Archives

December, 2013

Google To Close Bump And Flock, Its Recently Acquired File Sharing Apps

Bump Hands

Bump and Flock, the file sharing apps Google acquired last fall, will be shut down by the end of this month. Both apps will stop working and be removed from Google Play and the App Store on January 31, Bump confirmed on its blog today.

Google bought Bump Technologies, which make both apps, back in September, and Android Police reports that work on the app appeared to stop shortly after the acquisition.

Bump, which let users tap phones together to share contacts and other files, raised nearly $20 million and enjoyed high download rates, but failed to monetize successfully as other easy, mobile-friendly ways to share information were developed, most notably Apple’s AirDrop for iOS 7. Flock is a collaborative photo-sharing app Bump Technologies released in 2012.

As TechCrunch’s Josh Constine wrote in September, the sale wasn’t an acquihire, but Google might plan to turn Flock into part of Google+ in order to compete with Facebook’s photo sharing and Dropbox’s photo saving services, especially since Google+’s Party Mode, a photo sharing service based around events, failed to gain real traction. The acquisition of Bump Technologies also gave Google access to several mobile communication patents that could help it improve Android and create better alternatives to near-field communication (NFC).

When the startup announced its acquisition by Google, co-founder David Lieb said in a statement that “We strive to create experiences that feel like magic, enabled behind the scene with innovations in math, data processing, and algorithms. So we couldn’t be more thrilled to join Google.” The acquisition price was undisclosed but sources told TechCrunch it was around $35 million, a relatively low amount considering how much funding Bump had raised. Bump’s investors included Y Combinator, Sequoia Captial, Felicis Ventures, SV Angel, Andreessen Horowitz, and many angels.

Confirmed: Snapchat Hack Not A Hoax, 4.6M Usernames And Numbers Published

Snapchat hack

A site called SnapchatDB.info has saved usernames and phone numbers for 4.6 million accounts and made the information available for download. In a statement to us, SnapchatDB says that it got the information through a recently identified and patched Snapchat exploit and that it is making the data available in an effort to convince the messaging app to beef up its security. We’ve also reached out to Snapchat.

SnapchatDB said:

Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.

We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.

We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.

Earlier we speculated that SnapchatDB might be a hoax meant to call attention to the app’s security issues but, as it turns out, it’s real–at least one member of our editorial team has been affected. A reader also told us he found his own number, that of several friends and Snapchat founder Evan Spiegel in the list. On Hacker News, several people have had trouble downloading the data files (I just got an error message for both of them, but that may be because of high traffic), but a Jailbreak subreddit user who saw the list said that only numbers in some parts of the U.S. have been published so far. If you have not been able to download the list, you can use this site created by developer Robbie Trencheny to see if your username was included.

SnapchatDB said it “censored the last two digits of the phone numbers” in order to “minimize spam and abuse,” but it might still release the unfiltered data, including millions of phone numbers.

The Next Web did a WHOIS lookup on SnapchatDB’s domain and found it was created just yesterday on December 31. The registrant’s name is protected, but its mailing address and contact number are both listed in Panama.

SnapchatDB screenshot 2The site appears to have been created in response to recently identified flaws in Snapchat’s security. Last week, ZDNet published an article on how white-hat Gibson Security researchers had tried to alert Snapchat to ways that hackers would connect usernames to phone numbers for user in stalking, but were ignored. Gibson Security then published the exploit publicly on Christmas Eve.

The firm said that hackers could use two exploits to gain access to users’ personal data, including their real names, usernames and phone numbers, through Snapchat’s Android and iOS API. Snapchat did offer a public statement, but as TechCrunch’s Josh Constine wrote, it wasn’t very satisfactory because it did not offer details on how its countermeasures would work, such as rate limiting, bad IP blocking, or automated systems that scan suspicious activity. Snapchat said:

“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.”

The Gibson Security report and SnapchatDB are both reminders that even in an ephemeral messaging service, it would be a mistake to be lulled into a sense of security about the information that you do have stored with the app. “People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with,” SnapchatDB stated on the site.

Watch the New Year’s Eve Ball Drop Live From Times Square

2014-new-year.jpg

Feed-twFeed-fb

No matter where you’re ringing in the new year, you’ll be able to watch a live stream of the festivities in New York City’s Times Square right here on Mashable or via mobile apps

The commercial-free live stream — which begins at 5:55 p.m. ET and ends after the crystal ball drops at midnight to celebrate the beginning of 2014 — will include musical performances, celebrity interviews and the iconic ball drop atop the One Times Square building. The live stream will also debut footage from The Amazing Spider-Man 2 movie.

Mashable‘s Associate Entertainment Editor Brian Anthony Hernandez will be in Times Square documenting the action live. You can follow him on Twitter, Instagram or Facebook. Read more…

More about Music, Tv, Live Stream, Times Square, and New Years Eve