1010Computers | Computer Repair & IT Support

Bots are cheap and effective. One startup trolls them into going away

Bots are ruining the internet.

When they’re not pummeling a website with usernames and passwords from a long list of stolen credentials, they’re scraping the price of hotels or train tickets and odds from betting sites to get the best data. Or, they’re just trying to knock a website offline for hours at a time. There’s an entire underground economy where bots are the primary tools used in automating fraudulent purchases, scraping content and launching cyberattacks. Bots are costing legitimate businesses money by stealing data, but also hogging system resources and costly bandwidth.

Clearly, the existing approach of playing bot Whac-A-Mole isn’t working.

“Until now you just had to suck it up as a cost of doing business,” said Johnny Xmas, director of field engineering at Kasada, an anti-bot startup that strikes at the heart of the bot economy itself by frustrating bots with complex tasks.

Their system is simple enough. Bots, said Xmas, are the “white noise” of the internet. Once a bot is started, they keep going until they’re told to stop or their job is done. Kasada tricks bots into thinking that their job is never done. By serving up a small but difficult math puzzle before the site even loads, it tricks the bot into spending its time solving the puzzle and not scraping the site as it thinks it’s doing.

Weeks earlier, Xmas tweeted a photo of Kasada’s proprietary platform Polyform. A single bot made close to four million requests to a website in a single day. Instead of loading the target website, Kasada pushed its randomly generated JavaScript code that loads silently in the browser to the bot instead. For more than 24 hours, the bot was sinking all of the cloud processing resources into trying to solve an impossible math challenge.

“This guy’s [cloud] bill is going to be nuts,” he tweeted.

We troll bots for a living. This one made 3.7M unsuccessful HTTP requests in 24 hrs, and we responded to each with a js cryptographic challenge, which effectively tarpits the bot by sucking up CPU resources. Expensive, Lambda CPU resources. This guy’s AWS bill is going to be nuts pic.twitter.com/erfuvvQmru

— Johnny Xmas @Kasada_io (@J0hnnyXm4s) January 4, 2019

The company’s aim isn’t to defeat the bot, but the reason for starting it in the first place, said Sam Crowther, Kasada’s co-founder, in a call with TechCrunch. “We cost them money, making their projects not fiscally viable,” he said.

Here’s how it works. Each time someone — or something — visits a website, Kasada accurately fingerprints the requester, using several methods to determine if it’s a bot or not. If not, the site loads as if nothing happened, taking only a few milliseconds off the load time. If it’s a bot, Kasada throws the bot the puzzle, keeping it busy. The bot thinks the website has loaded and doesn’t trigger any warnings on the back-end, all while busily plunging its resources into trying to understand and solve the math problem. “You don’t want to alert the person behind the bot, or they’ll just keep trying,” said Crowther. That’s when the bot starts churning more and more of its resources, and eventually topping out. “The human launches the bot and walks away,” he said. “Often the account maxes out and runs out of money long before the human comes back.” Even if the bot is automatically adding more resources, it won’t ever solve the puzzle. All while the processor usage is spiking, the bots don’t have the resources to target other sites — whether it’s a paying customer or not, said Crowther.

“We’re cleaning up the internet,” said Xmas. “We want to disenfranchise bots from operating to begin.”

False positives are rare — just 0.07 percent of all requests are mistakenly flagged. The team often found that more often than not it’s an old, legacy browser that’s mistakenly flagged its fingerprinting, or that the browser is exhibiting bot-like behaviors through a malicious Chrome extension, for example. Xmas said the service sends a CAPTCHA puzzle to solve in case, allowing the human through.

Bot authors take weeks or even months to develop code that will target specific kinds of sites hoping for a big eventual payoff, Crowther explained. Retail outlets, hotels, major financial institutions and realty listings — all revenue-making customers in the company’s portfolio — are at risk of bots that, if successful, could reap a huge reward.

“One bot targeted a betting company we protected, grabbing odds so that the most cost-effective bets are being placed at the micro-level — like stock trading,” said Xmas. “They’ll put months into a bot that’ll defeat every bot detection system.”

But already the team is finding some bot owners meeting their match.

In one case, Crowther and Xmas — both based in the company’s Chicago office — said they had one company, which they declined to name, was the target of account fraud and scraping. The company came in and stopped the automated logins and scraping of identity documents — preventing a wider attack hitting some 30,000 consumers from identity theft.

“One case we had a betting site where 95 percent of the traffic were bots,” said Xmas. “Think of that. You’re paying for tons of servers, tons of bandwidth because you think you’re doing a ton of business — and you’re making a lot of money so it seems rational,” he said. “Then you find out that 95 percent of that was trash.”

