Adobe deals with data breach affecting 2.9m customers

Filed under: — Aviran Mordo

Adobe has been hit with a massive cyber attack, where hackers obtained customer IDs, passwords and encrypted credit card information of more than 2.9 million customers. Adobe believes the hackers also breached source-code data of several Adobe products, including Acrobat and ColdFusion.

The software giant behind products like Photoshop, InDesign and Shockwave Flash announced last week they had been hit by two separate attacks targeting customer and company information. Adobe is in the process of sending password-reset e-mails and customer security alerts to affected customers to try to mitigate the damage, but there’s a bit of a problem with that approach.

According to independent security reporter Brian Krebs, Adobe has known about the breach since Sept. 17, and they believe the attack happened sometime in mid-August. Considering those customers’ information has been in the hackers’ hands for nearly two months, resetting passwords and canceling credit cards at this point may be moot.

Adobe’s investigation is still in its early stages, and the company hasn’t finished unearthing the full scope of what data may have been compromised.


Building Engineering Culture Based On Quality To Drive Innovation

Filed under: — Aviran Mordo

When I joined Wix in 2010 my job was to rebuild the back-end engineering team. The previous team that took the company to where it was back then was scattered to other projects and except for one developer from the original team I had a completely new team.

A couple of months after I arrived and started to figure things out with my new team we decided to move to continuous delivery methodology. Since we faced many challenges in both moving to continuous delivery and the need to re-write the whole back-end system, we needed very good software engineers to build a new framework and to be the first ones to lead the company’s Dev-Centric culture.

We wanted to create a culture based on quality in terms of software engineering and people responsibilities. Since every person in a growing company has a profound effect on the company’s culture, it sets the tone for the recruitment process. Ever since I got to Wix I have never stopped recruiting engineers, however recruiting is a big challenge. I was looking for exceptional software engineers. The standards for passing the interview process is very high and very few actually succeeded, but that is a price I’m willing to pay in order to build an ‘A team’.



FTC publishes list of questions to ask “patent trolls”

Filed under: — Aviran Mordo

The FTC has voted 4-0 to start an investigation of so-called “patent trolls.” The first step is to solicit public comment on a long series of questions that the agency plans to submit to about 25 of the most controversial patent-holding companies, which the FTC calls “patent assertion entities.”

“We want to use our 6(b) authority to expand the empirical picture on the costs and benefits of PAE activity,” Ramirez said today. “What we learn will support informed policy decisions.”

There have been numerous academic studies of patent trolls, but the FTC will be able to use subpoena powers to learn far more about the business than any of these studies. The commission will be able to learn about trolls’ corporate structures, how much they make, and where the money is really going. The data it collects about individuals trolling organizations will not be made public, but the FTC will likely publish aggregate information. The agency could even file antitrust lawsuits if it believes patent trolls are hampering competition.


Samsung: Note 3 Reginal Lock Applies Only For Device Activation

Filed under: — Aviran Mordo

Reports that Samsung has crippled its new Galaxy Note 3 by adding region-locking, making buyers of unlocked units attempting to use it in geographies outside of the area in which it was purchased subject to exorbitant roaming fees, are not entirely accurate.

A statement from Samsung clears the issue. The notes refer to being able to bring your unlocked device into other regions, but rather that the initial activation must occur in a particular region. This means that unlocked Galaxy Note 3 devices intended for the European market devices can be activated only with a SIM card from that region. After initial activation and commissioning, everything is as usual, you can use a SIM card from any region.

AllAboutSamsung.de asked Samsung for comment on the matter. Here are the essential points from Samsung’s official statement (original in German):

Samsung does lock some devices based on the region where they were purchased from. These devices are, besides the Note 3: Galaxy S3, Galaxy Note 2, Galaxy S4, and Galaxy S4 Mini.
The region lock only affects units manufactured after the end of July 2013, that ship with the warning sticker on the box. Devices that have already been delivered, like those sitting in warehouses or in stores are not region locked.
If a user takes a new phone that hasn’t been yet activated to a country outside the home region, the user can unlock the phone at a local Samsung service partner for free.


