King.com Has IPO In The Works

King.com Ltd, the British mobile gaming firm best known for its popular puzzle game ‘Candy Crush Saga’, has filed confidentially for an initial public offering (IPO) in the United States, a person familiar with the matter said on Sunday.

Online technology companies are rushing to the stock market on the backs of Twitter Inc’s announcement earlier this month that it plans to go public in the most eagerly anticipated IPO since last year’s flotation ofFacebook Inc.

Emerging growth companies such as King can use a secretive IPO registration process in the U.S. thanks to the Jumpstart Our BusinessStartups (JOBS) Act, which loosened a number of federal securities regulations in hopes of boosting capital raising and thereby increasing job growth.

King has hired Bank of America Merrill Lynch Corp, Credit Suisse Group AG and JPMorgan Chase & Co to lead the offering, said the person, confirming an earlier report by the Daily Telegraph and asking not to be identified because the information is confidential.

Representatives for King and the banks either declined to comment or did not respond to requests for comment.

King offers 150 games in 14 languages through mobile phones, Facebook and its website. It boasts more than 1 billion gameplays per day from its users.

The company’s games appeal to a growing trend for players to play puzzles with their friends in short bursts, especially as games are increasingly played on the move on phones or tablets to kill spare minutes.

Rival Zynga Inc went public two years ago in a high-profile IPO that raised $1 billion. Since then, Zynga has suffered from sagging morale during several quarters of worsening performance and repeated waves of layoffs.

Founded in 2003, King has been profitable since 2005 and has not had a funding round since September of that year, when it raised 34 million euros ($46.04 million) from investment firms Apax Partners and Index Ventures.

Source

Google Snubs Privacy

Search giant Google has told the British government it is immune to prosecution on privacy issues and it can do what it like. The US Company is accused of illegally snooping on its British customers by bypassing privacy settings on Apple devices, such as iPads, to track their browsing history.

A group of British people took Google to court but the search engine is trying to get the case thrown out. Its argument is that it is not subject to British privacy law because it is based in California. This is the second time that Google has tried to avoid British law by pretending to operate in another country. It has come under fire for failing to pay tax in the UK

Nick Pickles, director of Big Brother Watch, said: ‘It is deeply worrying for a company with millions of British users to be brazenly saying they do not regard themselves bound by UK law. Solicitor Dan Tench, of law firm Olswang, said this was another instance of Google being here when it suits them and not being here when it doesn’t. Ironically when the US ordered Google to stop what it was doing, it forced the search engine to pay a $22.5million to regulators.

There are some indications that Google may not get its way. In July the Information Commissioner’s Office told Google its privacy rules breached UK law so it will be very hard for it to stand up in court and say it didn’t.

Source

Google Encrypts Data

Google officially announced it will by default encrypt data warehoused in its Cloud Storage service.

The server-side encryption is now active for all new data written to Cloud Storage, and older data will be encrypted in the coming months, wrote Dave Barth, a Google product manager, in a blog post.

“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” Barth wrote. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”

The data and metadata around an object stored in Cloud Storage is encrypted with a unique key using 128-bit Advanced Encryption Standard algorithm, and the “per-object key itself is encrypted with a unique key associated with the object owner,” Barth wrote.

“These keys are additionally encrypted by one of a regularly rotated set of master keys,” he wrote. “Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”

Data collection programs revealed by former U.S. National Security Agency contractor Edward Snowden have raised questions about U.S. government data requests made to Internet companies such as Google for national security investigations.

A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.

“Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process,” she wrote. “When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.”

Source

Chinese Hackers Go After Dissidents

The “Comment Crew,” a group of China-based hackers whose outing earlier this year in major media outlets caused a conflict with the U.S., have resumed their attacks against dissidents.

FireEye, a security vendor that specializes in trying to stop sophisticated attacks, has noticed attackers using a fresh set of tools and evasion techniques against some of its newer clients, which it can’t name. But Rob Rachwald, director of market research for FireEye, said in an interview Monday that those clients include an organization in Taiwan and others involved in dissident activity.

The Comment Crew was known for many years by security analysts, but its attacks on The New York Times, described in an extensive report in February from vendor Mandiant, thrust them into an uncomfortable spotlight, causing tense relations between the U.S. and China.

Rachwald said it is difficult to determine if the organizations being targeted now were targeted by the Comment Crew previously, but FireEye said last month that the group didn’t appear to be hitting organizations they had compromised before.

Organizations opposing Chinese government policies have frequently been targeted by hackers in what are believed to be politically motivated surveillance operations.

The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven’t gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn’t stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.

