67.4 F
jacksonville,fl
Thursday, October 17, 2019

Tech

Home Tech

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting

0

German authorities said Friday they’d arrested seven people and were investigating six more in connection with the raid of a Dark Web hosting operation that allegedly supported multiple child porn, cybercrime and drug markets with hundreds of servers buried inside a heavily fortified military bunker. Incredibly, for at least two of the men accused in the scheme, this was their second bunker-based hosting business that was raided by cops and shut down for courting and supporting illegal activity online.

The latest busted cybercrime bunker is in Traben-Trarbach, a town on the Mosel River in western Germany. The Associated Press says investigators believe the 13-acre former military facility — dubbed the “CyberBunker” by its owners and occupants — served a number of dark web sites, including: the “Wall Street Market,” a sprawling, online bazaar for drugs, hacking tools and financial-theft wares before it was taken down earlier this year; the drug portal “Cannabis Road;” and the synthetic drug market “Orange Chemicals.”

German police reportedly seized $41 million worth of funds allegedly tied to these markets, and more than 200 servers that were operating throughout the underground temperature-controlled, ventilated and closely guarded facility.

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 1

The former military bunker in Germany that housed CyberBunker 2.0 and, according to authorities, plenty of very bad web sites.

The authorities in Germany haven’t named any of the people arrested or under investigation in connection with CyberBunker’s alleged activities, but said those arrested were apprehended outside of the bunker. Still, there are clues in the details released so far, and those clues have been corroborated by sources who know two of the key men allegedly involved.

We know the owner of the bunker hosting business has been described in media reports as a 59-year-old Dutchman who allegedly set it up as a “bulletproof” hosting provider that would provide Web site hosting to any business, no matter how illegal or unsavory.

We also know the German authorities seized at least two Web site domains in the raid, including the domain for ZYZTM Research in The Netherlands (zyztm[.]com), and cb3rob[.]org.

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 2

A “seizure” placeholder page left behind by German law enforcement agents after they seized cb3rob.org, an affiliate of the the CyberBunker bulletproof hosting facility owned by convicted Dutch cybercriminal Sven Kamphuis.

According to historic whois records maintained by Domaintools.com, Zyztm[.]com was originally registered to a Herman Johan Xennt in the Netherlands. Cb3rob[.]org was an organization hosted at CyberBunker registered to Sven Kamphuis, a self-described anarchist who was convicted several years ago for participating in a large-scale attack that briefly impaired the global Internet in some places.

Both 59-year-old Xennt and Mr. Kamphuis worked together on a previous bunker-based project — a bulletproof hosting business they sold as CyberBunker and ran out of a five-story military bunker in The Netherlands.

That’s according to Guido Blaauw, director of Disaster-Proof Solutions, a company that renovates and resells old military bunkers and underground shelters. Blaauw’s company bought the 1,800 square-meter Netherlands bunker from Mr. Xennt in 2011 for $700,000.

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 3

Guido Blaauw, in front of the original CyberBunker facility in the Netherlands, which he bought from Mr. Xennt in 2011. Image: Blaauw.

Media reports indicate that in 2002 a fire inside the CyberBunker 1.0 facility in The Netherlands summoned emergency responders, who discovered a lab hidden inside the bunker that was being used to produce the drug ecstasy/XTC.

Blaauw said nobody was ever charged for the drug lab, which was blamed on another tenant in the building. Blauuw said Xennt and others in 2003 were then denied a business license to continue operating in the bunker, and they were forced to resell servers from a different location — even though they bragged to clients for years to come about hosting their operations from an ultra-secure underground bunker.

“After the fire in 2002, there was never any data or servers stored in the bunker,” in The Netherlands, Blaauw recalled. “For 11 years they told everyone [the hosting servers where] in this ultra-secure bunker, but it was all in Amsterdam, and for 11 years they scammed all their clients.”

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 4

Firefighters investigating the source of a 2002 fire at the CyberBunker’s first military bunker in The Netherlands discovered a drug lab amid the Web servers. Image: Blaauw.

Blaauw said sometime between 2012 and 2013, Xennt purchased the bunker in Traben-Trarbach, Germany — a much more modern structure that was built in 1997. CyberBunker was reborn, and it began offering many of the same amenities and courted the same customers as CyberBunker 1.0 in The Netherlands.

“They’re known for hosting scammers, fraudsters, pedophiles, phishers, everyone,” Blaauw said. “That’s something they’ve done for ages and they’re known for it.”

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 5

The former Facebook profile picture of Sven Olaf Kamphuis, shown here standing in front of Cyberbunker 1.0 in The Netherlands.

About the time Xennt and company were settling into their new bunker in Germany, he and Kamphuis were engaged in a fairly lengthy and large series of distributed denial-of-service (DDoS) attacks aimed at sidelining a number of Web sites — particularly anti-spam organization Spamhaus. A chat record of that assault, detailed in my 2016 piece, Inside the Attack that Almost Broke the Internet, includes references to and quotes from both Xennt and Kamphuis.

Kamphuis was later arrested in Spain on the DDoS attack charges. He was convicted in The Netherlands and sentenced to time served, which was approximately 55 days of detention prior to his extradition to the United States.

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 6

Some of the 200 servers seized from CyberBunker 2.0, a “bulletproof” web hosting facility buried inside a German military bunker. Image: swr.de.

The AP story mentioned above quoted German prosecutor Juergen Bauer saying the 59-year-old main suspect in the case was believed to have links to organized crime.

A 2015 expose’ (PDF) by the Irish newspaper The Sunday World compared Mr. Xennt (pictured below) to a villain from a James Bond movie, and said he has been seen frequently associating with another man: an Irish mobster named George “the Penguin” Mitchell, listed by Europol as one of the top-20 drug traffickers in Europe and thought to be involved in smuggling heroin, cocaine and ecstasy.

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 7

Cyberbunkers 1.0 and 2.0 owner and operator Mr. Xennt, top left, has been compared to a “Bond villain.” Image: The Sunday World, July 26, 2015.

Blaauw said he doesn’t know whether Kamphuis was arrested or named in the investigation, but added that people who know him and can usually reach him have not heard from Kamphuis over several days.

Here’s what the CyberBunker in The Netherlands looked like back in the early aughts when Xennt still ran it:

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 8

Here’s what it looks like now after being renovated by Blaauw’s company and designed as a security operations center (SOC):

German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 9

The former CyberBunker in the Netherlands, since redesigned as a security operations center by its current owner. Image: Blaauw.

I’m glad when truly bad guys doing bad stuff like facilitating child porn are taken down. The truth is, almost anyone trafficking in the kinds of commerce these guys courted also is building networks of money laundering business that become very tempting to use or lease out for other nefarious purposes, including human trafficking, and drug trafficking.


