fbpx
Linda Manly

Linda Manly

While the internet population continues to grow, there has also been an increase in bots as well.

In 2016, approximately 185 million new internet users came online, with the vast majority of these coming from nations like India. This represents a huge increase in the market. However, while the internet population continues to grow, there has also been an increase in bots as well. The word ‘bot’ covers a wide variety of automated programs: while some source data for search engines and help people match their queries with the most appropriate websites, others are not so helpful.

In the past year, bad bots accounted for 19.9 per cent of all website traffic—a 6.98 per cent increase over the same time in 2015. Bad bots interact with applications in the same way a legitimate user would, making them harder to prevent. However, the results are harmful: for example, bad bots can take data from sites without permission while others undertake criminal activities such as ad fraud and account theft.

 

Bots enable high-speed abuse, misuse, and attacks on websites and APIs. They enable attackers, unsavoury competitors and fraudsters to perform a wide array of malicious activities, including web scraping, competitive data mining, personal and financial data harvesting, brute force login and man-in-the-middle attacks, digital ad fraud, spam, transaction fraud, and more.

The bad bot problem has become so rampant it has earned its first piece of US federal legislation. In an attempt to make the use of ticket scraping bots illegal, the US Congress passed the Better Online Ticket Sales Act. Similarly, governments in the UK and Canada are also looking at introducing new laws to stop automated ticket purchasing by bots. While legislation is a welcome deterrent, it’s difficult to legislate against those you can’t identify. Bad bots continue to exist under the radar and they are looking to stay.

What does the data say?

Using our network, we looked for trends in how bots are developing, including hundreds of billions of bad bot requests, anonymised over thousands of domains. As part of this, we focused on bad bot activity at the application layer as these attacks differ from the simple volumetric Distributed Denial of Service attacks that typically grab the headlines. Here are some of our top findings:  

1. Bigger site? Bigger target

Bad bots don’t sleep - they’re everywhere, at all times. But even though bad bots are active on all sites, the larger sites were hit the hardest in 2016. Bad bots accounted for 21.83 per cent of large website web traffic, which saw an increase of 36.43 per cent since last year.

 

Larger sites are generally ranked higher in search engine results because humans rarely look past the first few search engine results. Smaller sites don’t get the same level of SEO traffic uplift so large and medium sites are more enticing targets for bad bots.

2. Bad bots lie

Bad bots must lie about who they are to avoid detection. They do this by reporting their user agent as a web browser or mobile device. In 2016 the majority of bad bots claimed to be the most popular browsers: Chrome, Safari, Internet Explorer, and Firefox. Chrome was at the top spot.

Alongside this, there was also a 42.78 per cent year-over-year increase in bad bots claiming to be mobile browsers. For the first time, mobile Safari made the top five list of self-reported user agents, outranking web Safari by 17 per cent.

3. If you build it, bots will come

When it comes to the attractiveness of a website, bad bots have a type. There are four key website features bad bots look for:

  •  Proprietary content and/or pricing information
  •  A login section
  •  Web forms
  •  Payment processors

In 2016, 97 per cent of sites with proprietary content were hit by unwanted scraping, 96 per cent of websites with login pages were hit by bad bots, 90 per cent of websites were hit by bad bots that bypassed the login page, and 31 per cent of websites with forms were hit by spam bots.

4. The weaponisation of the data centre

Data centres were the weapon of choice for bad bots in 2016, with 60.1 per cent coming from the cloud. Amazon AWS was the top originating ISP for the third year in a row with 16.37 per cent of all bad bot traffic - four times more than the next ISP.

But why use central data centres rather than the traditional ‘zombie’ PC that is part of a botnet, which is more typically used for DDoS attacks? The answer here is that it’s never been easier to build bad bots with open source software or cheaper to launch them from globally distributed networks using the cloud. These data centres can scale up faster and more efficiently for bot attacks on application layers, while steps like masking IP addresses has become easy and essential within bot deployments. This centralised approach is easier to manage when it comes to fraud and account theft campaigns.

5. Out of date? Out of luck

Humans aren’t the only ones falling behind on software updates; it turns out bad bots have the same problem. One in every ten of bad bots said they were using browser versions released before 2013 - some were reporting browser versions released as far back as 1999.

But why are bad bots reporting as out-of-date browsers? Perhaps some were written many years ago and are still at work today. Some may have been targeting specific systems that only accept specific browser versions. Others may be have been out-of-control programs, bouncing around the internet in endless loops, still causing collateral damage.

6. The continuing rise of advanced persistent bots

In 2016, 75 per cent of bad bots were Advanced Persistent Bots (APBs). Today’s advanced persistent bots are more sophisticated as they can load JavaScript, hold onto cookies and load up external resources – this makes them more effective in their attacks. Similarly, bots can carry out obfuscation techniques to randomise the IP address, headers, and user agents associated with their activity. This helps them to hide in the noise of everyday activity.

APBs can carry out highly progressive attacks, such as account-based abuse and transaction fraud, which require multiple steps and deeper penetration into the web application. If you’re using a web application firewall (WAF) and are filtering out known violator user agents and IP addresses, that’s a good start. However, bad bots rotate through IPs and cycle through user agents to evade these WAF filters. You’ll need a way to differentiate humans from bad bots that are using headless browsers, browser automation tools, and man-in-the-browser malware campaigns.

7. Is the USA the bot superpower?

The US has topped the list of bad bot originating countries for the third year in a row. In fact, the US had a larger amount of total bad bot traffic (55.4 per cent) than all other countries combined. The Netherlands generated 11.4 per cent of bad bot traffic and was the next closest country, while China reached the top three for bad bots for the first time. South Korea made the biggest jump, up 14 spots from 2015.

But does over half of all cybercrime really come from US citizens? A spammer bot might originate from a US data centre, but the perpetrator responsible for it could be located anywhere in the world. Thanks to virtual private data centres such as Amazon AWS, cyber crooks can leverage US-based ISPs to carry out their attacks as if they originated inside America and avoid location-based blocking techniques.