“At first we thought, ‘oh shit, what did we break?’,” he said. “It turns out we broke an insane botnet.”

The two recalled how one suspected bot operator was so frustrated by the company’s anti-bot countermeasures, he sent an abusive note to the company.

“The guy who was running some bots figured out it was us who was stopping them,” said Xmas. “And he went to our website, hit the contact us button, and wrote a very angry letter.” Crowther said that the company caught the bot controller’s IP address because he submitted the “not very nice email” through its contact form. “We found out that he was located in Sydney,” where one of the company’s offices is located. Xmas joked that he told Crowther, knowing who the bot operator was, to “send him a t-shirt.”

Or, better yet, Xmas said, “take that angry email, blow it up, and make it the wallpaper in our Sydney office.”

Powered by WPeMatico

Little Spoon gets $7M for its organic baby food delivery service

Little Spoon, a startup producing modular packages of nutritional, direct-to-consumer baby food, has raised a $7 million round of funding lead by Vaultier7.

The subscription-based service delivers meals — a fixed $3 apiece — to customers’ doorsteps. To date, Little Spoon said it has delivered 1 million meals. Other investors in the round include Kairos, Chobani’s executive vice president of sales Kyle O’Brien, Tinder founders Sean Rad and Justin Mateen, Interplay Ventures, the San Francisco 49ers and SoGal Ventures.

Among the business’s co-founders are Michelle Muller, chief executive officer Ben Lewis, chief product officer Angela Vranich and chief marketing officer Lisa Barnett, a former partner at Dorm Room Fund and Sherpa Foundry. The four launched the company a little over a year ago out of New York. Today, the site offers a rotating menu of 50 different recipes and 80 different ingredients.

“Our success is a testament to what we are seeing more broadly in the parenting space,” Barnett told TechCrunch. “There are a lot of demands for brands from this generation of parents.”

As an investor privy to rising trends within the technology and entrepreneurship space, Barnett became interested in the growing parenting tech sector.

“There has definitely been an eruption in the space,” she said. “I think there’s going to be the next big brand in this parenting space and I think that is what Little Spoon can be and is working toward becoming.”

Little Spoon members are given a personalized meal plan when they register with the service. The startup’s packaging is 100 percent recyclable, spoon included, which they say is a “developmentally advantageous form factor that promotes improved motor skills and mindful eating habits.”

The startup plans to use the capital to expand its line of baby meals.

And if you’re wondering why the 49ers invested in a baby food startup… “The 49ers were looking to partner with startups that drive innovation in and access to healthier lifestyles,” Lewis told TechCrunch. “They look for companies making it easier for the average American to live a healthier life, and we found a shared passion in our vision to make quality nutrition accessible to children everywhere.”

Powered by WPeMatico

Signal Sciences secures $35 million investment to protect web apps

Signal Sciences, an LA-based firm that helps customers secure their web applications, announced a $35 million Series C investment today.

Lead Edge Capital led the round (which seems appropriate, given its name). CRV, Index Ventures, Harrison Metal and OATV also participated. Today’s investment brings the total raised to around $62 million, according to the company.

The company helps protect web applications like online banking, shopping carts, email or any application you access online. It acts as a protection layer or firewall around the application, Andrew Peterson, CEO and company co-founder told TechCrunch.

“We protect people’s websites or mobile sites. We have software that actually fits in line between the internet and traffic coming into those web applications and all of the data that are behind it,” Petersen explained. It sounds simple enough, but given the onslaught of breaches we have seen across the internet, it’s obviously a difficult problem to solve.

Signal Sciences looks at behavior and tries to determine if it’s malicious. “We combine attack information with behavior about what that attacker is doing.” He says this gives customers a real understanding of the behavior of the attacker and what they’re trying to do against their site, instead of trying to randomly trying to determine if each suspicious activity is an attack or not.

Petersen won’t identify a specific number of customers. He feels it’s a misleading metric because some of his large enterprise customers have multiple business units running almost as independent entities and it doesn’t necessarily reflect the size of the business. He will say that Signal Sciences is protecting more than 10,000 applications involving 1 trillion requests every month from companies like Adobe, Under Armour and WeWork.

The company is up to 150 employees, a number Petersen says has been doubling every year. That trend is expected to continue with this new influx of money. The company wants to get the word out to more customers and help people understand there is a way to attack this problem.

“We started this company to build an innovative technology. We want to continue to drive the bar up for what customers should be expecting from their web protection in the future,” Petersen said.

Powered by WPeMatico

By Humankind picks up $4M to rid your morning routine of single-use plastic

Single-use plastics are the scourge of the environment, which is why many lawmakers are working to eliminate them.