$199, 4.2” computer is Intel’s first Raspberry Pi competitor

Filed under: — Aviran Mordo

With the Raspberry Pi, Arduino Due, and BeagleBone, the world is full of cheap, tiny computers that can be used by creative developers in everything from robots to space flight.

One thing these platforms have in common is an ARM processor. Now they have some competition from Intel with its “MinnowBoard,” a $199 computer in the form of a 4.2″ x 4.2″ board with an Intel Atom processor.

The first 500 MinnowBoards rolled off the production line a few months ago and sold out within a week, Senior Embedded Systems Engineer David Anders of CircuitCo told Ars at the LinuxCon conference on Tuesday. CircuitCo, also the maker of the BeagleBoard and BeagleBone computers, made the MinnowBoard after being approached by Intel, which wanted to build an x86-based open hardware platform. A new MinnowBoard production run of 5,000 boards began this week.

Those numbers won’t threaten the Raspberry Pi’s million-plus-selling business, and the MinnowBoard at its initial price is likely to attract a different customer base. But Anders believes x86 boards will reduce in size and price to the point where they will become more suitable for hobbyists.


We Have Completely Lost Our Privacy On The Web

Filed under: — Aviran Mordo

Few years ago, before the social networks explosion everybody knew that it is important to keep your identity hidden and not to reveal any personal information about yourself. People used nick names and not shared personal information on the web. But as time passes where more and more services were being used in the cloud and social networks became popular we have lost all control of our privacy and personal information.

Lets take for instance Google and see just how much information Google know about us.
It started with email services like Gmail where Google knows all about our personal correspondence. Even if you didn’t fill any personal information when you signed up for Gmail just by reading your emails the information there is priceless.
Then we use Google calendar, where Google can learn about who we meet, what is our schedule and routine and significant dates and events in our lives.

Other people reveal information about you and you don’t even know it.

Even if you are not using Gmail Google knows a lot about you. People who do use Gmail have you in their contact and fill in your email, address, phone number, birthday and even your picture, and you have no control or knowledge that they did.

Even if you do try to keep private by using nick names on the internet, well in order to register to message boards like Google groups you fill in your email, and there you go Google and cross your nick name on the internet with your real identity.

The use of cell smart phone now puts a location tracker in our pockets, so now in addition to all the other vast information Google have on us, it also knows exactly where we are at all times. Adding Google wallet lets Google also know what we buy from whom and when. Not only what we are looking for in a search but potentially what we also buy offline (given cell phone payment will take off in the next couple of years).

Adding other services like note taking - Google knows out thoughts, YouTube and play - our taste in movies music books and what we like to play.

Given all these “Free” services we use Google know anything and everything about us, our lives, our friends and relatives. Adding Google+ and circles to the equation Google knows our relationships to other people interest, how we look like, what we like on the web and our hobbies.

The last piece of information is Google voice where Google knows who we speak with about about what.

While Google knows anything and everything about us, it is not just Google. Cloud services and social networks like Facebook hold a lot of information about us too. While we use these services more and more and rely on them in our daily lives we basically pay these “free” services with our privacy and no matter how much you try to keep information out of the web you have no control about what information your friends and family are sharing about you.

What do you think, is loosing your privacy a small price to pay for free services?
Can you trust commercial companies to keep this information safe ?


Russian rewrote credit card application, got approved

Filed under: — Aviran Mordo

Dmitry Argarkov rewrote a credit card application sent to him by Tinkoff Credit Systems. The bank signed off on it without reading the fine print.

Dmitry Argarkov put a few revisions in his credit card application:
0% interest
No fees
No credit limit
Then he sent it to Tinkoff Credit Systems. They approved it and sent Argarkov a card.

But they hadn’t read the fine print.
Oleg Tinkov, founder of Tinkoff Credit Systems.
Oleg Tinkov, founder of Tinkoff Credit Systems.

The 42-year-old man from Voronezh, near the Ukraine border, put in some other nuggets: The bank would pay him $182,231 if it closed Argarkov’s account. If the bank did not honor his rules, Argarkov would fine it $91,115.

“He could afford to buy an island somewhere in Malaysia, and the bank would have to pay for it by law,” said Argarkov’s attorney, Dmitry Mikhalevich, according to the Russian news site Kommersant.