What can you do about bots?

As much as they try to hide their activity, there are some results from bad bot attacks that can be noticed. Normally, these results may not be explained within traditional monitoring tools. For example, you can tell significant volumes of bad bot traffic when unexpected spikes in traffic cause slowdowns without a concomitant increase in sales traffic. Another example might be where your site’s search rankings plummet due to content theft and data being scraped. Similarly, you might see poor results from misguided ad spend as a result of skewed analytics.

 

Other pointers to bad bot activity might be that your company sees high numbers of failed login attempts and increased customer complaints regarding account lockouts. Bad bots will leave fake posts, malicious backlinks, and competitor ads in your forums and customer review sections.

In order to filter out bad bots, it’s worth taking the time to learn about the most attractive areas of your website and find out if they are all properly secured against bots. One way to choke off bad bots is to geo-fence your website by blocking users from foreign nations where your company doesn’t do business.

Similarly, it can be worth looking at the audience profile for your customers – is there is a good reason why users would be on browsers that are several years and multiple updates past their release date? If not, having a whitelist policy that imposes browser version age limits stops up to 10 per cent of bad bots. Also consider if all automated programs, even ones that aren’t search engine crawlers or preapproved tools, belong on your site. Consider setting up filters to block all other bots - this can block up to 25 per cent of bad bots.

The best way to deal with bots is to monitor and respond on all your web and mobile traffic in real-time so that you see the next bad bot attack coming and stop it in its tracks. This approach relies on using more intelligence and automation to spot activities – rather than relying on human oversight of analytics logs, security can be maintained through better use of data and machine learning over time.

 

Stephen Singam is MD of Security Research at Distil Networks 
Image source: Shutterstock/Toria

This article was  published in itproportal.com by Stephen Singam

Believe it or not, there are parts of the internet that Google can’t reach.

The dark web is made up of websites hidden from search engines that can only be accessed using special software.

The dark web is used by many people for different things but it’s infamously used by criminals to hide illegal activity online.

So what exactly is the dark web, where did it come from and how does it work?

What is the dark web?

The internet is actually made up of three different layers: the surface web, the deep web, and the dark web.

The top layer, the surface web, are web pages that show up using search engines such as Google – like The Sun’s website.

 

The deep web are web pages that search engines can’t access and are therefore hidden, accessed via passwords and authorization. Any time you log into an account you’re accessing deep web content that won’t show up on a search engine. For example, work intranets, password-protected areas of online banking, and draft blog posts are all stored on the deep web.

This means that if someone was to Google your name, your banking information or Amazon wishlist won’t show up in the results.

The dark web is a network of untraceable online activity and websites on the internet. They cannot be found using search engines and to access them you need to use specific software, configurations or have authorization. They are used by lots of different people to keep their web activity hidden.

Just like the forest, the dark web hides things well – it hides actions and it hides identities.

Where did the dark web come from?

The dark web was actually created by the US government to allow spies to exchange information completely anonymously.

US military researchers developed the technology, known as Tor (The Onion Router) in the mid-1990s and released it into the public domain for everyone to use.

The reason was so that they could stay anonymous – it would be harder to distinguish the government’s messages between spies if thousands of other people were using the same system for lots of different things. Tor now hosts roughly 30,000 hidden sites.

It’s called The Onion Router because it uses the technique of onion routing – making websites anonymous through layers of encryption.

Most websites are also hosted on the .onion domain.

How does the dark web work?

Shutterstock

The best explanation so far has been published by Daniel Prince, Associate Director Security at Lancaster University, on The Conversation.

Prince says: “So just for a minute imagine that the whole internet is a forest – a vast expanse of luscious green as far as the eye can see. And in the forest are well-worn paths – to get from A to B.”

 

“Think of these paths as popular search engines – like Google – allowing you as the user the option to essentially see the wood from the trees and be connected. But away from these paths – and away from Google – the trees of the forest mask your vision.”

“Off the paths, it is almost impossible to find anything – unless you know what you’re looking for – so it feels a bit like a treasure hunt. Because really the only way to find anything in this vast forest is to be told where to look.”

“This is how the dark web works – and it is essentially the name given to all the hidden places on the internet.”

“Just like the forest, the dark web hides things well – it hides actions and it hides identities. The dark web also prevents people from knowing who you are, what you are doing and where you are doing it.”

Who uses the dark web and why?

The dark web is used by all sorts of people for all sorts of reasons – but it’s not surprising that it’s used for illegal activity.

A study by the University of Portsmouth in 2014 found that the most wanted type of content on Tor was child porn, followed by black markets for goods such as drugs, personal details, and even guns.

Shutterstock

This type of site is regularly busted by police, who compromise them by distributing viruses and malware to users.

The dark web is also used for hiding online activity related to finance, extremism, arms, hacking, abuse and fraud.

However, for others, the dark web has positive uses. For example, it can be used to avoid a national firewall, such as China, where users are normally blocked from accessing hidden sites.

 

It can also be used as a tool for whistleblowing – infamous website WikiLeaks is hosted on the dark web, allowing whistleblowers to anonymously upload classified information to the press.

Do police ever catch people using the dark web?

Yes – although using the dark web makes it easier to evade detection, governments around the world are working to index, sort, and catalog the dark web as well as monitor it as much as they can. The UK government has a dedicated cybercrime unit to tackle the dark web with a focus on taking down serious crime rings and child porn.

Just earlier this year police caught Richard Huckle ‘Britain’s worst-ever pedophile’ by secretly taking over a dark website dedicated to child abuse.

The online network was made up of over 45,000 people who swapped sickening videos and images of children on a dark-web forum which was only accessible through a specially encrypted browser.

Another takedown, called Operation Onymous, involved seventeen different countries, coordinated by Europol and the FBI, which revealed over 400 “hidden services.”

The operation led to hundreds of pounds worth of Bitcoin being seized and 17 arrests – but only one person was identified and taken into custody.

Who is Ross Ulbricht?