Today, a new brand is launching to try to eliminate single-use plastic in the area of personal care. With $4 million in seed funding led by Lerer Hippeau (with participation from Red Sea Ventures, BoxGroup, SV Angel, Great Oaks, SoulCycle co-founder Elizabeth Cutler, and CPO of Adobe, Scott Belsky, among others), By Humankind offers deodorant, shampoo and mouthwash.

But unlike your typical personal care products, the By Humankind portfolio products are rethought from the ground up to eliminate single-use plastic and be kind to the environment.

For example, the mouthwash doesn’t come in a big plastic container, but rather in tablet form. Users can drop a tablet into a small cup of water and the mouthwash, which is alcohol-free, dissolves into a liquid. With the shampoo, the By Humankind team decided to eliminate the plastic bottle by simply taking a page out of the old soap bar playbook, creating a shampoo bar.

Meanwhile, the By Humankind deodorant comes in a refillable plastic roller, with paper-pod refills (which the company calls KindFills).

The company says that its products eliminate single-use plastic by 90 percent when compared to other products in their respective categories. Moreover, By Humankind has designed its shipping packages with biodegradable, bamboo fiber-based materials.

“Keeping our packaging footprint to a minimum is an extension of our mission, which is enabling our customers to reduce their single-use plastic waste, while not sacrificing quality or convenience,” said co-founder and CEO Brian Bushell.

Bushell came from Baked By Melissa, where he was co-founder and CEO. A couple of years after leaving the company, Bushell went on a trip with his girlfriend to Southeast Asia. On a scuba excursion, he noticed a large amount of plastic trash in the ocean, which took him by surprise as he believed to be in one of the few untouched, idyllic parts of the planet.

“We went to the hotel into the bathroom and looked at the stuff we brought on the trip and realized that we were part of the problem,” said Bushell. “That’s when the idea was hatched to build a personal care brand that not only cared about ingredients but about the containers they come in.”

But Bushell knew that the mission would only be successful if the products performed well. That’s why the company spent time and resources creating high-performance formulas for its products, such as the By Humankind deodorant, which the company says kills odor-causing bacteria 40 percent faster than other leading natural deodorants.

According to By Humankind, customers that switch from their current products to all three By Humankind products, with normal usage, will save five pounds of single-use plastic over the course of a year.

Powered by WPeMatico

Backed by Benchmark, Blue Hexagon just raised $31 million for its deep learning cybersecurity software

Nayeem Islam spent nearly 11 years with chipmaker Qualcomm, where he founded its Silicon Valley-based R&D facility, recruited its entire team and oversaw research on all aspects of security, including applying machine learning on mobile devices and in the network to detect threats early.

Islam was nothing if not prolific, developing a system for on-device machine learning for malware detection, libraries for optimizing deep learning algorithms on mobile devices and systems for parallel compute on mobile devices, among other things.

In fact, because of his work, he also saw a big opportunity in better protecting enterprises from cyberthreats through deep neural networks that are capable of processing every raw byte within a file and that can uncover complex relations within data sets. So two years ago, Islam and Saumitra Das, a former Qualcomm engineer with 330 patents to his name and another 450 pending, struck out on their own to create Blue Hexagon, a now 30-person Sunnyvale, Calif.-based company that is today disclosing it has raised $31 million in funding from Benchmark and Altimeter.

The funding comes roughly one year after Benchmark quietly led a $6 million Series A round for the firm.

So what has investors so bullish on the company’s prospects, aside from its credentialed founders? In a word, speed, seemingly. According to Islam, Blue Hexagon has created a real-time, cybersecurity platform that he says can detect known and unknown threats at first encounter, then block them in “sub seconds” so the malware doesn’t have time to spread.

The industry has to move to real-time detection, he says, explaining that four new and unique malware samples are released every second, and arguing that traditional security methods can’t keep pace. He says that sandboxes, for example, meaning restricted environments that quarantine cyberthreats and keep them from breaching sensitive files, are no longer state of the art. The same is true of signatures, which are mathematical techniques used to validate the authenticity and integrity of a message, software or digital document but are being bypassed by rapidly evolving new malware.

Only time will tell if Blue Hexagon is far more capable of identifying and stopping attackers, as Islam insists is the case. It is not the only startup to apply deep learning to cybersecurity, though it’s certainly one of the first. Critics, some who are protecting their own corporate interests, also worry that hackers can foil security algorithms by targeting the warning flags they look for.

Still, with its technology, its team and its pitch, Blue Hexagon is starting to persuade not only top investors of its merits, but a growing — and broad — base of customers, says Islam. “Everyone has this issue, from large banks, insurance companies, state and local governments. Nowhere do you find someone who doesn’t need to be protected.”

