Transcripts For BLOOMBERG Bloomberg West 20140428 : vimarsan

BLOOMBERG Bloomberg West April 28, 2014

At t is planning to bring 4g marlys access to flights. They could start this as soon as next year. Dividershares of wifi plunging in afterhours. Drivingays the self cars logged nearly 700,000 autonomous miles. Google has been testing the cars around the hometown of mountain view, to improve their ability weeks after the disclosure of the heartbleed glitch, there is another major glitch. This affects about 25 of browsers out there, looking at versions six through 11, although the most recent ones are mainly being hurt. The way it works, it gives the hacker the same level of access as the official user. People that still have microsoft xp, windows xp, are particularly troubled in this case. Cory johnson, microsoft stopped providing security patches for xp, so those 3 million machines have nothing to do. We know the mitigation it takes to take the system to the new operating system. For an individual, it may take a few hours, but corporations, it takes nine months to make the switch on average. The change away from xp does not happen quickly. It is likely that we will be hearing more things like this because the hackers are evolving and this operating system is not. It feels like there is a new one of these every day. Are there more attacks, or is security tracking Getting Better . These techniques used by hackers, particularly in eastern europe, are very different from where they were even a year ago, much more organized, bigger groups. Where do they go from here . I know microsoft is doing an investigation, but at what point do they make an exception for this major security flaw for xp users, maybe they would do something. You wonder what form it would take, and what does this mean for microsoft itself . If people are unwilling to switch to a new browser, they may move to a new product. For more on how risky this flaw is, i want to turn to the director of Threat Research at fire eyes, the company that found the breach. Why are we seeing more of these threats, is it because people like you are Getting Better at tracking them down, or there are just more of these things happening . A combination of both. Its a pleasure to be here. In this case, the bone ability was widespread, roughly one in four users visiting the web, going to any website that hosts this kind of exploit, would have been compromised. We do not see this going away. We detected this particular thread group as recent as friday and we had to move quickly to get detection, response, prevention, and advisory out quickly in order to respond to the threat. Fundamentally, i do not see that this particular issue will go away anytime soon. Are you looking at particular , flaws in xp, because it is not getting updated . We are looking at the front groups that are using these \attacks and these vulnerabilities. We are able to detect and see these types of vulnerabilities being westernized into the tax just by looking at the affects of the victims involved. We are then able to further develop defenses, protections, as well as advisories, based on that. We do not need to necessarily go through and document all the different vulnerabilities. The attackers are already doing that for us. Walk us through how this particular vulnerability is and what it actually means. Fundamentally, zero day attacks are roughly two to go Different Things from vulnerabilities. Vulnerabilities are not that serious unless you are dealing with a Remote Code Execution vulnerability. That allows a hacker to compromise a user remotely, from anywhere on the internet. Those of the types we see from these different groups, the ones that we see the most severe. Fundamentally, we see this type of issue getting worse over time. If i have Internet Explorer, what should i do . Right now, you can go through and disable flash. That seems to be the initial infection vector. You can also enable private mode. The croissant hasnt ruled out the enhanced mitigation toolkit, or you could switch to a different browser. You talk about finding the affects of the victims involved and using that as methodology. Have you any anecdotes, something that happened to somebody, or a company . In this particular case, we work closely with many of our customers who were targeted in this particular campaign. We went through and actually merged the intelligence collected from our worldwide sensor grid of appliances protecting the customers, along with boots on the ground. Those folks involved with instant response professional services. We fused the information to go from discovering the exploits to rolling out protections for it, to rolling a prevention for it, as well as working with microsoft to release the advisory, less than 24 hours, on a weekend. My point is, what did you see happening that let you roll all of this together into an alert . We start with some sort of spear phishing attack. In this case, the thread group involved was watching some sort of Malicious Link within mail messages. Unfortunately, those victims were clicking on the links, getting compromised, seeing the results of that, and seeing how the compromise occurred. Normally, visiting a website should not compromise an endpoint, but in this case, that is what was happening. What do you see as a result of this happening, do you see microsoft revealing a patch for ie, and do you see other people downloading other browsers instead . It is a combination. This should be the final nail in the coffin for windows xp users. They should really not be using the operating system anymore. For those users who are using Internet Explorer but later versions of windows, a variety of different mitigations would solve the problem. The most effective one we have seen is actually deploying emess. It would have caught this exploit as well as the past three or four that we have seen, plus 10 or so others from the last year. Unfortunately, that will not work for most enterprises based on the pains of rolling out the type of fix. That is why microsoft is offering these other mitigations, such as turning on protected mode, potentially disabling activex controls, or flash altogether. Thanks