One of Ross Ulbricht’s supporters stands outside a federal courthouse in Manhattan on the first day of his trial in 2015.Getty Images

 

Ross Ulbricht was the man behind Silk Road, the internet’s biggest market for illegal drugs – which was hosted on the dark web.

A courtroom sketch of Ross UlbrichtAP

Silk Road was reportedly worth $34.5 million and had nearly one million anonymous customers. On Silk Road, you could buy drugs, services (such as hacking into Facebook accounts), pirated content, fakes passports and more. You could even check the reviews and star ratings of each dealer left by other customers.

Ulbricht was caught by the FBI in 2013, who shut down Silk Road and convicted him of money laundering, computer hacking, conspiracy to traffic fraudulent identity documents and conspiracy to traffic narcotics in February 2015. He was sentenced to life in prison.

Ulbricht will also be tried for procuring murder – FBI indictments claimed he ordered two hitmen to kill people he thought would expose the identity of his clients.

Source : nypost.com

Some perfectly authentic looking web addresses are not what they seem and not all browsers are taking the problem seriously

Here’s a challenge for you: you click on a link in your email, and find yourself at the website https://аррӏе.com. Your browser shows the green padlock icon, confirming it’s a secure connection; and it says “Secure” next to it, for added reassurance. And yet, you’ve been phished. Do you know how?

The answer is in that URL. It may look like it reads “apple”, but that’s actually a bunch of Cyrillic characters: A, Er, Er, Palochka, Ie. The security certificate is real enough, but all it confirms is that you have a secure connection to аррӏе.com – which tells you nothing about whether you’re connected to a legitimate site or not.

 

The proof-of-concept domain was put together by Xudong Zheng, a security researcher who wanted to demonstrate the problem with the way domain names can be registered and displayed. For a long time, domain names could only be written in Latin characters without diacritics, but since 1998 it’s actually been possible to write them in other alphabets too. That’s useful if you want to register a domain name in Chinese or Arabic script, or even just correctly spelled French or German – anything that can be represented with the Unicode standard can be registered, even emoji – but it’s also opened up a whole new avenue of misdirection for malicious actors to take advantage of, by finding characters in other alphabets which look similar to Latin ones.

“From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters,” Zheng writes. “It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘аpple.com’. It may not be obvious at first glance, but ‘аpple.com’ uses the Cyrillic ‘а’ (U+0430) rather than the ASCII “a” (U+0041). This is known as a homograph attack.”

Some browsers will keep an eye out for such tricks, and display the underlying domain name if they sense mischief. A common approach is to reject any domain name containing multiple alphabets. But that doesn’t work if the whole thing is written in the same alphabet.

Apple’s Safari and Microsoft’s Edge both still spot that Zheng’s spoof domain is a fraud, but Google Chrome and Mozilla Firefox don’t, instead displaying the Cyrillic domain name. And though it may be obvious in the Guardian’s font that something’s up, the sans serif typeface used as standard by those browsers leave the two indistinguishable.

Zheng says: “This bug was reported to Chrome and Firefox on January 20, 2017…The Chrome team has since decided to include the fix in Chrome 58, which should be available around April 25.” Mozilla, however, declined to fix it, arguing that it’s Apple’s problem to solve: “it is sadly the responsibility of domain owners to check for whole-script homographs and register them”. Google didn’t comment beyond referring to Zheng’s blogpost, and Mozilla didn’t comment at publication time but a spokesperson later said: “We continue to investigate ways to further address visual spoofing attacks, which are complex to fix with technology just in the browser alone.”

Itsik Mantin, director of security research at Imperva, said that common advice to web users falls down when such simple attacks work. “In order to protect website users, forcing them to use strong passwords and to replace them frequently is insufficient, since in this case it would be completely ineffective to prevent the attack.

Instead, he said, a better approach begins by assuming that phishing attacks will succeed: “Site administrators should assume that the credentials of some of their users were stolen (which in almost 100% of the cases will be true), and take adequate measures to identify account takeover, like irregular device, irregular geo-location or abnormal activity in the account.”

Zheng himself offers advice to users: use a password manager, and try and spot phishing attacks before you click on any links. “In general, users must be very careful and pay attention to the URL when entering personal information. Until this is fixed, users should manually type the URL or navigate to the site via a search engine when in doubt.”

Source : theguardian.com

Google will expand the use of "fact check" tags in its search results — the tech industry's latest effort to combat false and misleading news stories.

People who search for a topic in Google's main search engine or the Google News section will see a conclusion such as "mostly true" or "false" next to stories that have been fact checked.

Google has been working with more than 100 news organizations and fact-checking groups , including The Associated Press, the BBC and NPR. Their conclusions will appear in search results as long as they meet certain formatting criteria for automation.

Google said only a few of those organizations, including PolitiFact and Snopes.com, have already met those requirements; The Washington Post also says it complies. Google said it expects the ranks of compliant organizations to grow following Friday's announcement.

 

Not all news stories will be fact checked. Multiple organizations may reach different conclusions; Google will show those separately.

Still unanswered is whether these fact-check analyses will sway people who are already prone to believe false reports because they confirm preconceived notions.

Glenn Kessler, who writes "The Fact Checker" column at The Washington Post, said in an email that Google's efforts should at least "make it easier for people around the world to obtain information that counters the spin by politicians and political advocacy groups, as well as purveyors of 'fake news.'"

He added that "over time, I expect that people increasingly will want to read a fact-check on a controversial issue or statement, even if the report conflicts with their political leanings."

Google started offering fact check tags in the U.S. and the U.K. in October and expanded the program to a handful of other countries in the subsequent months. Now the program is open to the rest of the world and to all languages.

False news and misinformation, often masquerading as trustworthy news that spreads on social media, has gained attention since the 2016 U.S. presidential election.

Google's announcement comes a day after Facebook launched a resource to help users spot false news and misleading information that spreads on its service. The resource is basically a notification that pops up for a few days. Clicking on it takes people to tips and other information on how to spot false news and what to do about it.