German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting 10

Tags: CB3ROB, Cyberbunker, DDoS, Disaster-Proof Solutions, Guido Blaauw, Herman Johan Xennt, Juergen Bauer, Sven Kamphuis, ZYZTM Research

You can skip to the end and leave a comment. Pinging is currently not allowed.

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

0

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges.

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany 11

NiceHash CTO Matjaž “Iserdo” Škorjanc, as pictured on the front page of a recent edition of the Slovenian daily Delo.si, is being held by German authorities on a US arrest warrant for operating the destructive “Mariposa” botnet and founding the infamous Darkode cybercrime forum.

The Slovenian Press Agency reported today that German police arrested Matjaž “Iserdo” Škorjanc last week, in response to a U.S.-issued international arrest warrant for his extradition.

In December 2013, a Slovenian court sentenced Škorjanc to four years and ten months in prison for creating the malware that powered the ‘Mariposa‘ botnet. Spanish for “Butterfly,” Mariposa was a potent crime machine first spotted in 2008. Very soon after its inception, Mariposa was estimated to have infected more than 1 million hacked computers — making it one of the largest botnets ever created.

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany 12

An advertisement for the ButterFly Bot.

Škorjanc and his hacker handle Iserdo were initially named in a Justice Department indictment from 2011 (PDF) along with two other men who allegedly wrote and sold the Mariposa botnet code. But in June 2019, the DOJ unsealed an updated indictment (PDF) naming Škorjanc, the original two other defendants, and a fourth man (from the United States) in a conspiracy to make and market Mariposa and to run the Darkode crime forum.

More recently, Škorjanc served as chief technology officer at NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies like bitcoin. In December 2017, approximately USD $52 million worth of bitcoin mysteriously disappeared from the coffers of NiceHash. Slovenian police are reportedly still investigating that incident.

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany 13

The “sellers” page on the Darkode cybercrime forum, circa 2013.

It will be interesting to see what happens with the fourth and sole U.S.-based defendant added in the latest DOJ charges — Thomas K. McCormick, a.k.a “fubar” — allegedly one of the last administrators of Darkode. Prosecutors say McCormick also was a reseller of the Mariposa botnet, the ZeuS banking trojan, and a bot malware he allegedly helped create called “Ngrbot.”

Between 2010 and 2013, Fubar would randomly chat me up on instant messenger apropos of nothing to trade information about the latest goings-on in the malware and cybercrime forum scene.

Fubar frequently knew before anyone else about upcoming improvements to or new features of ZeuS, and discussed at length his interactions with Iserdo/Škorjanc. Every so often, I would reach out to Fubar to see if he could convince one of his forum members to call off an attack against KrebsOnSecurity.com, an activity that had become something of a rite of passage for new Darkode members.

On Dec. 5, 2013, federal investigators visited McCormick at his University of Massachusetts dorm room. According to a memo filed by FBI agents investigating the case, in that interview McCormick acknowledged using the “fubar” identity on Darkode, but said he’d quit the whole forum scene years ago, and that he’d even interned at Microsoft for several summers and at Cisco for one summer.

A subsequent search warrant executed on his dorm room revealed multiple removable drives that held tens of thousands of stolen credit card records. For whatever reason, however, McCormick wasn’t arrested or charged until December 2018.

According to the FBI, back in that December 2013 interview McCormick voluntarily told them a great deal about his various businesses and online personas. He also apparently told investigators he talked with KrebsOnSecurity quite a bit, and that he’d tipped me off to some important developments in the malware scene. For example:

“TM had found the email address of the Spyeye author in an old fake antivirus affiliate program database and that TM was able to find the true name of the Spyeye author from searching online for an individual that used the email address,” the memo states. “TM passed this information on to Brian Krebs.”

Read more of the FBI’s interview with McCormick here (PDF).

News of Škorjanc’s arrest comes amid other cybercrime takedowns in Germany this past week. On Friday, German authorities announced they’d arrested seven people and were investigating six more in connection with the raid of a Dark Web hosting operation that allegedly supported multiple child porn, cybercrime and drug markets with hundreds of servers buried inside a heavily fortified military bunker.


Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany 14

Tags: Butterfly Bot, Darkode, fubar, Iserdo, mariposa botnet, Matjaz Skorjanc, Ngrbot, NiceHash, spyeye, Thomas K. McCormick, zeus

You can skip to the end and leave a comment. Pinging is currently not allowed.

Patch Tuesday Lowdown, October 2019 Edition

0

On Tuesday Microsoft issued software updates to fix almost five dozen security problems in Windows and software designed to run on top of it. By most accounts, it’s a relatively light patch batch this month. Here’s a look at the highlights.

Patch Tuesday Lowdown, October 2019 Edition 15Happily, only about 15 percent of the bugs patched this week earned Microsoft’s most dire “critical” rating. Microsoft labels flaws critical when they could be exploited by miscreants or malware to seize control over a vulnerable system without any help from the user.

Also, Adobe has kindly granted us another month’s respite from patching security holes in its Flash Player browser plugin.

Included in this month’s roundup is something Microsoft actually first started shipping in the third week of September, when it released an emergency update to fix a critical Internet Explorer zero-day flaw (CVE-2019-1367) that was being exploited in the wild.

That out-of-band security update for IE caused printer errors for many Microsoft users whose computers applied the emergency update early on, according to Windows update expert Woody Leonhard. Apparently, the fix available through this month’s roundup addresses those issues.

Security firm Ivanti notes that the patch for the IE zero day flaw was released prior to today for Windows 10 through cumulative updates, but that an IE rollup for any pre-Windows 10 systems needs to be manually downloaded and installed.

Once again, Microsoft is fixing dangerous bugs in its Remote Desktop Client, the Windows feature that lets a user interact with a remote desktop as if they were sitting in front of the other PC. On the bright side, this critical bug can only be exploited by tricking a user into connecting to a malicious Remote Desktop server — not exactly the most likely attack scenario.

Other notable vulnerabilities addressed this month include a pair of critical security holes in Microsoft Excel versions 2010-2019 for Mac and Windows, as well as Office 365. These flaws would allow an attacker to install malware just by getting a user to open a booby-trapped Office file.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.

Staying up-to-date on Windows patches is good. Updating only after you’ve backed up your important data and files is even better. A reliable backup means you’re not pulling your hair out if the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.

As always, if you experience any problems installing any of the patches this month, please feel free to leave a comment about it below; there’s a decent chance other readers have experienced the same and may even chime in here with some helpful tips.


Patch Tuesday Lowdown, October 2019 Edition 16

Tags: CVE-2019-1367, Ivanti, Remote Desktop, Woody Leonhard

You can skip to the end and leave a comment. Pinging is currently not allowed.

“BriansClub” Hack Rescues 26M Stolen Cards

0

BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

“BriansClub” Hack Rescues 26M Stolen Cards 17

An ad for BriansClub has been using my name and likeness for years to peddle millions of stolen credit cards.