“If you look at it from a chronological perspective, this malware hasn’t been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”

FireEye researchers Ned Moran and Nart Villeneuve described the new techniques on Monday on FireEye’s blog.

Two malware samples, called Aumlib and Ixeshe, had been used by the Comment Crew but not updated since 2011. Both malware programs have now been altered to change the appearance of their network traffic, Rachwald said.

Many vendors use intrusion detection systems to spot how malware sends data back to an attacker, which helps determine if a network has been compromised. Altering the method and format for how the data is sent can trick those systems into thinking everything is fine.

In another improvement, encryption is now employed to mask certain components of the programs’ networking communication, Rachwald said. The malware programs themselves, which are designed to steal data and log keystrokes, are basically the same.

Mandiant’s report traced the hacking activity to a specific Chinese military unit called “61398.” The company alleged that it waged a seven-year hacking spree that compromised 141 organizations.

Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.

Source

PayPal Extend Bug Bounty

PayPal is expanding its bug bounty program to individuals aged 14 and older, a move intended to reward younger researchers who are technically ineligible to hold full-fledged PayPal accounts.

PayPal’s program, which is a year old this month, only applied to those 18 years and older. Under the old rule, participants in the program were required to hold valid accounts, which excluded minors, said Gus Anagnos, PayPal’s director of information security.

In May, 17-year-old Robert Kugler, a student in Germany, said he’d been denied a reward for finding a vulnerability. PayPal said the bug had already been found by two other researchers, which would have made Kugler ineligible for bounty.

In an apparent miscommunication, Kugler said he was initially told he was too young rather than the bug had already been discovered. Nonetheless, PayPal said it would look to bring younger people into its program, which pays upwards of $10,000 for remote code execution bugs on its websites.

Those who are under 18 years old can receive a bug bounty payment through a PayPal student account, an arrangement where a minor can receive payments via their parent’s account, Anagnos said.

Anagnos said other terms and conditions have been modified to make its program more transparent, such as clarifying which PayPal subsidiaries and partner sites qualify for the program.

PayPal pays much less for vulnerabilities on partner websites, which have a URL form of “www.paypal-__.com.” A remote execution bug found on that kind of site garners only $1,500 rather than up to $10,000 on the company’s main sites.

Like other bug bounty programs run by companies such as Microsoft and Google, PayPal will publicly recognize researchers on its website with a “Wall of Fame” for the top 10 researchers in a quarter. Another “honorable mention” page lists anyone who submitted a valid bug for the quarter.

Eusebiu Blindu, a testing consultant from Romania, was one of the researchers listed on the Wall of Fame for the first quarter of this year.

“I think Paypal is the best bug bounty program, and I am glad I participated in it from the first days of its launching,” he wrote on his blog.

Source

Yahoo Still Playing Pac-Man

Yahoo announced on Wednesday that it bought Qwiki for an undisclosed sum, as the firm’s spending spree continues.

Qwiki started out as a video focused search engine in 2011, before making its way into the iTunes Store as an app that turns images and videos into digital story boards.

Yahoo announced its acquisition of Qwiki on Wednesday, although it kept quiet about what it plans to do with the company and how much it spent. However, according to Allthingsd, Yahoo spent approximately $50m to further expand its digital offerings.

What’s more, while it’s unclear what Yahoo’s plans are at present, it’s likely that the firm is looking to challenge Vine and Instagram in the social video market.

Yahoo announced the news, naturally, on Tumblr. It said, “We’re excited to announce that Yahoo acquired Qwiki – a company that uses awesome technology to bring together pictures, music and video to capture the art of storytelling.

“We will continue to support the Qwiki app, and the team will join Yahoo in our New York city office to reimagine Yahoo’s storytelling experience. Stay tuned … there’s much more to come!”

Qwiki also had something to say, posting on its website, “Thank you for being a part of our story – one which is far from over. The Qwiki app will live on as a standalone entity inside Yahoo, where we will grow our thriving community and where our team will continue to work to help you share life’s best experiences.

“We are proud of the work we’ve done, and humbled by unwavering support from the NY tech community. New York is such a big part of who we are, and what we will become.”

Yahoo’s buyout of Qwiki is the latest in a series of acquisitions by the firm. Recently the firm announced that it bought Tumblr for a cool $1.1bn, with Yahoo CEO Marissa Mayer promising “not to screw it up”.

Source

Office 365 Goes Yammer

Microsoft has taken the first step in its integration roadmap for SharePoint and Yammer, allowing Office 365 customers to swap SharePoint Online’s activity stream with Yammer’s.

This first, modest integration point will let SharePoint Online users click on the Yammer link and launch a separate browser window where they’re asked to sign in.