Source : abcnews.go.com

Dr. Therese Huston (Photo by Kayleigh McCullom)

Part of the series “Today’s True Leadership

In my work as a leadership trainer and a career success coach for women over 11 years, it’s become abundantly clear that the quality of one’s decision-making is not only a critical factor in her professional success and impact, but also reflects a wide range of influences that we’re typically unaware of, including core values, internal preferences, societal influences, social abilities, cultural training, neurobiology, comfort with authority and power, and much more.

To learn more about decision-making in general, and key differences between the way men and women make decisions in particular, I asked Dr. Therese Huston to share her insights. Therese was the founding director of what is now the Center for Faculty Development at Seattle University and has spent the past fifteen years helping smart people make better decisions. She has written for theNew York Times NYT +0.00% and Harvard Business Review, and her first book,Teaching What You Don’t Know, was published by Harvard University Press. Her current book How Women Decide: What’s True, What’s Not, and What Strategies Spark the Best Choices “pries open” stereotypes about women’s decision-making and serves as an authoritative guide to help women navigate the workplace and their everyday life with greater success and impact.

Kathy Caprino: Therese, how do men and women show very different behaviors when they’re making decisions under stress?

 

Therese HustonA far too common perception is that when women are stressed, they become emotional and fall apart , but when men are stressed, they remain calm and clear-headed. If you subscribe to either of these beliefs, you’re probably going to turn to men, not women, when the pressure is on and an important decision needs to be made.

Neuroscientists are finding both of these popular notions are wrong.

First, men aren’t as steady as it seems. Mara Mather, a cognitive neuroscientist at the University of Southern California, and Ruud van den Bos, a neurobiologist at Radboud University in the Netherlands, independently found that when people are under stress, men become more eager to take risks. They’ve found that men become laser-focused on rewards when their heart rates and cortisol levels run high, even if that reward has only a tiny chance of materializing. When the pressure is on and there’s the glimmer of a highly rewarding outcome, men take gambles, more and bigger gambles than they would ordinarily choose.

Do women under duress feel as tempted? Usually not. Put most women in the same stressful situation, bump up their cortisol levels and ask them to make the same decision, and you’ll see something rather different. Their heads swivel to the risks. Mather and van den Bos found when women’s bodies were undergoing a strong stress reaction, they took more time weighing the contingencies and were more interested in smaller rewards they could count on. Rather than falling apart, women bring unique strengths to decision-making. Women tend to become risk-alert under stress and go for the smaller wins that are more guaranteed.

Is one strategy better than the other? It is better to be risk-hungry or risk-alert? You could argue either way, but this provides a new reason to have both men and women at the top level when high-stakes decisions are being made. We need both genders in the room to balance one another out when tensions are running high.

Caprino: In your book, you talk about a phenomenon you call the “dogsled problem” around women’s leadership and decision-making. What is it, and why does it matter?

Huston: I love that phrase. One of the women I interviewed used it to describe what she sees happening in business and law, even in the art world. She likens the division of decision-making in the professional world to dogsled racing. She believes that women are welcome to make all of the behind-the-scenes decisions in an organization to ensure the team makes it to the starting line. Women can assemble the team, work out disagreements among team members who are nipping at one another, decide who needs more training and who has to pull more weight.

But on race day, when the cameras and spectators show up, she said, it's men who take the reins, not the women who orchestrated everything.

And that’s a problem because everyone expects men to make the visible, crucial decisions that win the race. We’ve become accustomed to giving men, not women, the credit. Research shows that when a group solves a problem successfully and it’s ambiguous who deserves credit for the key contribution, both men and women typically assume it was a man who played a key leadership role.

Some organizations are criticized for being “boys’ clubs,” and that’s certainly a problem, but if those boys’ clubs respond by only putting women in support roles, it’s still a problem. We need to stop seeing women as people who merely get the team to the starting line. We need to start seeing them as leaders on race day.

Caprino: Some believe that the strength of women’s decisions lies in “women’s intuition.” What reservations do you have about that phrase?

Huston: Research suggests that women don’t rely on intuition more often than men. When most people say, “women’s intuition,” they’re suggesting that women make their decisions based on some inexplicable feelings, on some inner hunch.

But research shows that women are just as data-driven and analytical as men, if not more so. In a sample of 32 studies that looked at how men and women thought about a problem or made a decision, 12 of the studies found that women adopted an analytical approach more often than men, meaning that women systematically turned to the data, while men were more inclined to go with their gut, hunches, or intuitive reactions. The other 20 studies? They found no difference between men and women’s thinking styles. Not a single study, not one, found that women tended to be more intuitive in their decision-making styles.

So a strength women bring to decision-making is their analytical perseverance and perspicacity. But as my interviewees often explained, they often started with a hunch and followed up on it with careful research.

Is the phrase “women’s analysis” going to catch on? Probably not. Perhaps one of our readers can come up with something better.

Caprino: Why does decision-making advice for men often backfire for women?

Huston: Brilliant books have been published on decision-making, books that I love because they explore clever research and reveal fascinating truths.

But some of practical advice in these books is great for men and terrible for women. Consider these recommendations, both taken from best-sellers: “Whenever possible, get everyone to agree on a decision,” or “Take more time to consider a fuller array of options.” These are valuable pieces of advice if your problem is that you’re overconfident in your own assessment of the situation, if you tend to leap before you look. But overconfidence plagues men more often than it plagues women.

 

How does this kind of advice backfire for women? When a male executive adopts these strategies, it might look refreshing, but it doesn’t come off that way by a female in the same role. Women are already seen as being too collaborative and insufficiently decisive. A Pew study in 2015 found that of the three qualities valued most in leaders – honesty, intelligence, and decisiveness – people thought men had the biggest lead over women in decisiveness. Respondents agreed that men and women were equally intelligent, but many thought men appeared more decisive. So if a woman in the C-suite says, “Let’s not decide until everyone is on board,” it will be taken as confirming evidence she’s dragging her feet.

Caprino: How do women tend to raise the collective intelligence of a group that’s trying to solve a problem?