Last month, KrebsOnSecurity was contacted by a source who shared a plain text file containing what was claimed to be the full database of cards for sale both currently and historically through BriansClub[.]at, a thriving fraud bazaar named after this author. Imitating my site, likeness and namesake, BriansClub even dubiously claims a copyright with a reference at the bottom of each page: “© 2019 Crabs on Security.”

Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.

The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. But business would pick up in each of the years that followed: In 2016, BriansClub uploaded 2.89 million stolen cards; 2017 saw some 4.9 million cards added; 2018 brought in 9.2 million more.

Between January and August 2019 (when this database snapshot was apparently taken), BriansClub added roughly 7.6 million cards.

Most of what’s on offer at BriansClub are “dumps,” strings of ones and zeros that — when encoded onto anything with a magnetic stripe the size of a credit card — can be used by thieves to purchase electronics, gift cards and other high-priced items at big box stores.

As shown in the table below (taken from this story), many federal hacking prosecutions involving stolen credit cards will for sentencing purposes value each stolen card record at $500, which is intended to represent the average loss per compromised cardholder.

“BriansClub” Hack Rescues 26M Stolen Cards 18

The black market value, impact to consumers and banks, and liability associated with different types of card fraud.

STOLEN BACK FAIR AND SQUARE

An extensive analysis of the database indicates BriansClub holds approximately $414 million worth of stolen credit cards for sale, based on the pricing tiers listed on the site. That’s according to an analysis by Flashpoint, a security intelligence firm based in New York City.

Allison Nixon, the company’s director of security research, said the data suggests that between 2015 and August 2019, BriansClub sold roughly 9.1 million stolen credit cards, earning the site $126 million in sales (all sales are transacted in bitcoin).

If we take just the 9.1 million cards that were confirmed sold through BriansClub, we’re talking about more than $4 billion in likely losses at the $500 average loss per card figure from the Justice Department.

Also, it seems likely the total number of stolen credit cards for sale on BriansClub and related sites vastly exceeds the number of criminals who will buy such data. Shame on them for not investing more in marketing!

There’s no easy way to tell how many of the 26 million or so cards for sale at BriansClub are still valid, but the closest approximation of that — how many unsold cards have expiration dates in the future — indicates more than 14 million of them could still be valid.

The archive also reveals the proprietor(s) of BriansClub frequently uploaded new batches of stolen cards — some just a few thousand records, and others tens of thousands.

That’s because like many other carding sites, BriansClub mostly resells cards stolen by other cybercriminals — known as resellers or affiliates — who earn a percentage from each sale. It’s not yet clear how that revenue is shared in this case, but perhaps this information will be revealed in further analysis of the purloined database.

BRIANS CHAT

In a message titled “Your site is hacked,’ KrebsOnSecurity requested comment from BriansClub via the “Support Tickets” page on the carding shop’s site, informing its operators that all of their card data had been shared with the card-issuing banks.

I was surprised and delighted to receive a polite reply a few hours later from the site’s administrator (“admin”):

“No. I’m the real Brian Krebs here 🙂

Correct subject would be the data center was hacked.

Will get in touch with you on jabber. Should I mention that all information affected by the data-center breach has been since taken off sales, so no worries about the issuing banks.”

Flashpoint’s Nixon said a spot check comparison between the stolen card database and the card data advertised at BriansClub suggests the administrator is not being truthful in his claims of having removed the leaked stolen card data from his online shop.

The admin hasn’t yet responded to follow-up questions, such as why BriansClub chose to use my name and likeness to peddle millions of stolen credit cards.

Almost certainly, at least part of the appeal is that my surname means “crab” (or cancer), and crab is Russian hacker slang for “carder,” a person who engages in credit card fraud.

“BriansClub” Hack Rescues 26M Stolen Cards 19

Many of the cards for sale on BriansClub are not visible to all customers. Those who wish to see the “best” cards in the shop need to maintain certain minimum balances, as shown in this screenshot.

HACKING BACK?

Nixon said breaches of criminal website databases often lead not just to prevented cybercrimes, but also to arrests and prosecutions.

“When people talk about ‘hacking back,’ they’re talking about stuff like this,” Nixon said. “As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it.”

By way of example on hacking back, she pointed to the 2016 breach of vDOS — at the time the largest and most powerful service for knocking Web sites offline in large-scale cyberattacks.

Soon after vDOS’s database was stolen and leaked to this author, its two main proprietors were arrested. Also, the database added to evidence of criminal activity for several other individuals who were persons of interest in unrelated cybercrime investigations, Nixon said.

“When vDOS got breached, that basically reopened cases that were cold because [the leak of the vDOS database] supplied the final piece of evidence needed,” she said.

THE TARGET BREACH OF THE UNDERGROUND?

After many hours spent poring over this data, it became clear I needed some perspective on the scope and impact of this breach. As a major event in the cybercrime underground, was it somehow the reverse analog of the Target breach — which negatively impacted tens of millions of consumers and greatly enriched a large number of bad guys? Or was it more prosaic, like a Jimmy Johns-sized debacle?

For that insight, I spoke with Gemini Advisory, a New York-based company that works with financial institutions to monitor dozens of underground markets trafficking in stolen card data.

Andrei Barysevich, co-founder and CEO at Gemini, said the breach at BriansClub is certainly significant, given that Gemini currently tracks a total of 87 million credit and debit card records for sale across the cybercrime underground.

Gemini is monitoring most underground stores that peddle stolen card data — including such heavy hitters as Joker’s StashTrump’s Dumps, and BriansDump.

Contrary to popular belief, when these shops sell a stolen credit card record, that record is then removed from the inventory of items for sale. This allows companies like Gemini to determine roughly how many new cards are put up for sale and how many have sold.

Barysevich said the loss of so many valid cards may well impact how other carding stores compete and price their products.

“With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term,” he said. “However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player.”

Liked this story and want to learn more about how carding shops operate? Check out Peek Inside a Professional Carding Shop.


“BriansClub” Hack Rescues 26M Stolen Cards 20

Tags: Allison Nixon, Andrei Barysevich, briansclub, briansclub hack, Flashpoint, Gemini Advisory

You can skip to the end and leave a comment. Pinging is currently not allowed.

When Card Shops Play Dirty, Consumers Win

0

Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival.

When Card Shops Play Dirty, Consumers Win 21

And advertisement for BriansClub that for years has used my name and likeness to peddle stolen cards.

Last month, KrebsOnSecurity was contacted by an anonymous source who said he had the full database of 26M cards stolen from BriansClub, a carding site that has long used this author’s name and likeness in its advertising. The stolen database included cards added to the site between mid-2015 and August 2019.

This was a major event in the underground, as experts estimate the total number of stolen cards leaked from BriansClub represent almost 30 percent of the cards on the black market today.

The purloined database revealed BriansClub sold roughly 9.1 million stolen credit cards, earning the site and its resellers a cool $126 million in sales over four years.

