaborate in the future though, since they are both mutual shareholders via a share swap deal that concluded one year ago.

You can read more about TME in our deep dive below.

We also wrote about the lessons Western services like Spotify and Apple Music can learn from TME.

News Source = techcrunch.com

Qualcomm expands its PC bet with its new 7nm 8cx platform

in Bluetooth/computing/Delhi/India/Intel/Microsoft/microsoft windows/Politics/Qualcomm/smartphone/system on a chip/TC by

Qualcomm wants to become a major player in the PC/laptop market. Now that there is Windows 10 on ARM, that’s more than a pipe dream, but in its earliest iterations, those Qualcomm-based Windows 10 laptops used the Snapdragon 850 system on a chip that was specifically designed for PCs but still very much a direct descendant of its smartphone platform.

Today, the company announced its Snapdragon 8cx platform, “the most extreme Snapdragon ever,” in Qualcomm’s parlance, which still leverages some of the company’s mobile expertise and building blocks, but which was built from the ground up to power PCs.

The 8cx is very much tailored toward the PC, down to how it handles peak performance and multitasking. It’s also the first 7nm PC platform, the company claims, though the first devices won’t hit the market until Q3 of 2019.

The promise of using Qualcomm Snapdragon platform for a PC (which Qualcomm and Microsoft brands as “always connected PCs”) is that you’ll get multi-day battery life and a performance that is comparable to what you’d get with an Intel chip. The first generation of devices delivered great battery life, but performance wasn’t quite up to par. With this new release, Qualcomm promises to change that. Without saying Intel, Qualcomm argues that its 7nm chips are “multiple generations ahead of the traditional PC space.”

Despite launching the 8cx platform, Qualcomm is keeping the 850 around. It’s positioning the 8cx as a premium platform that complements the existing 850 platform in order to allow vendors to offer PCs at a wide range of different price points.

The new 8cx will feature Qualcomm’s Kryo 495 CPU and the Adreno 860 GPU, which will be able to power two 4K HDR monitors. It’ll also feature Qualcomm’s latest quick charging technology and all the usual connectivity options, ranging from Bluetooth to USB-C and LTE (for that always connected connectedness).

“With performance and battery life as our design tenets, we’re bringing7nm innovations to the PC space, allowing for smartphone-like capabilities to transform the computing experience,” said Alex Katouzian, senior vice president and general manager of mobile for Qualcomm, in today’s announcement. “As the fastest Snapdragon platform ever, the Snapdragon 8cx will allow our customers to offer a powerful computing experience of multi-day battery life and multi-gigabit connectivity, in new thin, light and fanless design for consumers and the enterprise.”

 

News Source = techcrunch.com

Microsoft Edge goes Chromium (and macOS)

in chromium/Delhi/Developer/google-chrome/India/Javascript/macos/Microsoft/Microsoft Edge/microsoft windows/Politics/TC/windows 7 by

The rumors were true: Microsoft Edge is moving to the open-source Chromium platform, the same platform that powers Google’s Chrome browser. And once that is done, Microsoft is bringing Edge to macOS, too. In addition, Microsoft is decoupling Edge from the Windows update process to offer a faster update cadence — and with that, it’ll bring the new Edge to Windows 7 and 8 users, too.

It’ll be a while before any of this happens, though. There’s no code to test today and the first previews are still months away. But at some point in 2019, Microsoft’s EdgeHTML and Chakra will go away and Blink and V8 will take its place. The company expects to release a first developer preview early next year.

Obviously, there is a lot to unpack here. What’s clear, though, is that Microsoft is acknowledging that Chrome and Chromium are the de facto standard today, both for users and for developers.

Over the years, especially after Microsoft left the Internet Explorer brand behind, Edge had, for the most part, become a perfectly usable browser, but Microsoft acknowledges that there were always compatibility issues. While it was investing heavily in fixing those, what we’re hearing from Microsoft is a very pragmatic message: it simply wasn’t worth the investment in engineering resources anymore. What Microsoft had to do, after all, was reverse engineer its way around problems on certain sites.

In part, that’s because Edge never quite gained the market share where developers cared enough to test their code on the platform. And with the web as big as it is, the long tail of incompatible sites remains massive.

Because many web developers work on Macs, where they don’t have access to Edge, testing for it became even more of an afterthought. Hence Microsoft’s efforts to bring Edge to the Mac, 15 years after it abandoned Internet Explorer for Mac. The company doesn’t expect that Edge on Mac will gain any significant market share, but it believes that having it available on every platform will mean that more developers will test their web apps with Edge, too.

Microsoft also admits that it didn’t help that Edge only worked on Windows 10 — and that Edge updates were bound to Windows updates. I was never quite sure why that was the case, but as Microsoft will now happily acknowledge, that meant that millions of users on older Windows versions were left behind, and even those on Windows 10 often didn’t get the latest, most compatible version of Edge because their companies remained a few updates behind.

For better or worse, Chrome has become the default and Microsoft is going with the flow. The company could have opted to open source EdgeHTML and its JavaScript engine. That option was on the table, but in the end, it opted not to. The company says that’s due to the fact that the current version of Edge has so many hooks into Windows 10 that it simply wouldn’t make much sense to do this if Microsoft wants to take the new Edge to Windows 7 and the Mac. To be fair, this probably would’ve been a fool’s errand anyway, since it’s hard to imagine that an open-source community around Edge would’ve made much of a difference in solving the practical problems anyway.

With this move, Microsoft also plans to increase its involvement in the Chromium community. That means it’ll bring to Chromium some of the work it did to make Edge work really well with touchscreens, for example. But also, as previously reported, the company now publicly notes that it is working with Google and Qualcomm to bring a native implementation of the Chrome browser to Windows 10 on ARM, making it snappier and more battery friendly than the current version that heavily relies on emulation.

Microsoft hopes that if it can make the compatibility issues a thing of the past, users will still gravitate to its browser because of what differentiates it. Maybe that’s its Cortana integration or new integrations with Windows and Office. Or maybe those are new consumer services or, for the enterprise users, specific features that make the lives of IT managers a bit easier.

When the rumors of this change first appeared a few days ago, a number of pundits argued that this isn’t great for the web because it gives even more power over web standards to the Chromium project.

I share some of those concerns, but Microsoft is making a very pragmatic argument for this move and notes that Edge’s small market share didn’t allow it to make a dent in this process anyway. By becoming more active in the Chromium community, it’ll have more of a voice — or so it hopes — and be able to advocate for web standards and bring its own innovations to Chromium.

You’re browser is probably the most complex piece of software running on your computer right now. That means switching out engines is anything but trivial. The company isn’t detailing what its development process will look like and how it’ll go about this, but we’re being told that the company is looking at which parts of the Edge experience to keep and then will work with the Chromium community to bring those to the Chromium engine, too.

Microsoft stresses that it isn’t giving up on Edge, by the way. The browser isn’t going anywhere. If you’re a happy Edge user today, chances are this move will make you an even happier Edge user in the long run. If you aren’t, Microsoft hopes you’ll give it a fresh look when the new Chromium-based version launches. It’s on Microsoft now to build a browser that is differentiated enough to get people to give it another shot.

 

 

News Source = techcrunch.com

1 2 3
Go to Top