Huston: This is a fascinating line of research, led by Anita Williams Woolley at Carnegie Mellon University. Woolley looked at something called the “c factor” or collective intelligence of a group. She and her colleagues gave teams challenging problems to solve, such as how to allocate resources or solve a fuzzy moral quandary, the kinds of problems many of us face at work. Then the researchers scored the solutions the groups generated.

A group’s collective intelligence wasn’t predicted by the average intelligence of its group members, and it wasn’t driven by the IQ of the team’s smartest member. Woolley and her colleagues found that the single most important factor predicting a group’s collective intelligence was its social sensitivity . Teams that generated the best solutions to problems had members who could successfully read the non-verbal cues of their teammates. When a team made a complex decision, it benefited from people who were tuned in to group dynamics as well as the pros and cons of each option on the table.

How does this relate to gender? Women tend to have higher social sensitivity than men. And several researchers have found that teams with a higher proportion of women often reach better decisions and generate more novel solutions. There is a caveat here – if you add women to a group and their input is ignored, they can be the most empathic employees in the company and they won’t have an impact.

Can men read non-verbal cues? Absolutely. It’s a learned skill, not a skill that women are born with. Studies show that if men are sufficiently motivated, their social sensitivity scores are high. There’s also the issue of how much power one possesses in a meeting. Reading other people’s emotions is a skill that subordinates are more likely to demonstrate than supervisors.

The reasons why women have greater social sensitivity is complex, but if you want to make a team smarter, add women and genuinely listen to them.

 

Caprino: Why is it critical that we change how we think about women as decision-makers?

Huston: There’s growing evidence that when women occupy multiple leadership roles, smarter decisions are made. In February, the Peterson Institute analyzed the profits of 21,980 firms worldwide and found that companies where women held 30% of the top leadership roles earned 15% more, on average, than companies with no women on their boards or in their C-suites. With more female senior leaders, they found superior firm performance.

To be clear, the Peterson Institute didn’t find that having a female CEO led to greater profits. What predicted success was having multiple female leaders, not just one, in the top decision-making roles.

And, of course, it’s hard to know which came first. Are market-savvy companies doing everything right, including promoting women, or does the decision-making dynamic change once several women are genuinely included? The former might be true, but converging evidence also suggests the latter.

We need more women on crucial decision-making teams, not only because it’s better for women. We need more women because it’s better for our decisions.

For more information, visit ThereseHustonAuthor.com

 

To build your leadership capability and experience, visit KathyCaprino.com and my weekly podcast Best Work/Best Life.

Source : forbes.com

Rolling out today on Google's search app and mobile site, the shortcuts offer quick answers on weather, sports & entertainment info.

Starting today, Google is rolling out “tappable shortcuts” in the US, making it possible to find information on the weather, sports, food and entertainment via a quick tap on the home screen of its search app or mobile site.

The shortcuts eliminate the need to search, providing quick answers around sports scores, nearby restaurants, up-to-the minute weather updates and entertainment information, like TV schedules or who won the Oscar for best supporting actress.

“The Google search box is great when you’re looking for a specific answer, but there are also moments when you just want to catch up on the latest for topics of interest,” writes Google’s vice president of product manager, Tamar Yehoshua, on the Google Search Blog.

 

According to the announcement, Google says Android users will have access to even more shortcuts, including translation tools, nearby attractions, travel info, a currency converter, games and more.

The Google Search blog shared the following video to give an overview of how the shortcuts work:

With the rollout happening today, Google says search app users will need to have the most updated version of its app to have access to the shortcuts.

Source : searchengineland.com

It seems that the number of scams spreading through the messaging app WhatsApp keeps on increasing, with deceptive campaigns coming up with with novel ways of luring in victims. Today we will show you a new example of this.

This particular WhatsApp scam promises users a free internet service, without needing to use Wi-Fi. Despite being complete nonsense from a technical point of view, the offer may nevertheless appear tempting to those unaware of the realities. And it’s also selling something pretty amazing …

 

Imagine being able to navigate with your smartphone wherever you are, without mobile data from your carrier or a Wi-Fi network. Who wouldn’t like that while on holiday abroad? It’s like magic … because it’s not real. Clicking on this scam won’t change that.

The decoy

As usual, the message spreads via WhatsApp groups or comes from a friend who “recommends” the service – often unaware of it. In this case, you receive a special invitation with a link:

1-whatsapp-free-internet

Once you click on the link, the page will detect the device’s language and show the following images, with the intention of making the scheme credible and leading the victim to share the content with at least 13 people. Thus, the scam keeps spreading:

2-whatsapp-scam-spreading

On the bottom of the screenshot you can see some comments from people who supposedly tried the service, stating that it works. This is a ruse. Clearly these messages and the profiles associated with them are fake – they aren’t on Facebook at all, so this is all part of the fraud.

 

As you can see in the image below, the scam can also be seen in Spanish (you will be automatically redirected to their default language depending on their browser settings). All of this goes on without you even noticing:

3-whatsapp-scam-spanish

This behavior is widely used nowadays, mostly because it allows cybercriminals to create different scams using the same pattern, in order to make them credible for users in multiple countries. This way, they don’t depend on a single country or language and they can target different nationalities all at once.

What happens after you share?

Having overcome the barrier of sharing, unwary users looking for free internet end up on sites where different actions may occur, ranging from subscription to premium and costly SMS services, to installation of third party apps, always with the goal of granting an economic return to the scammer.

Unfortunately, victims will only see offers, but no trace of free internet.

Tips to avoid falling in these campaigns

We have to keep in mind that education and security solutions are still the main tools users need to be safe online. Awareness about these scams should become viral faster than the scams themselves; however, we keep seeing an alarming rate of propagation.

If you know a victim, you can help by alerting their contacts to avoid hitting sour note. In case you want to report the fraud, you can flag it in your browser as is usually done in phishing campaigns.

Source : welivesecurity.com

Austin—At a time of fake news and “alternative facts,” it makes sense that a tech entrepreneur would try to find a way to innovate to ensure our encounters on the Internet are real.