In response to questions from KrebsOnSecurity, the administrator of BriansClub acknowledged that the data center serving his site had been hacked earlier in the year (BriansClub claims this happened in February), but insisted that all of the cards stolen by the hacker had been removed from BriansClub store inventories.

However, as I noted in Tuesday’s story, multiple sources confirmed they were able to find plenty of card data included in the leaked database that was still being offered for sale at BriansClub.

Perhaps inevitably, the admin of BriansClub took to the cybercrime forums this week to defend his business and reputation, re-stating his claim that all cards included in the leaked dump had been cleared from store shelves.

When Card Shops Play Dirty, Consumers Win 22

The administrator of BriansClub, who’s appropriated the name and likeness of Yours Truly for his advertising, fights to keep his business alive.

Meanwhile, some of BriansClub’s competitors gloated about the break-in. According to the administrator of Verified, one of the longest running Russian language cybercrime forums, the hack of BriansClub was perpetrated by a fairly established ne’er-do-well who uses the nickname “MrGreen” and runs a competing card shop by the same name.

The Verified site admin said MrGreen had been banned from the forum, and added that “sending anything to Krebs is the lowest of all lows” among accomplished and self-respecting cybercriminals. I’ll take that as a compliment.

This would hardly be the first time some cybercriminal has used me to take down one of his rivals. In most cases, I’m less interested in the drama and more keen on validating the data and getting it into the proper hands to do some good.

That said, if the remainder of BriansClub’s competitors want to use me to take down the rest of the carding market, I’m totally fine with that.

When Card Shops Play Dirty, Consumers Win 23

The BriansClub admin, defending the honor of his stolen cards shop after a major breach.


When Card Shops Play Dirty, Consumers Win 24

Tags: briansclub, MrGreen

You can skip to the end and leave a comment. Pinging is currently not allowed.

The Analogue Pocket might be the perfect portable video game system

0

Very few modern tech companies have executed on their mission as consistently, and at such a high level of quality, as Analogue. Analogue’s obsessively engineered modern consoles for old-school physical cartridge video games are museum-quality hardware design, housing specially tuned processors that offer pitch- and pixel-perfect play of all NES, Sega Genesis, SNES and other retro console games on modern HD TVs — and their new $199 Analogue Pocket aims to provide the best way to play classic portable console titles in similar high fidelity.

The Analogue Pocket is a portable gaming console that can play the entire library of Game Boy, Game Boy Color and Game Boy Advance games out of the box — natively, without emulation, so that the gaming experience is exactly as you remember it (or as it was intended, if this is your first experience with these classic titles). That’s not all, though: Using cartridge adapters, the Analogue Pocket can support Game Gear, Neo Geo Pocket Color, Atari Lynx and other games, too.

4 Analogue Pocket All

It uses two FPGAs (Field Programmable Gate Arrays), which are processors that have been programmed specifically to play these games back as they were originally intended, mimicking the operation of the original silicon found in the consoles that these games were designed for with the faithfulness of true restoration hardware. The result is a great gaming experience that will feel like the original — but played on the Analogue Pocket’s much more impressive hardware, which offers a 3.5-inch, 1600×1440 LCD display that provides a very high-resolution 615 ppi. For those keeping track, that’s 10 times the resolution of the original Game Boy display. And it’s color tuned for amazing color rendering and brightness — it could actually be the best display on a dedicated gaming device, period, let alone for a retro console.

The Analogue Pocket also works with an accessory called the Analogue Dock (sold separately, pricing TBD), which adds HDMI out and Bluetooth/wired controller support, to turn the Pocket into a home console for your big screen TV, too. The dock offers two standard USB ports for wired controllers, and its Bluetooth support works with any of 8Bitdo’s excellent gamepads. It’s basically a Switch, but for all your favorite Game Boy series games, and with what looks like much better-quality hardware.

6 Analogue Dock

That would be plenty to offer in a portable console, but the Analogue Pocket is designed to do more. It has a built-in synthesizer and sequencer for making digital music, and the second FPGA it’s packing is designed to be used specifically for development. It allows the development community to bring their own cores to the platform, which means it could potentially support a whole host of classic and ported games in the future.

Analogue Pocket is set to release some time in 2020, with a more specific date to be announced later. It’s a natural next step for the company that delivered excellent gaming experiences via the Nt Mini, the Super Nt and the Mega Sg, but it’s still a nice, exciting surprise to find out they’re tackling the rich history of mobile gaming next.

In the Accelerator over the Sea

0

In our oceans the scale of disasters is measured in millions, billions, and trillions, while solutions amount to single digits: individuals or institutions working to impact a chosen issue with approaches often both brilliant and quixotic. Putting such individuals in close contact with both whales and billionaires is the strange alchemy being attempted by the Sustainable Ocean Alliance’s Accelerator at Sea.

I and a few other reporters were invited to observe said program, a five-day excursion in Alaska that put recent college graduates, aspiring entrepreneurs, legends of the sea, and soft-spoken financial titans on the same footing: spotting whales from Zodiacs in the morning, learning from one another in the afternoon, and drinking whiskey good and bad under the Northern lights in the pre-dawn dark.

In the Accelerator over the Sea 25

The boat — no, not that big one, or that other big one… yes, that one.

In that time I got to know the dozen or so companies in the accelerator, the second batch from the SOA but the first to experience this oddly effective enterprise. And I also gathered from conversations among the group the many challenges facing conservation-focused startups.

(By way of disclosure, I should say that I was among four press offered a spot on the chartered boat; Those invited, from penniless students to deep-pocketed investors, could join provided they got themselves to Juneau for embarkation.)

The picture painted by just about everyone was one of impending doom from a multiplicity of interlinked trends, and as many different approaches to averting or mitigating that doom as people discussing it.

What’s the problem?

In Silicon Valley one grows so used to seeing enormous sums of money expended on things barely categorizable as irritations, let alone serious problems, that it is a bit bewildering to be presented with the opposite: existential problems being addressed on shoestring budgets by founders actually passionate about their domain.

Throughout the trip, the discussions had at almost every occasion, be it looking for bear prints in a tidal flat or visiting a local salmon hatchery, were about the imminent collapse of natural ecosystems and the far-reaching consequences thereof.

Overfishing, rising water temperatures, deforestation, pollution, strip mining, microplastics — everywhere we looked is a man-made threat that has been allowed to go too far. Not a single industry or species is unaffected.

It’s enough to make you want to throw your hands up and go home, which is in fact what some have advised. But the people on this boat are not them. They were selected for their dedication to conservation and ingenuity in pursuing solutions.

Of course, there’s no “solution” to the million of tons of plastic and oil in the oceans poisoning fish and creating enormous dead zones. There’s no “solution” to climate change. No one expects or promises a miracle cure for nature’s centuries of abuse at human hands.

But there are mitigations, choices we can make and technologies we can opt for where a small change can propagate meaningfully and, if not undo the damage we’ve done, reduce it going forward and make people aware of the difference they can make.