so much for sharing with us the work you did on this one. One ceo says he got fired after pleading guilty to domestic charges violence charges. We will talk about how this may impact the Company Going public. Welcome back to bloomberg west. Im emily chang. Radiumone ceo Gurbaksh Chahal said that he was fired by the network after accepting a plea deal on Domestic Violence charges. He was charged with 45 felonies of Domestic Violence, but all of them have been dropped, and he accepted a misdemeanor plea deal and a fine instead. Bill lonergan, the ceo of the company, will take over the company, which was in the stages of an ipo. Cory johnson is with me as well as ari levy. You were speaking with chahal over the weekend. What did he have to say . He was shocked. It had been 10 days. He pled guilty to the charges, charges happened about six months ago he pleaded guilty, paid the fine. The board waited until april 26 to do anything about it. He had many more to meeting since then, so i think he is surprised. So i think he is apprised. According to chahal, it was not the charges itself, but the criticism of it. Obviously a dramatic story. This had been going on for two years since the original charges were filed. If you think about his position, 45 felony accounts, convicted of none of them. And that he had to pay a 500 fine and do some community service. What is the big deal . From the boards perspective, this company will be going public, we will have to answer to investors. Investors will have a lot of questions about this company because it is an ad tech company. Having to answer the question, why is the ceo, who pleaded guilty to two misdemeanor charges related to domestic assault, why is he your ceo, isnt there anyone else . It is better to get rid of it now. While he has been facing the charges, we had the cto on from radiumone. I want to talk about his blog post. He says cory, what did he have to say about the actual accusations . Aside from getting fired, what did he have to say . I thought he said even more on the blog them when he talked to me, and i talked to him many times. I asked him specifically about what happened. He said he lost his temper. I do not know what that means and i will not try to interpret it. There was a lot of media about this. A lot of them focusing on this notion that there was a videotape, which no one has seen, which revealed something that was never revealed. There was a lot the media about this. Times . But they never charged him. I do not know what happened. He said he lost his temper. I do think we should take that lightly. It is still a serious thing. Ari, how does this impact the road to ipo . Will they still go public . That is very much up in the air. Whether conversations are still have happening with the banks, whether they want a cooling off until, hopefully we can find that out. Bill lonergan, who is taking over, he has been a finance and operations guide to run his career. He was the cfo of blue lithium, the company that chahal founded before selling it. He is not a startup ceo. Whether this is the longterm answer to who will run the company, we do not know that yet. May be the most inflammatory thing that he said yesterday was that he said the board compelled him to take the plea, that he wanted to fight in court and become exonerated. It runs a direct quote in my story, the board wanted me to settle the so we could go on with the ipo. He is leveling the charge against his board of directors that they compelled him to take the police so they could get their payout in the ipo faster than they would otherwise if you are fighting it. In terms of timing, what have you heard . Are the plans the same, will it be postponed . A spokesperson for the company would not say. It is small enough, they could file anytime now. We know they are coming close. It is ironic this is all happening at the same time, in the same week literally. It is not a coincidence. I think it is the reason it is all happening at the same time. Maybe after 10 days, they thought it would go away, and maybe they had suggestions for the bankers that it would not go away. There are many things that could derail an ipo, we just do not hear about them. Thank you both. The heartbleed but grabbed headlines and proper attention to how underfunded open source efforts really are. Now facebook, google, and amazon are pledging money. But will it be enough . Welcome back to bloomberg west. Im emily chang. On wednesday i will be interviewing twitter ceo dick costolo. We will be talking about their efforts to attract more mainstream users, its new ad network, and much more. Dont miss my interview with dick costolo coming up this wednesday. Now to the security flaw exposed earlier this month, heartbleed. It has some tech giant coming together to Fund Improvements in opensource programs. Cori, this is interesting. People tell me that all of these bugs could compromise the future of open source and whether it exists at all. It is an interesting story and not easy to say, heartbleed bug. Heartbleed bug. The organization has a new innovation because of this heartbleed bug. The director of the Linux Foundation is now with me. Open ssl has not received a lot of Financial Support like lennox, for example. That is right, atypical market failure. If you look at lennox, an important project that has received a lot of funding and is an important part of society. Open ssl is also an important part of internet security, but for some reason, funding has not caught up with the Important Role it plays on the internet. Can you explain what is open ssl . Open ssl, essentially that lockbox in the corner of your web browser. It provides encryption for communication that you send over the internet. In this case, there was a bug discovered in the code base that was the result of this heartbleed bug. Open ssl is created by whom . A group of developers, some of the best in the world when it comes to crypto technology, who have spent most of their adult lives on this, by and large, as volunteers, to put together the code. They have not had a lot of resources. Postheartbleed we decided to take a broader view and look at projects, not test open ssl, but other