Posts tagged Fail

How Blackphone Turned A Security Fail Into A Win

Last year, privacy-focused Blackphone got a dubious distinction: It became known as the locked-down phone that supposedly got hacked in just 5 minutes.

Things have changed. Now, it’s a whole mobile product line geared for companies (and perhaps paranoid individuals), a brand-new acquisition for encryption services firm Silent Call, and a multi-million dollar enterprise with nearly $750 million in device sales.

The group introduced its latest devices this week at Mobile World Congress—the Blackphone 2 smartphone and its first tablet, currently dubbed Blackphone+. But what was really on display was the company’s uncanny knack for turning a well-publicized security flub into a win.

Meet Blackphone 2 And Blackphone+


As far as upgrades go, the 5.5-inch Blackphone 2 looks like a decent successor to last year’s original 4.7-inch Blackphone.

Like most second-generation phones, version 2 offers several hardware improvements, including a faster 64-bit 8-core processor, more memory (3GB), a bigger battery and a larger display. The phone also ties into Citrix’s Mobile Device Management, so IT departments can manage employees’ company-supplied or BYO (“bring your own”) phones. Blackphone 2 is priced at $630 (unlocked) and slated for a July release. Soon after, it will be joined by the company’s first tablet, the 7-inch Blackphone+, sometime this fall. 


The original Blackphone (left) and Blackphone 2 exhibition unit (right)

Both run Blackphone’s PrivatOS software, a variation on Android designed as an extra layer of protection between users and the big, bad outside world. When apps unnecessarily ask for personal data, like contacts or location, Blackphone can intercept the request, blocking or obscuring it. The software can even fool the app into thinking the user granted access, even if he or she didn’t.

“You can take an Android device, you can root it, introduce [similar] features, and after months, you can have something like Blackphone,” said Javier Agüera, Blackphone’s founder and now a chief scientist at Silent Call. “Or you can have an out-of-the-box device, with everything set up by security specialists, that’s enterprise ready and configured the way you need it.”


PrivatOS boasts new virtualization feature called “Spaces,” which offers separate “work” and “personal” modes, the ability to add profiles and an app store vetted by Blackphone. The technology’s encryption protocols also save keys on the device itself, not some unknown remote server. The phone’s price includes two years of security services that guards against unsafe WiFi networks, private browsing, and secure cloud file storage.

Sounds like a lot of protection, at least, it’s more than most users are accustomed to getting. It all goes back to Blackphone’s mission: The company wants to safeguard people. It seems sincere—even though a hacker actually did manage to breach those walls last year.

Turning Hackers Into BFs


PrivatOS running on last year’s model

At hacking convention DefCon last year, CTO Jon “Justin” Sawyer of Applied Cybersecurity LLC told Blackphone that he managed to get past its security to root its device. What’s more, he tweeted the exploit, which landed on BlackBerry sites and other tech blogs.

Sawyer found a couple of weak spots in the software, including a hole in the remote wipe feature that let the security expert access the device and grant himself system privileges. He was able to give himself access to core parts of the phone. But what gets less attention, the execs said, is that the company had already patched the hole.


Sawyer essentially attacked an old, outdated version of the software. Even so, the incident and publicity could have humiliated Blackphone right out of the market. It didn’t. Instead, the company is milking it. 

The team thanked Sawyer for the discovery and sent him a bottle of wine. Then it enlisted others to scope out any other vulnerabilities. 

According to Vic Hyder, Silent Call’s chief strategy officer, Blackphone recently launched a bug bounty program to reward people for finding security glitches—from $128 to more, depending on the severity. (Bounties are fairly common in the tech industry; even big companies like Facebook, Google and Microsoft offer rewards to bug hunters.)

“[It] makes them part of the solution, instead of part of the problem,” Hyder said. “It brings everybody in as a participant.” Even Sawyer, now a friend of Blackphone, helps out by looking for other vulnerabilities. The company publishes all of its source code, to help make it easier for people to find holes.

So far, Hyder estimates that the company has paid out about $15,000 to $20,000 in bounties.

Throwing Shade

“Nothing is hack-proof,” admits Daniel Ford, chief security officer.

However, he says his company can help guard against certain types of attacks. “Targeted attacks are completely different than mass surveillance,” he said.” There’s little Blackphone or anyone can do against the former, such as last year’s breach at Sony Pictures—which may have been a specific retaliation for The Interview, a comedy that poked fun at North Korea. 


Sony’s “The Interview” made fun of North Korea’s regime, which may have been responsible for hacking the movie studio. 

Ultimately, if a hacker wants your data badly enough—whether it’s a criminal or a NSA agent—he or she has innumerable tools that can help get it. No platform can hold up against that, he explained.

But when it comes to broader mass surveillance, Ford said Blackphone can step in and offer more protection. “This is where our commitment is: If there is a vulnerability that was disclosed publicly, we will fix it in less than 72 hours,” he said. “We have done so every time. That is our goal … the last time, it took only 6 hours.”

“Samsung had two critical vulnerabilities that was released two weeks ago,” he added, calling out one of his archrivals in the enterprise market, albeit for a vulnerability in its TV business. Still, he couldn’t resist poking at Samsung’s overall attitude toward security: “They have not even started to address it,” he said. 