Small fish in a big, scary pond

The trip came right at the beginning of the accelerator, a choice that meant they were only getting started in the program and in fact had never met one another. It also meant in many cases their pitches and business models were less than polished. This is for the most part an early-stage program, and early in the program at that.

That said, the companies may be young but the ideas and technologies are sound. I expect to follow up with many as they perfect their hardware, raise money, and complete pilot projects, but I think it’s important to highlight each one of them, if only briefly. The accelerator’s demo day is actually today, and I wish I could attend to see how the companies and founders have evolved.

Some accelerators are so big and so general-purpose that it was refreshing to have a manageable number of companies all clustered around interlinked issues and united by a common concern. If young entrepreneurs trying to change the world isn’t TechCrunch business, I don’t know what is.

The problems may be multifarious, but I managed to group the startups under two general umbrellas: waste reduction and aquatic intelligence.

But before that I want to mention one that doesn’t fit into either category and for other reasons deserves a shout out.

coral vita

Coral Vita grows corals at many times their normal rate and implants them in dying reefs.

Coral Vita is working on a special method of fast-tracking coral growth and simultaneously selecting for organisms resistant to bleaching and other threats. The founder, Gator Halpern, impressed the importance of the coral systems on us over the trip, as did filmmaker Jeff Orlowski, who directed the harrowing documentaries Chasing Ice and Chasing Coral. (He gave a workshop on storytelling — important when you’re pitching a film or a startup.)

Gator is using a special method to grow corals at 50 times normal rates and hopefully resuscitate reefs around the world, which is awesome, but I wanted to put Coral Vita first because of a horribly apropos coincidence: Hurricane Dorian, the latest in a historically long unbroken line of storms, struck his home and lab in the Bahamas while we were at sea.

It was literally battering the islands while he was supposed to pitch investors, and he used his time instead to ask us to help the victims of the storm. That’s heart. And it serves as a reminder that these are not armchair solutions to invented problems.

If you can spare a buck, you can support Coral Vita and victims of Dorian in the Bahamas here.

Waste reduction

The other companies were addressing problems equally as destructive, if not quite so immediately so.

Humans produce a lot of waste, and a lot of that waste ends up in the ocean, either as whole plastic bags scooping up fish, microplastics poisoning them, or heavier trash cluttering the sea floor. These startups focused on reducing humanity’s deleterious effects on ocean ecosystems.

Cruz Foam is looking to replace one of my least favorite substances, Styrofoam, which I see broken up and mixed in with beach soil and sand all the time. The company has created a process that uses an incredibly abundant and strong material called chitin to create a lightweight, biodegradable packing foam. Chitin is what a lot of invertebrates use to form their shells and exoskeletons, and there’s tons of it out there — but the company has been careful to find ethical sourcing for the volume it need.

In the Accelerator over the Sea 26

Cruz Foam’s chitin-based product, left, and Biocellection’s plastic reduction process.

Biocellection is coming from the other direction, having created a process to break down polyethylenes (i.e. plastics) into smaller molecules that are useful in existing chemical processes. It’s actually upcycling waste plastic rather than repurposing it as a lower grade product.

Loliware was in SOA’s first batch, and creates single-use straws out of kelp material — a timely endeavor, as evidenced by the $6M round A they just pulled in, and backlog of millions of units ordered. Their challenge now is not finding a market but supplying it.

Dispatch Goods and Muuse are taking complementary approaches to reducing single-use items for take-out. Dispatch follows a model in use elsewhere in the world where durable containers are used rather than disposable ones for delivery items, then picked up, washed, and reused. Kind of obvious when you think about it, which is it’s common in other places.

Muuse (formerly Revolv) takes a more tech-centric approach, partnering with coffee shops to issue reusable cups rather than disposable ones. You can keep the cup if you want, or drop it off at a smart collection point and get a refund; RFID tags keep track of the items. Founder Forrest Carroll talked about early successes with this model on semi-closed environments like airports and college campuses.

repurpose screen

Repurpose is aiming to create a way to go “plastic neutral” the way people try to go “carbon neutral.” Companies and individuals can sponsor individual landfills where their plastics go, subsidizing the direct removal and handling costs of a given quantity of trash.

Finless Foods hopes to indirectly reduce the huge amount of cost and waste created by fishing (“sustainable” really isn’t) by creating lab-grown tuna tissue that’s indistinguishable from the real thing. It’s a work in progress, but they’ve got a ton of money so you can probably count on it.

Intelligence and automation

The technology used in the maritime and fishing industries tends toward the “sturdy legacy” type rather than “cutting edge.” That’s changing as costs drop and the benefits of things like autonomous vehicles and IoT become evident.

Ellipsis represents perhaps the most advanced, yet direct, application of the latest tech. The company uses camera-equipped drones using computer vision to inspect rivers and bodies of water for plastics, helping cleanup and response crews characterize and prioritize them. This kind of low-level data is largely missing from cleanup efforts, which gave rise to the name, which refers to both the peripatetic founder Ellie and the symbol indicating missing or omitted information

ellipsis gif

Ellipsis uses computer vision to find plastic waste in water systems.

For larger-scale inspection, autonomous boats like Saildrone are an increasingly valuable tool — but they cost hundreds of thousands of dollars and have their own limitations.

EcoDrone is a lower-cost, smaller, customizable autonomous sailboat that costs more like $2,500. Plenty of missions would prefer to deploy a fleet of smaller, cheaper boats than put all their hopes into one vessel.

seaproven

Sea Proven is going the other direction, with a much larger autonomous ship: 20 meters long with a full ton of payload space. That opens up entirely new mission profiles that use sophisticated, large-scale equipment and require long-term presence at sea. The company has two ships now embarking on a mission to track whales in the Mediterranean.

Nets and traps are notoriously dumb, producing a huge amount of “bycatch,” animals caught up in them that aren’t what the fishing vessel was aiming (or licensed) to collect. Smart Catch equips these huge nets with a camera that tracks and characterizes the fish that enter, allowing the owner to watch and monitor them remotely and respond if necessary.

smartcatch

Meanwhile “dumb” traps can still be smarter in other ways. Stationary traps in stormy seas are often lost, dragged along the sea bed to an unknown location, there to sit attracting hapless crab and fish until they fall apart centuries from now. Blue Ocean Gear makes GPS-equipped buoys that can be tracked easily, reducing the risk of losing expensive fishing kit and line, and preventing “ghost fishing.”

Connectivity at sea can be problematic, with satellite often the only real option. Sure, Starlink and others are on their way, but why wait? A system of interconnected floating hubs from ONet could serve as hotspots for ships carrying valuable and voluminous data that would otherwise need to be processed at sea or uploaded at great cost.

screen dashboard cable 1

And integrating all that data with other datasets like those provided by universities, ports, municipalities, NGOs… good luck getting it all in one place. But that’s the goal of SINAY, which is assembling a huge ocean-centric meta-database where users can cross-reference without having to sort or process it locally. Clouds come from oceans, right? So why shouldn’t the ocean be in the cloud?