Chris Ciabarra, co-founder and CTO of Authenticated Reality, says the startup’s new browser—one that would require users to prove they are who they say they are—is the right way to mend what’s wrong with the Internet. With his product, “everyone knows who everybody is,” he says. “When you do something, you’re putting your reputation behind it.”

Authenticated Reality’s browser, which launches a beta today, works like this: Users sign up for an account on the startup’s website, then scan their driver’s license, and take a photo in order to be authenticated and registered. On approval, the user can download Authenticated Reality’s browser onto their device and surf the Internet as usual. Users can also rate and comment on each Web page through a pop-up sidebar, which further holds people accountable, Ciabarra says.

 

Ciabarra says the startup’s browser “sits on top” of the Internet, which creates what he calls “The New Internet.” “Others are doing this on a site-by-site basis,” he says. “We’re giving this feature for the entire Internet.”

Users must be over 17 years of age with a valid driver’s license. Passports can be used but they require a manual check that takes about 10 minutes, Ciabarra says. If the passport is deemed invalid, the user would be kicked off the browser. (To sign up, click here.) Eventually, the company says an app will be available for purchase for an annual fee of $19.99 per user for personal accounts and $99.99 for each business account.

Jon von Tetzchner, who led browser development at Opera Software (a company he founded in 1995), says he understands the impulse to create a browser like Authenticated Reality. When I asked him for his thoughts about the product, he said the key in developing a product like this is to avoid solutions that are worse than the problem you are trying to solve.

“We have seen the misuse of these fantastic tools that we’ve built, but do we want to go to a system where everything is monitored?” asks von Tetzchner.

 

Angel investor and former PayPal Media Networks COO David Chang says authentication is an area of increasing interest, and opportunity. He points to a startup called Confirm.io, which last year raised $4 million to support a private beta test of its software, which is designed to integrate with mobile and Web apps and help authenticate users’ identities. (Chang is also not involved with Authenticated Reality.)

For example, Confirm.io’s technology is being used in Austin during the TNC driver background check for ride-hailing services such as Arcade City and Get Me, according to the Austin Business Journal. Chang says these types of technologies typically have great value in specific communities, like those pertaining to healthcare or finance—as opposed to the Internet broadly. Also, he says one challenge at the start for companies like Authenticated Reality is simply getting a critical mass of people to sign up.

Prior to starting Authenticated Reality, Ciabarra was the co-founder and CTO of Revel Systems, a San Francisco maker of point-of-sale software that raised $130 million. He and his co-founder were dismissed last week and the company taken over by one of its major investors, according to a BuzzFeed News report.

Ciabarra says one Revel investor has provided Authenticated Reality a seed round of funding and that the startup is in the process of raising a Series A investment. He declined to provide specific amounts.

“The users want this,” Ciabarra says. “I want to get every single person in the world on this platform.”

Source : xconomy.com

In July the China Internet Information Network Center (CNNIC) published its bi-annualreport into the state of the internet in China (report in Chinese).

The report is a good guide into the browsing behaviour of netizens, the common phrase used to describe Chinese internet users.

The report is based on surveys sampling 30,000 Chinese residents older than six, from all of China’s administrative regions.

In this article, I’m going to examine the implications of the report and use the findings to help guide B2B marketers to understand the search engine market in China.

 

For more on this topic read Econsultancy's other posts on seven on-page SEO tips for Baidu, or download the Baidu Search Best Practice Guide.

Chinese internet users

As of June 2014 the number of Chinese netizens went up from 618m to 632m, a 2% increase from December 2013. The internet penetration rate in China now stands at 46.9%, well below the rate in America and Europe.

Mobile netizens increased by 5% to 527m. The number of Chinese web users who use a mobile device to connect to the internet increased by 2.4%.

Chinese web users also cemented their reputation as heavy users of the internet by spending an average of 26 hours online. This is an increase of around one hour compared to six months ago.

In fact, when compared to a year ago the increase in time spent online is around four hours. Between June 2012 and June 2013 the increase was closer to two hours.

To all intents and purposes the internet population in China is growing at a steady rate. Internet usage is on a steady upward trend too. 

The question that always interests me, though, is what do Chinese netizens do when they go online?

Chinese search engines

One thing Chinese internet users do is use search engines to find information, products and services on the web.

In the six months from December 2013, Chinese search engine use rose from 490m to 507m people. On mobile 406m people used a search engine, up from 365m people in December 2013.

There are five well-known search engines in China: Baidu (百度), 360 Search (360搜索), Soso (搜搜), Sogou (搜狗搜索) and Youdao (有道). The former two make up around 84% of the market share.

 

A search for 'Burberry' on Baidu

In January 2013 Baidu (baidu.com) held 72% of the search engine market in China and Qihoo’s 360 Search (so.com) had 11%. By January 2014 things had changed significantly. 

Baidu’s market share had dropped to 58%, while Qihoo’s had increased to 25% matching exactly the amount of market share that Baidu lost.

What has come out of this is the fact that Baidu and 360 Search are the undisputed market leaders of online search in China, in both users and market share.

Baidu and Qihoo

Qihoo’s rapid expansion of its market share and users has seen its revenues increase and marketers are seeing potential there. In the first three months of 2014 Qihoo 360 rang up US$265.1m in revenue, a 141.3% increase from Q1 2013.

By comparison, Baidu generated US$1.53bn during this same period. These numbers don’t suggest that 360 Search now holds 25% of the paid search market. But 360 Search’s rapid growth has got marketers in China interested nonetheless.

Qihoo has grown its search engine from nothing to 25% market share in the space of two years. It has a 5% larger audience than it had a year ago. Netizens using its PC browsers rose by 2% compared to last year.

Qihoo 360 is China’s leading internet browser and security software suite. Monthly active users of its PC-based products and services have clocked in at a huge 479m people.

A search for 'Burberry' on 360 Search (so.com)

It is the mainland's fastest-growing online search service and undisputed number one internet security provider.