Later this year, Microsoft will deepen the integration with a single sign-on and the addition of Yammer to the main Office 365 interface, which will begin to merge the two products’ user experience.

Next month, Microsoft will release a Yammer application for SharePoint that will let users embed a Yammer group feed into a SharePoint site. The application will work both with SharePoint Online and with the on-premises version of the server SharePoint 2013.

Also in July, Microsoft will provide instructions for replacing the SharePoint 2013 newsfeed with Yammer’s.

For now, the first integration step in optional, but Microsoft is strongly suggesting that Office 365 customers make the activity stream switch to Yammer.

“Our recommendation is to use Yammer, since it’s our big bet for enterprise social, and we’re committed to making it the underlying social layer for all our products,” wrote Christophe Fiessinger, a Microsoft Office Division product marketing manager, in a blog post.

Customers should also accompany the technical change with an outreach effort to promote the benefits of using the enterprise social networking features of Yammer, according to Fiessinger.

“To drive adoption and really get the value out of Yammer, you need a strategy, advocates, and openness to the way it will transform the way people in your organization work and communicate,” he wrote.

Microsoft bought Yammer for $1.2 billion in mid-2012 in order to boost the development and availability of enterprise social collaboration features in SharePoint and in other Office and Microsoft business software like the Dynamics applications.

Microsoft makes a convincing case for the benefits of integrating Yammer with SharePoint and its other software to provide a common social collaboration layer, but the process is clearly complicated and will take years.

Source

Twitter’s Authentication Has Vulnerabilities

Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.

Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.

According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.

An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.

This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.

When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.

Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.

As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.

Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.

Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.

Source

Is Yahoo Really Back?

Yahoo has once again made the list as one of the world’s 100 most valuable brands.

The Internet company nabbed the 92nd spot in the annual list of global companies from multiple industries including technology, retail and service, released Tuesday by BrandZ, a brand equity database. The ranking gave Yahoo a “brand value” of US$9.83 billion, which is based on the opinions of current and potential users as well as actual financial data.

Apple occupied the number-one position on the list, with a brand value of $185 billion. Google was number two, with a value of roughly $114 billion.

The BrandZ ranking, commissioned by the advertising and marketing services group WPP, incorporates interviews with more than 2 million consumers globally about thousands of brands along with financial performance analysis to compile the list. Yahoo last appeared on the list in 2009 at number 81.

Yahoo’s inclusion on the 2013 list comes as the Internet company works to reinvent itself and win back users. Previously a formidable player in Silicon Valley, the company has struggled in recent years to compete against the likes of Google, Facebook and Twitter.

Improving its product offerings on mobile has been a focus. New mobile apps for email and weather have been unveiled, along with a new version of the main Yahoo app, featuring news summaries generated with technology the company acquired when it bought Summly.

Most notably, Monday the company announced it is acquiring the blogging site Tumblr for $1.1 billion in cash. Big changes to its Flickr photo sharing service were also announced.

Yahoo’s rebuilding efforts have picked up steam only during the last several months, but the 2013 BrandZ study was completed by March 1.

However, last July’s appointment of Marissa Mayer as CEO likely played a significant role in the company’s inclusion in the ranking, said Altimeter analyst Charlene Li. “Consumer perception has gone up since then,” she said.

“Yahoo’s leadership has a strong sense of what they want to do with the brand,” she added.

Yahoo’s 2012 total revenue was flat at $4.99 billion. However, after subtracting advertising fees and commissions paid to partners, net revenue was up 2 percent year-on-year.

Source

Yahoo On A Buying Spree

Yahoo has purchased a mobile gaming company, Loki Studios, taking its total acquisitions this month to four.

The company said over the weekend it welcomed Loki, Astrid, GoPollGo and MileWise to its growing mobile team. “We recently added 22 entrepreneurs to our growing mobile team,” the company said in a Twitter message in a possible reference to some of the people from the four companies who have moved to Yahoo.

Loki’s flagship application is its location-aware game, Geomon. “We are thrilled to be joining the exceptional folks at Yahoo!. We believe fully in their commitment to creating outstanding mobile products,” the Loki team said on their website.

Earlier in the week, Yahoo also acquired GoPollGo, a social polling tool. The company’s founder and team said they were moving to Yahoo, and would no longer be supporting their offerings.

It is not clear whether Yahoo has bought all these companies for their products and technology or just to get their experienced staff in the area of mobile as it tries to build up its own mobile capabilities. The way the services are being shut down suggests that their user base did not particularly interest Yahoo. The company could not be immediately reached for comment.

Source

« Previous Page — Next Page »