Accelerator at Sea

The idea of commencing this accelerator program with a trip to southeast Alaska is a fanciful one, no doubt. But an influx of support for the accelerator’s parent organization, the Sustainable Ocean Alliance, made it possible. The SOA raised millions from the mysterious Pine and not-so-mysterious Benioffs, but it also made a deep impression on the founder of Lindblad Expeditions, Sven Lindblad, who offered not just to host the event but to attend and speak at it.

He joined several other experts and interesting people in doing so: Former head of Google X Tom Chi, Value Act’s Jeff Ubben, Gigi Brisson and her Ocean Elders, including Captain (ret.) Don Walsh, the first man to reach the bottom of the Challenger Depths in the Marianas Trench. He’s hilarious, by the way.

I met SOA founder Daniela Fernandez at a TechCrunch event a few years ago when all this was just one of many twinkles in her twinkly eyes, and it’s been rewarding to watch her grow a community around these issues, which have passionate supporters around the globe if you’re willing to look for them and validate their purpose. It’s not a surprise to me at all that she has collected such an impressive group.

The boat, departing from Juneau, made a number of stops at local places of interest, where we would meet locals in the fishing industry, whale researchers, and others, or hear about the local economy ecology from one of the boat’s designated naturalists. In between these expeditions we did team-building exercises, honed pitches, and heard talks from the people mentioned above on hiring practices, investment trends, history.

These people weren’t just plucked from from the void — they are all part of the extended community that the SOA and Fernandez have built over the last few years. The organization was built with the idea of putting young, motivated people together with older, more experienced ones, and that’s just what was happening.

gator jeff workshop

In a way it was what you might expect out of an accelerator program: Connecting startups with industry veterans and investors (of which there were several present) and getting them the advice and exposure they need. There was a pitch competition — the “Otter Sanctuary” (you had to be there).

But there was something very different about doing it this way — on a boat, I mean. In Alaska. With bears, whales, and the northern lights present at every turn.

“For the first time ever, we brought together a community of ocean entrepreneurs from all around the world and allowed them to become fully immersed in the environment that they have been working so hard to protect,” said Craig Dudenhoffer, who runs the accelerator program. “It was amazing to see the entrepreneurs establishing lifelong relationships with each other and with members of the SOA community. It might seem counter-intuitive for a technology entrepreneur, but sometimes you have to disconnect from technology in order to reconnect with your mission.”

In a normal startup accelerator, and in fact for the remainder of this one, aspiring entrepreneurs are living on their own somewhere, coming into a shared office space, attending office hours, meeting VCs in their offices or at demo days. That’s just fine, and indeed what many a startup needs — a peer group, a focal point in space and time, goals and advice.

On the boat, however, these things were present, but secondary to the experience of, say, standing next to someone under the aurora. I’m aware of how that sounds — “it was an experience, man!” — but there’s something fundamentally different about it.

In an office in the Bay Area, there is an established power structure and hierarchy. Schedules are adjusted around meetings, priorities are split, time and attention are devoted in formal 15-minute increments. On the boat there was no hierarchy, or rather the artificial one to which we would cleave in the city was flattened by the scale of what we were learning and experiencing.

In the Accelerator over the Sea 27

You’d be in a zodiac or pressed against the railing with your binoculars, talking about whales and the threat of microplastics with whoever’s next to you in a normal fashion, only to find out they’re a billionaire who you’d never be able to meet directly with at all, let alone on equal terms.

Sitting at breakfast one day the guy next to me started talking about hydrogen-powered trucking — I figured I’d indulge this harmless idealist. In fact it was Jeff Ubben and Value Act was investing millions in an ecosystem they fully expect to take over the west coast. This sort of encounter was happening constantly as people engaged naturally, acting outside the established hierarchies and power structures.

Part of that was the gravity of the issues the startups were facing, and which we were reminded of repeatedly by the impending hurricane, the hatchery warning of salmon apocalypse, the visibly collapsing ecosystems, and perhaps most poignantly by the changes seen personally by Don and Sven, who were been on the seas professionally long before I was even born.

“It’s like salmon eggs”

On the last night of the trip, I shared a glass of wine with Sven to talk about why he was supporting this endeavor, which was undoubtedly expensive and certainly unusual.

“From a business perspective, I depend on the ocean — but there’s a personal connection as well. I’m constantly looking for ways to protect what we depend on,” he began. “We have a fund that generates a couple million dollars a year, and we find different people that we believe in — that have an idea, a passion, intelligence. You meet someone like Daniela, you want to go to bat for them.”

Kristin Hettermann ALASKA SOA 39

“When you’re 21 or whatever, you have all these idealistic thoughts about making a difference in the world. They need support in a variety of ways — advice, finance, mentorship, all these things are part of the puzzle,” he said. “What SOA has done is recognize people that have a good idea. Left to their own devices most of them would probably fail. But we can provide some support, and it’s like with salmon eggs – maybe instead of one in a million surviving, maybe two, or five survive, you know?”

“Tech is a valuable tool, but it has to serve to support an idea. It isn’t the idea. Eliminating plastics and bycatch, making data more useful, putting sonar sensors on robotic boats, all very interesting. We need solutions, actions, ideas, as fast as we can, to accelerate the change in behavior as fast as we can.”

His earnest replies soon became emotional, however, as his core concern for the ocean and planet in general took over.

“We’re fucked,” he said simply. “We are literally destroying the next generation’s future. I’ve been with colleagues and we’ve wept over glasses of wine over what we’re doing.”

“I have two personalities,” he explained. “And most of my friends, associates, scientists have these dual personalities, too. One is when they look in the mirror and talk to themselves — that tends to be more pessimistic. But the other is the external personality, where being pessimistic is not helpful.”

“Something like this really activates that optimism,” he said. “At the end of the day young people have to grab their future, because we sure haven’t done a great job of it. They have to get out there, they have to vote, they have to take control. Because if the system really starts to collapse… I don’t think anyone even begins to understand the magnitude of it. It’s unfathomable.”

The Accelerator at Sea program was a fascinating experience and I’m glad to have taken part. I feel sure it was valuable for the startups as well, and not just because of the $25,000 they were each spontaneously awarded from the investors on board, who in closing remarks emphasized how important it is that startups like these and the people behind them are supported by gatekeepers like venture firms and press.

The combination of good times in nature, stimulating experts and talks, and a group of highly motivated young entrepreneurs was a powerful mixture, and unfortunately one that is difficult to describe even in 3,000 words. But I’m glad it exists and I look forward to following the progress of these companies and the people behind them. You can keep up with the SOA at its website.

The FrankOne is a simple and portable coffee brewing gadget

0

The FrankOne coffee maker, fresh off a successful crowdfunding campaign, is now available for purchase, and I got a chance to test out one of the first run of these funky little gadgets. While it won’t replace my normal pourover or a larger coffee machine, it’s a clever, quick and portable way to make a cup.