On the other hand, Baidu is the basis of comparison for all other search engines in China. It has the highest usage of all the other search engines on the market. In Q1 2014 keyword advertising was still the top priority of Chinese advertisers.

In 2013 keyword advertising and contextual advertising brought the primary revenue in the Chinese search engine market. Search engine advertising revenue, namely revenue from keyword ads and display ads, accounted for 87.8% of the total revenues of search engines.

 


According to iResearch keyword advertising revenue took up 74.1% of the Chinese search engine market. Revenue from display ads of advertising alliance and navigation ads accounted for 13.7% and 4.5% respectively.

Why use Baidu and 360 Search?

One reason that so.com is becoming popular for paid advertising in China is because it tends to have a lower cost per click (CPC) than Baidu in many industries. Conversion rates on 360 Search tend to be lower for comparable projects though.

In the long term I’d suggest that conversion rates on so.com will improve. This is particularly true for businesses that face less competition in their niche who are likely to find a lower CPC on 360 Search.

Users and marketers know what they get from Baidu and therefore conversion rates are higher. People use what they trust, but as the market is shifting so are user’s perceptions.

But from a digital marketing point of view Baidu is still best. It is constantly updated and therefore is always ahead of the game.

Baidu has a very good desktop editor and good security and click-fraud protection. It also has a very useful remarketing functionality built into its display network. There are 600,000 websites that partner with Baidu to display banner ads.

Baidu is China’s most popular search engine and this will be the case for a while to come. But the market is slowly shifting and savvy marketers are looking at ways to leverage the new players on the market.

Final thoughts

So.com is now accounting for a quarter of all internet queries in China. In August 2014 the usage rate of so.com was 29%.

Qihoo has managed to build a captive audience for its portal, browser, and security software. This captive audience has helped drive users to its search engine, so.com. 

So far, 2014 has seen 360 Search drive up revenues from paid search advertising. There is still plenty of room for both Baidu and Qihoo 360 to co-exist in China’s paid search marketing space.

If Qihoo’s revenues increase in line with its increase in market share and users, then 360 Search will start to become a very popular platform for advertising. It’s for this reason that marketers in China have been attracted to using 360 Search for paid advertising.

What will emerge in the near future is a clearer understanding of which platform has a better conversion rate for certain industries. Also, it will be easier to compare cost per click statistics for both search engines once 360 Search is more widely used for paid search marketing.

Do you use either Baidu or 360 Search for paid advertising? If you have any questions please leave a comment. I’d also love to hear your thoughts.

Author : Misha Maruma
Source : econsultancy.com

Saturday, 01 April 2017 17:38

11 reasons why Android is winning

You know the smartphone has supplanted every other consumer technology when all anyone really wants in a car now is a “smartphone on wheels.” In a world where most smartphone users have Android-based models, Google is aiming to reach the next billion users coming online — with Android as the nexus of activity.

Whether it’s as a Google Home oracle/assistant, Android Auto smart car integration, TensorFlow machine learning or DayDream virtual reality, the Internet search behemoth now aims to become the search engine for your life. Add to that a serious focus on developer tooling and solutions such as Firebase and Android Studio 2.3, and it’s clear that Google is ramping its current ubiquity up to a whole new level. Here are 11 reasons why Android isn’t just for phones anymore.

  1. College students learn it

“We’re finally seeing a moment in technology where a ground swell of students are graduating from college have been trained on Android—thanks mostly to its open-source nature. As a result, the industry at large is now more well-suited to do high-quality Android development,” said David Evans, CTO of Uncorked Studios and a former instructor in mobile development at the University of Pittsburgh.

 

“While the iPhone is still the fashion mobile device, what you’re seeing is that the development tide is turning toward Android. Google has been doing a great job with focusing their platform and developers on this, and taking it as seriously as their developer community is taking it,” he said.

  1. Device makers like it

Previous to launching Bugsee, a “black box” tool for debugging Android apps, CEO Alex Fishman helped design a smart camera at Lytro (which exited consumer photography in 2016 and now focuses on virtual reality).

“We built it with Android because it was a phenomenally powerful OS, far better than anything else out there. We were also constrained because Lytro was running on a Qualcomm solution. If Qualcomm agrees to sell you their chips, which is a big ‘if’, their software stack requires Android. If you take a Qualcomm solution, then say, ‘Let’s go to Taiwan to build this IoT device,’ they’ll say, ‘Our engineers are only trained in Qualcomm with Android.’ If you are trying to build a specialty device, Android is almost the de facto standard,” Fishman said.

 

  1. Branded mobile wallets are possible

Google has been banging the drum about Android Pay (formerly Google Wallet) for developers. The Android Pay API provides Java methods for the Android Pay buy button, encrypted shipping and payment, user information and making transactions. However, some find that this isn’t sufficiently flexible for their needs. Luckily for them (and, arguably, for hackers), Android’s open model offers another option.

“We at Fiserv want to build bank-branded mobile wallets. None of the three proprietary solutions — Apple Pay, Android Pay and Samsung Pay — have an open API at moment. All are branded by the parent company, and the APIs are pretty minimal. We don’t like that fact,” said Scott Hess, vice president of user experience, consulting and innovation, at Fiserv in Portland, OR.

 

The solution? While Apple keeps credit card information in a secure element that only the operating system can get at, “Android has Host Card Emulation, which gives developers who are certified the ability to store things on the device and leverage them to do mobile point-of-sale transactions. We’re actively exploring building HCE mobile wallets for domestic and international partners,” he said, noting that mobile payments are quite common in the UK, Australia and New Zealand, where Fiserv, a leading financial technology company, is partially based.

  1. Google Home shows promise

As creepy as the commercial for Google Home shown at last year’s I/O conference was, it’s undeniable that consumers have gotten comfortable speaking the words “OK Google” to their devices. This technology is unlikely to die an ignominious, Google Glass-style death — but it could herald the end of the nuclear family. Kidding aside, it’s a promising interface for finance, according to Fiserv: “We’re doing investigation around home banking using Google’s equivalent of Amazon Echo. You’d speak into Google Home and get your balance, for example. It’s based on Chrome OS, but it’s a similar development environment to Android phone,” Hess said.