projects that are widely just lloyd and available jet widely deployed and available to the internet, and provide the resources to them to make the software better. You got big cash donations from companies that use or host open ssl. It is more than just open ssl. The companies ive spoken with want to get ahead of the next heartbleed. What they want to do is look for all of these products out there that are important to the stability of the internet and provide them with resources. Whether it is microsoft or amazon or facebook or google. It is not just about open ssl. It is how do we get ahead of them rather than reacting defensively. You said some of the greatest computer experts created open ssl, but there is some criticism that the code is written so poorly, the notions might be great, but the code is so sloppy, open ssl cannot be saved and read to go to and we need to go to an alternative. Open ssl is widely used, so we cannot move to something else. We need to allow them to have more resources to make the code base better. You will see other efforts trying to clean up the code base in parallel, and that is a great thing about open source. You can have multiple responses to any problem. That needs to be accepted by the open ssl leaders, and that has not happened until now. Can your involvement change that . The open ssl guys were work on their code. One of the things they have needed is resources to have people working fulltime on the code base, provide for audit, additional testing. That is what we hope to provide, in addition for next project that needs it, beyond open ssl, other Core Infrastructure projects that for some reason have been underfunded. Thank you very much. We will be right back with more bloomberg west. Coming up, that means Bloomberg Television is on the markets. Lets take a look at where stocks close. Not much changed when all is said and done. We saw an increase for the s p, down, and nasdaq. People are still watching earnings. They are still watching the situation internationally. A lot of volatility. In terms of what we saw on the treasury market, we solve a little bit of fall in the treasury rise in yields. Reserveve the federal beginning a twoday meeting tomorrow. People are watching and expecting that they will furthers the back of their bond purchases that they had support the economy. Gravity you are watching bloomberg west. Im emily chang. Popular american tv shows are no longer available on some of chinas biggest websites. They are no longer being streamed. This comes after government censors launched a recent crackdown on content deemed offensive. Speaking of the streaming site, it just got a big investment by ali baba. Alibaba and its founders have been on quite the shopping spree ahead of the companys highly anticipated ipo. Last year, they purchased an online mapping company, acquired a stake in a tv and movie production company, and invested in both a messaging app and a Department Store operator. Today, they agreed to spend 1. 2 billion for an 18. 5 stake. Joining me now is someone who helped set up googles operations in china. Thank you for joining us. When you look at the stuff that ali baba has invested or bought, it is incredible. Why the shopping spree, why now . I did a quick calculation. 4 billion worth of acquisitions in the last six months alone. If you look at these, they are very well considered, in strategic areas that i have to believe would make a great growth story, such as video or mobile or content distribution. I think it will be helping them with a strong ipo story. They are investing a lot of money. These are not just one offs here and there. 1 billion to buy autonavi, 215 Million Investment in tangome. 10 figure investments here. What do you make of the fact that they are buying rather than building . Absolutely. We talked about this a couple of times. They are somewhat behind on mobile. That is an area that people are investing heavily in. By spending this money to acquire its user base, in yuku, which has 300 million plus mobile users, they are growing much quicker than they can organically, acquire users on mobile. They are showing they can be bold. Do you get the sense that they are rushing these things before he the ipo filing . It does seem like it. I am personally excited about the ipo even more than before. They are wellpositioned to tell a great story. Investors can draw the dots. Video content in china vision, video distribution in youku. All of these are Great Stories and huge businesses for them. How does this fit into their grand plan in this case . They have to find growth. They are already a sizable company. A couple of areas for growth are geographic, and they have said they are not really going to go abroad, other than to promote cross territory trade, such as merchants selling things abroad, and selling in china. They are also behind in mobile and User Behavior shift for mobile changes quickly. And to remind you again, china has one of the most active mobile populations in the world. To capture that, they have to quickly build up a strong mobile presence, whereas right now, they have been mostly a docile site. In terms of how they square off against other big players, like . 10, for example, what sets them apart . They have a huge social investment, although they are not a social company themselves. They believe they are most threatened by tencent, who has the biggest presence. Tencent also recently invested in the second largest retailer, so they are probably going after ali baba. Alibaba is going from commerce to mobile usage. How do you see this playing out between the big players . Does one Company Owned certain territory, are they all try to go after everything . It seems like everyone is going after everything, which is why it is so different from the u. S. If you look at alibabas core business, it is like ebay and amazon combined. It would be unthinkable to have such a large player in the u. S. Now it is sort of like combining it with youtube. It is mindboggling how ambitious these companies are in terms of trying to take over everything. As the filing approaches, how do you expect this to play out . The Chinese Government

© 2025 Vimarsana