Designer Eduardo Umaña pitched me the device a little more than a year ago, and I was taken by the possibility of vacuum brewing — and the fact that, amazingly, until now no one from Colombia had made a coffee maker (it’s named after Frank de Paula Santander, who kicked off the coffee trade there). But would the thing actually work?

In a word, yes. I’ve tested the FrankOne a few times in my home, and, while I have a couple reservations, it’s a coffee making device that I can see myself actually using in a number of circumstances.

PA150003

The device works quite simply. Ground coffee goes in the top, and then you pour in the hot (not boiling!) water and stir it a bit — 30-50 seconds later, depending on how you like it, you hit the button and a pump draws the liquid down through a mesh filter and into the carafe below. It’s quick and almost impossible to mess up.

The resulting coffee is good — a little bit light, I’d say, but you can adjust the body with the size of the grounds and the steeping time. I tend to find a small amount of sediment at the bottom, but less than you’d get in a cup of French press.

Because it’s battery powered (it should last for ~200 cups and is easily recharged) and totally waterproof, cleaning it is a snap, especially if you have a garbage disposal. Just dump it and rinse it, give it a quick wipe and it’s good to go. It gets a bit more fussy if you don’t have a disposal, but what doesn’t?

PA150010

I can see this being a nice way to quickly and simply make coffee while camping — I usually do a French press, but sometimes drip, and both have their qualities and limitations. The FrankOne would be for making a single cup when I don’t want to have to stand by the pourover cone or deal with disassembling the French press for cleaning.

It’s also, I am told by Umaña, great for cold brew. I didn’t have the heart to tell him that I don’t really like cold brew, but I know many do, and Umaña promises the FrankOne works wonders in a very short time — four minutes rather than an hour. I haven’t tested that, because cold brew tastes like bitter chocolate milk to me, but I sincerely doubt he would mention it as many times as he did if it didn’t do what he said.

There are, I feel, three downsides. First, you’re pretty much stuck with using the included glass carafe, because the device has to create a seal around the edge with its silicone ring. It didn’t fit in my biggest mug, but you might find an alternative should the carafe (which I have no complaints about — it’s attractive and sturdy) crack or get lost.

PA150017

Second, it doesn’t produce a lot of coffee. The top line as indicated in the reservoir is probably about 10-12 ounces — about the size of a “tall” at a coffee shop. Usually that’s a perfect amount for me, but it definitely means this is a single-serving device, not for making a pot to share.

And third, for the amount of coffee it produces, I feel like it uses a lot of grounds. Not a crazy amount, but maybe 1.5-2x what goes into my little Kalita dripper — which is admittedly pretty economical. But it’s just something to be aware of. Maybe I’m using too much, though.

I reviewed the Geesaa a little while back, and while it’s a cool device, it was really complex and takes up a lot of space. If I wanted to give it to a friend I’d have to make them download the app, teach them about what I’d learned worked best, share my “recipes” and so on. There was basically a whole social network attached to that thing.

This is much, much easier to use — and compact, to boot. It’s a good alternative to classic methods that doesn’t try to be more than a coffee maker. At $120 it’s a bit expensive, but hey, maybe you spend that on coffee in a month.

And by the way, you can use the discount code “TC” at checkout to get 10% off — this isn’t a paid post or anything, Umaña’s just a nice guy!

Patch Tuesday, September 2019 Edition

0

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Patch Tuesday, September 2019 Edition 28Two of the bugs quashed in this month’s patch batch (CVE-2019-1214 and CVE-2019-1215) involve vulnerabilities in all supported versions of Windows that have already been exploited in the wild. Both are known as “privilege escalation” flaws in that they allow an attacker to assume the all-powerful administrator status on a targeted system. Exploits for these types of weaknesses are often deployed along with other attacks that don’t require administrative rights.

September also marks the fourth time this year Microsoft has fixed critical bugs in its Remote Desktop Protocol (RDP) feature, with four critical flaws being patched in the service. According to security vendor Qualys, these Remote Desktop flaws were discovered in a code review by Microsoft, and in order to exploit them an attacker would have to trick a user into connecting to a malicious or hacked RDP server.

Microsoft also fixed another critical vulnerability in the way Windows handles link files ending in “.lnk” that could be used to launch malware on a vulnerable system if a user were to open a removable drive or access a shared folder with a booby-trapped .lnk file on it.

Shortcut files — or those ending in the “.lnk” extension — are Windows files that link easy-to-recognize icons to specific executable programs, and are typically placed on the user’s Desktop or Start Menu. It’s perhaps worth noting that poisoned .lnk files were one of the four known exploits bundled with Stuxnet, a multi-million dollar cyber weapon that American and Israeli intelligence services used to derail Iran’s nuclear enrichment plans roughly a decade ago.

In last month’s Microsoft patch dispatch, I ruefully lamented the utter hose job inflicted on my Windows 10 system by the July round of security updates from Redmond. Many readers responded by saying one or another updates released by Microsoft in August similarly caused reboot loops or issues with Windows repeatedly crashing.

As there do not appear to be any patch-now-or-be-compromised-tomorrow flaws in the September patch rollup, it’s probably safe to say most Windows end-users would benefit from waiting a few days to apply these fixes. 

Very often fixes released on Patch Tuesday have glitches that cause problems for an indeterminate number of Windows systems. When this happens, Microsoft then patches their patches to minimize the same problems for users who haven’t yet applied the updates, but it sometimes takes a few days for Redmond to iron out the kinks.

The trouble is, Windows 10 by default will install patches and reboot your computer whenever it likes. Here’s a tutorial on how to undo that. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

Most importantly, please have some kind of system for backing up your files before applying any updates. You can use third-party software to do this, or just rely on the options built into Windows 10. At some level, it doesn’t matter. Just make sure you’re backing up your files, preferably following the 3-2-1 backup rule.

Finally, Adobe fixed two critical bugs in its Flash Player browser plugin, which is bundled in Microsoft’s IE/Edge and Chrome (although now hobbled by default in Chrome). Firefox forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are here. Adobe will stop supporting Flash at the end of 2020.

As always, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.


Patch Tuesday, September 2019 Edition 29

Tags: .lnk, adobe flash player, Microsoft Patch Tuesday September 2019, Qualys, Stuxnet

Both comments and pings are currently closed.

Level Home emerges from stealth with $71M from Walmart and Lennar and a new take on the smart lock

0

As companies like Google, Amazon and Apple hone their strategies to build the brain that helps you use the smart home of the future, where a new wave of internet-enabled appliances, climate and security systems and other connected objects can be connected and controlled through their hubs, a new smart home startup called Level Home is emerging from stealth today with a big packet of funding, a sales deal, and a hope of bringing something new to the table, by focusing on ways of rethinking old things you own already, starting with the lock on your front door.