  1. Machine learning works with it

Where Google Home could really shine is in the company’s machine learning leadership. Now, Google has open-sourced its newest machine learning library, TensorFlow, which can run on mobile. The TensorFlow repo on GitHub contains Android examples demonstrating how an app can use the camera to identify objects, among other tasks.

  1. Automakers have embraced it

With the exception of Toyota, which has invested years in refining its clunky in-car navigation system and tying it to specific vehicle functions like door locks and lights, most car manufacturers are finally willing to accept Google’s market leadership with Android Auto. Now that consumers increasingly want their cars to act like giant versions of the smartphones they’ve grown addicted to, Android has an enviable position. Further, Google’s testing in this space is admirable. Finally, there’s the company’s foresight in mapping and autonomous driving technology. All these together mean Android Auto, launched in 2014 with the Open Auto Alliance, is a powerful turnkey opportunity for developers.

But so long as people are driving themselves, apps will continue to be a major distraction, creating cognitive load and increasing risk to the driver, passengers and other cars. It’s critical that Android create a new driving framework to diminish the addictive distractions and interactions that are otherwise cornerstones of smartphone app development.

At Google I/O 2016, Jeff Bush, engineering manager on the Android Auto team, promised that Android Auto would soon get Waze, OK Google and wireless capability. But the canniest thing Google has done is allow Android Auto to function as a smartphone app for older cars.

In a market that’s likely more vigorous than wearables, Android Auto will let developers participate in a new ecosystem — without causing accidents. There are different rules, of course: One requirement is that apps for Android Auto work seamlessly with input from capacitive touch screens, resistive touch screens and rotary controls.

  1. Virtual reality is trending

While from the outside, the goggles look like a health and safety risk, there’s no arguing that the world of VR is intoxicating once your eyeballs can soak it in. Developed for Nougat, the seventh big iteration of Android mobile OS, Daydream is a VR platform with both hardware and software specs. Google has taken care to design an seamless, immersive experience from the moment the goggles are on: The home screen is itself VR, setting the stage for selecting games or apps using a handheld 3D controller.

 

  1. Hackers love it

The bad news about Android? It remains a growing vector for malware and malicious activity. The good news is, as with most software security issues, much protective technology is there, and developers — and consumers — just have to use it. The biggest protections come from better coding practices and layered security protocols, which are increasingly available at the device level.

“A lot of the biggest banks, as well as big tech shops like us in banking, are acknowledging that people are getting tired of passwords. No level of password is enough. That’s why we’re looking at at biometrics: fingerprints or facial recognition. We’re also leveraging geolocation — where the user would be doing mobile banking. And we’re leveraging partner technologies to check the device to know if has been rooted or if it has malware on it. Those layered security tools are in production and universal today,” said Hess.

  1. Native user experience is a must

Google continues to make ground-breaking strides towards unified web experiences, be it via progressive web apps or instant apps. Both of these techniques, while promising, are still in early days.

 

“We at one point were trying to minimize development effort by using non-native, hybrid apps. We were using Phonegap. We found that end users could see the difference between native and non-native — buttons go in different places, design patterns differ, you get bad ratings. We moved back to mostly native to get a better user experience. Maybe the approach going forward is, for the features I only use once a year, like changing my address, those may be ok to do in a hybrid or progressive web app fashion.”

“We looked at progressive web apps. While it does promise to reduce development efforts, I wouldn’t redirect efforts to it yet. Also, the app stores started saying, ‘If you use too much HTML in your app, we’re going to start rejecting it.’ They never said how much HTML that was,” Hess said.

  1. The tools are improving

“In the Android space, the device manufacturers are all over the place. We have 2000 banks and credit unions running our mobile banking platform, so we do 6000 Android releases a year, certifying all the phones, versions and operating systems,” said Hess.

With that complexity showing no signs of diminishing, it’s critical that development environments rise to the challenge. Built on IntelliJ, an open source Java IDE, Android Studio does advanced code completion, refactoring and code analysis. Android Studio 2.3 added improvements such as Instant Run, layout editor changes, WebP image format support, App Links Assistant and lint baseline mode. Google boasted at last year’s I/O conference that 92% of the top 125 Android games use Android Developer. But there are other efforts afoot to give Google a Microsoft-like developer stack, with Firebase.

  1. Cloud platforms run on it

Described at Google I/O 2016 as “the most comprehensive developer update we have ever made,” the aquisition and expansion of the Firebase backend-as-a-service into a unified app platform for Android, iOS and mobile web development could turn into something great — though not everyone is blown away by the new platform.

“There are a lot of competitors to Firebase. At the show floor at GDC [Game Developer Conference], there were a lot of people launching platforms for doing these things,” said Patric Palm, CEO of Swedish software project management tools Favro and Hansoft. Favro, especially, has become popular with game makers using the popular Unity Player platform.

“Unity is a good example of someone who really played the platform business right. They won. In many ways it’s more interesting what Unity did than what Google is doing. My feeling with Google is that they don’t have that loyalty to a technology that a smaller company like Unity would have.  The problem with Google is, if they aren’t successful in a space, they have a tendency to just leave it and move on to the next thing,” said Palm.

IOS-first no more

Ultimately, the Android world promises to reach consumers beyond Apple’s walled gardens.

“When a company, five or six years ago, was trying to build a general app, they’d do iOS first, then go and clone it, in a very broad sense of ‘clone,’ for Android phone. That iPhone-first trend is now changing. Android is slightly easier, and there are so many developers, tools and communities to help with existing frameworks. It’s also very much proliferated in the world, with all the different phone makers. Today, it might be a better business decision to go with Android first,” said Fishman.

Author : Alexandra Weber Morales

Source : sdtimes.com

Page 4 of 6

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Finance your Training & Certification with us - Find out how?      Learn more