A judge sided with Argarkov this week and said the amended contract was legally valid because the financial institution had approved it.


Lifecycle – Wix’ Integrated CI/CD Dashboard

Filed under: — Aviran Mordo

This post was originally published by Ory Henn on Wix engineering blog, who is part of our continuous integration / continuous deployment team. Since I write about Wix’s continuous delivery I think this post might interest you.

There Are So Many CI/CD Tools, Why Write One In-house?

About 3 years ago we first set foot on the long and winding road to working in a full CI/CD mode. Since then we have made some impressive strides, finding the way to better development and deployment while handling several years’ worth of legacy code.

An important lesson learned was that CI/CD is a complex process, both in terms of conceptual changes required from developers and in terms of integrating quite a few tools and sub-processes into a coherent and cohesive system. It quickly became clear that with the growing size of the development team, a central point of entry into the system was needed. This service should provide a combined dashboard and action center for CI/CD, to prevent day to day development from becoming dependent on many scattered tools and requirements.

To this end, we started building Wix Lifecycle more than two years ago. This post describes Lifecycle in broad terms, giving an overview of what it can do (and a little about what it is going to be able to do). Following posts will describe interesting series and other fun stuff the system does.

Keep in mind that our processes are nowhere near full CI/CD yet, and that Wix Lifecycle has to allow a great deal of backward compatibility for processes that are remnants of earlier days, and for teams that move towards the end goal at a different pace.
So What Does It Do?


Continuous Delivery - Part 8 - Deploying To Production

Filed under: — Aviran Mordo

Previous chapter: Cultural Change

It is about time we talk about the actual continuous delivery process works, application lifecycle and how the code reaches production once development is done.

Phase 1: Git – Developers push the completed code (and the tests) to a Git repository.

Phase 2: Build – Team city (our CI build server) is triggered - checks out the code from Git; Runs the build, unit tests and integration tests. Once the build is passed a SNAPSHOT artifact is created and pushed to Artifactory.

So far the process was automatically. At this point we decided to go to a manual process in order to do the actual deployments. However this process should be as easy as pressing a button (which it actually is). We are now in the process of also automating deployment to staging making staging continuous deployment environment and production continuous delivery.



The Original Terminator Found

Filed under: — Aviran Mordo

Everybody knows the terminator where artificially intelligent machines are attempting to exterminate what is left of the human race.

Terminator Movie

However before artificial intelligence took over the machine there was (and still is) the original terminator created by man which is often used to terminate zombies.



Android is now a bigger platform than Windows

Filed under: — Aviran Mordo

Microsoft’s “Windows monopoly” hasn’t been so much destroyed as rendered irrelevant. Thanks to the explosion of Internet-based cloud computing and smartphones, tablets, and other mobile gadgets, the once all-powerful platform of the desktop operating system has now been reduced to little more than a device driver. As long as your gadget can connect to the Internet and run some apps, it doesn’t matter what operating system you use.

Three charts really bring home the challenges that Microsoft and other PC-powered giants like Intel, Dell, and Hewlett-Packard face in adapting to this new Internet-driven world.

First, look at global device shipments. For the two decades through 2005, the personal computer was the only game in town, selling about 200 million units a year. But then smartphones and tablets came along. And now they dwarf the PC market.

This shift in personal computing device adoption, meanwhile, has radically diminished the power of the Windows operating system platform. As recently as three years ago, Microsoft’s Windows was still totally dominant — the platform ran 70% of personal computing devices.

Now, thanks to the rise of Google’s Android and Apple’s iOS, Windows’ global share has been cut in half, to about 30%. More remarkably, Android is now a bigger platform than Windows.

New vulnerability found in Java 7

Filed under: — Aviran Mordo

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software’s security sandbox and execute arbitrary code on the underlying system.

The vulnerability was reported this week to Oracle along with proof-of-concept PoC exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.

According to Gowdiak, the vulnerability is located in the Reflection API application programming interface, a feature that was introduced in Java 7 and which has been the source of many critical Java vulnerabilities so far. Security Explorations confirmed that its PoC exploit code works against Java SE 7 Update 25 and earlier versions, he said.

Powered by WordPress