The Level Lock, its first patented product, is a system — tested for durability, powered by a basic CR2 battery (average life: one year), equipped with ANSI GRADE 1/A security and encryption — that is fitted into the existing dead bolt on your door to make it “smart”.

Level Home says you can install the Lock yourself using a basic number-two screwdriver — “the most common tool in the American home”, says CEO and co-founder John Martin — or you can engage Level Home’s installation partner, HelloTech, to set it up.

The key thing (heh) with the Level Lock is that you door will not look any different after you install it. But linking it up with HomeKit, you can then use an Apple iPhone or Watch to unlock it (or, you can also still use the physical keys that come with the lock to open the door). Through the app, you can then also provide one-off or repeat access to others and monitor who comes and goes.

“We like to think of this as the first invisible smart lock,” Martin said in an interview. “Why would we take the things away that matter, that are a part of who you are such as the look of your home, just in the name of tech? We have to do a better job of bringing technology into your house, in a way that preserves it as your home.”

Screenshot 2019 10 15 at 09.36.52

Priced at $249 when it goes on direct sale (first in the US), the Lock is available now for preorder on Level Home’s site. But when the Lock does become generally available, you will be able to get it in more places beyond Level Home’s site, and at a lower price.

That’s because, along with the launch of the Level Lock and the company itself, Level Home is also announcing that it has raised $71 million in funding in the years that it has been in stealth.

Investors include a firm called Hut 8 Ventures (not connected to Hut 8 cryptocurrency mining, I’m told), Lennar Homes — the home builder that has worked with the likes of Apple and Amazon to incorporate connected features into new properties, and is a prolific investor in startups focused on the next generation of homes — and Walmart.

The retail giant has been working double time to “level up” to Amazon on the e-commerce front, building a range of services online and increasing the ways in which it can connect with shoppers beyond visits to its large retail locations, and while Level Home is not disclosing any details yet on how it will work with its strategic investors, you could imagine its involvement having more than one touchpoint.

It could be a very strong sales channel for the Level Lock through its many well-visited retail locations.

But it could also be sold potentially as part of a bigger service offering, in competition with something like Amazon Key, where Walmart offers smart locks to its customers as part of a bigger home delivery business.

Walmart started down this road back in 2017, when it first partnered with smart lock maker August to test in-home delivery. Today — Level Home’s launch was timed to coincide with this, it seems — Walmart is taking that out of the test phase with the launch of InHome Delivery.

Going live first in Kansas City, Pittsburgh and Vero Beach, Walmart has chosen Level Lock as its key partner for door locks, installing locks for customers at a price of $49 so that Walmart delivery people can bring items you’ve purchased or pick up those you’re returning even when you are not at home. (The service itself costs $19.99 per month for membership and if you opt for garage delivery you’re sold a different lock, from GoControl.)

“We’re pleased to make an investment in Level Home as they unveil their latest technology, the Level Lock,” said Ashley Hubka, Senior Vice President of Corporate Strategy, Development and Partnerships, Walmart, in a statement. “Smart technology products and home automation provide us with more opportunities to serve customers in new ways today and into the future.”

Partnerships with the likes of Walmart and Lennar sound like a big deal, considering that the company hasn’t tested its product or brand in the market, and the area of smart home hardware is also very crowded already.

Part of the reason for the leap may be because of the background of the founders. John Martin (CEO) and Ken Goto (CTO) have worked together for decades across a range of major tech and other consumer companies including Microsoft, Starbucks and Apple. Underneath them, they have assembled a wider team of about 50 of like-minded people to bring that vision into the physical world.

“Much of the current company are people from Google, Microsoft, and Facebook and others,” said Goto. “We have a shared level of talent and capability.”

To be very clear, Martin and Goto are very far from the image of young startup-hopefuls. Martin told me he didn’t even really like the term “startup.” Instead, the two are taking a measured and very confident approach to the bigger task of thinking about how to approach a new generation of hardware.

For them, it isn’t so much as “disrupting” what is already being used, as it is trying to augment it to bring in a wider population of adopters beyond those who embrace the cutting edge of tech.

“We could have made anything for the connected home, so and we thought for weeks about what to invent,” Martin told me about the pair’s decision to focus first on the front door lock three years ago.

“We had a couple of fundamentals: we wanted products for everyday life, and we didn’t want home automation out of the mainline of what normally happens. We didn’t want lightbulbs to change color for the sake of it, and we didn’t want to appeal just to the tech professional. So we thought entry was the right point to start.”

Or, you could say entry was a good point of entry.

Of course, Level Home isn’t the first to cotton onto this progression of logic. Smart doors and smart locks are everywhere now and have been one of the biggest areas of “smart home” hardware — although ironically, they are not being used all that much.

“When we looked at first generation smart locks, we were offended by how aggressively the experience was departing from how people use locks today.” By this, Martin is referring to things like physical keys, or aesthetically pleasing doors and locks without large electronic objects attached to them.

Indeed, the smart home market has not been a home run so far, but it shows some promise. Overall, smart home devices are services are projected to generate revenues of nearly $74 million this year, nearly doubling to $141 billion by 2023. A stream of hardware sales will underpin that growth, with some 140 million smart locks and other home security devices — the second-biggest category after video entertainment — expected to be shipped this year, growing to 352 million by 2023 globally.

But within that, penetration has not been massive. In Europe, only around 11% of homes have smart home devices in them (not counting phones). In the US, the figure is only slightly higher, at 15%. That speaks to a still-nascent market, but also the fact that many people’s imaginations, and crucially wallets, have get to be captured by what is on offer today.

That spells opportunity for the smart home entrepreneurs, and investors willing to take the leap to back them.

Martin and Goto said that they have a pipeline of several other products that they will be working on, although for now, they are keeping quiet on what those might be.

I’ve searched and can only so far find patents for the Lock system, but the two tell me that the basic idea will be to continue presenting alternative versions of the smart home: to quietly make our lives at home easier and more connected, but without any massively perceptible shifts on the outside, or none that wouldn’t feel natural to the average user.

What might that mean? That could be more “smartening” of dumb things in the way that Level Home has done with the dead bolt, or potentially a kind of skeuomorphic approach, but for physical objects (maybe even in a tip of the hat to their early Apple pedigree). Move slow, don’t break things.

In a market with a lot of options for how to bring more modern objects into the mix that genuinely look like the future, this could be a good differentiator.

“Level Home’s unique approach and technology is a game changer for homebuilders,” said Eric Feder, Managing General Partner, Lennar Ventures, in a statement. “As one of the nation’s leading home builders, Lennar is founded on a long tradition of quality craftsmanship and attention to detail. The Level Lock will transform the smart lock category by allowing home builders to offer innovation without having to compromise on their home experience.”

Follow threeblocksaway | styleandeasy

0FansLike
0FollowersFollow
34FollowersFollow
7SubscribersSubscribe

EDITOR PICKS