Photos by Adriana Lee for ReadWrite

View full post on ReadWrite

When Big Brands Fail With Local SEO – Search Engine Land


Search Engine Land
When Big Brands Fail With Local SEO
Search Engine Land
So, it may come as a surprise to hear that big brands and franchises still struggle when it comes to Local SEO. They benefit from regional exposure and brand recognition. They usually have deep pockets and the digital clout (domain authority) to

and more »

View full post on SEO – Google News

When Big Brands Fail With Local SEO

Large, multi-location are poised for local search success, yet it often eludes them. Contributor Jared Del Prete provides some solutions to common roadblocks.

The post When Big Brands Fail With Local SEO appeared first on Search Engine Land.



Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

7 Reasons Your SEO Campaign Will Fail and What You Can Do About It – Search Engine Watch

7 Reasons Your SEO Campaign Will Fail and What You Can Do About It
Search Engine Watch
Most SEO campaigns are destined for failure because expectations are too high, budgets are too low, decisions are made based on assumptions instead of data and customer expectations are misunderstood. Whether you're managing a campaign yourself, …

View full post on SEO – Google News

7 Reasons Your SEO Campaign Will Fail and What You Can Do About It

Whether you’re managing a campaign yourself, or you’ve hired an SEO professional, ask these 7 questions to determine if your campaign is on the right track.

View full post on Search Engine Watch – Latest

Google Quick Answer Fail: NSFW Advice On “How To Eat Sushi”

Google continues to expand the number of quick answers it offers in its results, as well as the size of those answers themselves. But since Google takes these answers from other sites without any human review, that can lead to goofs. The latest: some advice on eating sushi that might not go down…



Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

#AskCostolo Highlights Twitter’s Harassment Fail

Twitter CEO Dick Costolo was interviewed on CNBC on Tuesday, and the network invited Twitter users to ask him questions about the social network with the hashtag #AskCostolo. It could have been an opportunity for the company to address users’ concerns over safety and harassment on Twitter, but the questions were never asked.

Over 30% of the questions sent via the hashtag #AskCostolo had to do with safety on Twitter, but Costolo didn’t address them. Instead CNBC asked softball questions the network chose, largely pertaining to the company’s earnings call Tuesday afternoon. 

Reporting harassment on Twitter can be a problem. As many users note, it can take months for the company to respond to someone’s complaints. The company’s privacy policy regarding blocking and harassment focuses on the victim’s behavior rather than that of the harasser.

See also: Twitter Reverts Blocking Policy After User Outrage

Twitter has had problems with these issues in the past. Last year, the company changed its blocking policy so that it effectively “muted” other users instead of preventing them from following someone. At the time, Twitter justified the move by noting that users can get antagonistic once they realize they’ve been blocked and suggesting that inconspicuously hiding their interactions with the blocking users—i.e., muting them—offered a better solution.

The move caused an uproar on Twitter from people who had suffered harassment, and Twitter reversed its decision a few hours later. (It has since implemented a mute function.)

Tuesday’s #AskCostolo questions show that dealing with harassment on Twitter is as bad as ever.

The discussion of safety and blocking on Twitter comes at a time when the tech industry is working to bring more diversity into the workforce. In fact, Twitter recently released workplace statistics, showing that 90% percent of its technical workforce is male.

Of course, Twitter is a public social network, so there’s an argument that users should expect the trolls. But when tweeting turns into harassing or stalking, the company has a responsibility to enable safe and efficient means of reporting and ending the harassment—especially if, like Twitter, it has an entire team dedicated to the safety of its users

It’s high time for Twitter to answer those questions.

Updated 4:27p.m.: Updated to clarify Twitter didn’t pick the questions CNBC asked.

Lead image via TechCrunch on Flickr

View full post on ReadWrite

Hiring for Growth: 13 Fail Proof Ways to Streamlining the Process by @YEC

When your new company actually starts to grow, the celebration might be short-lived—growing pains are very real, particularly when it comes to staffing up in a shorter time frame than you’re used to. Every decision you make during a growth spurt impacts your future, but no individual decision matters as much as the people who show up to work for you each day. Curious about how to avoid costly, time-consuming hiring mistakes—and how to streamline the recruiting process overall—we asked 13 founders and YEC members who’ve been there to share their best tips for hiring smart. Test in Small Doses Rather than diving all […]

The post Hiring for Growth: 13 Fail Proof Ways to Streamlining the Process by @YEC appeared first on Search Engine Journal.

View full post on Search Engine Journal

Why Your Content-Based SEO Strategy Will Eventually Fail – Marketing Land

Why Your Content-Based SEO Strategy Will Eventually Fail
Marketing Land
Over the past few years, most savvy search engine optimizers (SEOs) have traded in their outdated SEO tactics for a more modern, content-focused strategy. This is great, but make no mistake — content, even really good content, will eventually fail to
Why Your Basic SEO Strategy May Be Weakening Your Content GameThe Content Standard by Skyword (blog)

all 2 news articles »

View full post on SEO – Google News

Websites Fail Page Speed Test: 4 Things You Need to Know [Study]

Internet marketing company Portent recently tested 500 e-commerce sites using YSlow to gather basic performance data and found 50 percent of the websites audited had an average load time of 5+ seconds with a standard deviation of 8 seconds.

View full post on Search Engine Watch – Latest

Go to Top
Copyright © 1992-2015, DC2NET All rights reserved