Blue Hexagon can even help customers that are already under attack, Islam says, even if it isn’t ideal. “Our goal is to catch an attack as early in the kill chain as possible. But if someone is already being attacked, we’ll see that activity and pinpoint it and be able to turn it off.”

Some damage may already be done, of course. It’s another reason to plan ahead, he says. “With automated attacks, you need automated techniques.” Deep learning, he insists, “is one way of leveling the playing field against attackers.”

Powered by WPeMatico

BetterCloud can now manage any SaaS application

BetterCloud began life as a way to provide an operations layer for G Suite. More recently, after a platform overhaul, it began layering on a handful of other SaaS applications. Today, the company announced, it is now possible to add any SaaS application to its operations dashboard and monitor usage across applications via an API.

As founder and CEO David Politis explains, a tool like Okta provides a way to authenticate your SaaS app, but once an employee starts using it, BetterCloud gives you visibility into how it’s being used.

“The first order problem was identity, the access, the connections. What we’re doing is we’re solving the second order problem, which is the interactions,” Politis explained. In his view, companies lack the ability to monitor and understand the interactions going on across SaaS applications, as people interact and share information, inside and outside the organization. BetterCloud has been designed to give IT control and security over what is occurring in their environment, he explained.

He says they can provide as much or as little control as a company needs, and they can set controls by application or across a number of applications without actually changing the user’s experience. They do this through a scripting library. BetterCloud comes with a number of scripts and provides log access to give visibility into the scripting activity.

If a customer is looking to use this data more effectively, the solution includes a Graph API for ingesting data and seeing the connections across the data that BetterCloud is collecting. Customers can also set event triggers or actions based on the data being collected as certain conditions are met.

All of this is possible because the company overhauled the platform last year to allow BetterCloud to move beyond G Suite and plug other SaaS applications into it. Today’s announcement is the ultimate manifestation of that capability. Instead of BetterCloud building the connectors, it’s providing an API to let its customers do it.

The company was founded in 2011 and has raised more than $106 million, according to Crunchbase.

Powered by WPeMatico

Databricks raises $250M at a $2.75B valuation for its analytics platform

Databricks, the company founded by the original team behind the Apache Spark big data analytics engine, today announced that it has raised a $250 million Series E round led by Andreessen Horowitz. Coatue Management, Green Bay Ventures, Microsoft and NEA, also participated in this round, which brings the company’s total funding to $498.5 million. Microsoft’s involvement here is probably a bit of a surprise, but it’s worth noting that it also worked with Databricks on the launch of Azure Databricks as a first-party service on the platform, something that’s still a rarity in the Azure cloud.

As Databricks also today announced, its annual recurring revenue now exceeds $100 million. The company didn’t share whether it’s cash flow-positive at this point, but Databricks CEO and co-founder Ali Ghodsi shared that the company’s valuation is now $2.75 billion.

Current customers, which the company says number around 2,000, include the likes of Nielsen, Hotels.com, Overstock, Bechtel, Shell and HP.

“What Ali and the Databricks team have built is truly phenomenal,” Green Bay Ventures co-founder Anthony Schiller told me. “Their success is a testament to product innovation at the highest level. Databricks is without question best-in-class and their impact on the industry proves it. We were thrilled to participate in this round.”

While Databricks is obviously known for its contributions to Apache Spark, the company itself monetizes that work by offering its Unified Analytics platform on top of it. This platform allows enterprises to build their data pipelines across data storage systems and prepare data sets for data scientists and engineers. To do this, Databricks offers shared notebooks and tools for building, managing and monitoring data pipelines, and then uses that data to build machine learning models, for example. Indeed, training and deploying these models is one of the company’s focus areas these days, which makes sense, given that this is one of the main use cases for big data, after all.

On top of that, Databricks also offers a fully managed service for hosting all of these tools.

“Databricks is the clear winner in the big data platform race,” said Ben Horowitz, co-founder and general partner at Andreessen Horowitz, in today’s announcement. “In addition, they have created a new category atop their world-beating Apache Spark platform called Unified Analytics that is growing even faster. As a result, we are thrilled to invest in this round.”

Ghodsi told me that Horowitz was also instrumental in getting the company to re-focus on growth. The company was already growing fast, of course, but Horowitz asked him why Databricks wasn’t growing faster. Unsurprisingly, given that it’s an enterprise company, that means aggressively hiring a larger sales force — and that’s costly. Hence the company’s need to raise at this point.

As Ghodsi told me, one of the areas the company wants to focus on is the Asia Pacific region, where overall cloud usage is growing fast. The other area the company is focusing on is support for more verticals like mass media and entertainment, federal agencies and fintech firms, which also comes with its own cost, given that the experts there don’t come cheap.

Ghodsi likes to call this “boring AI,” since it’s not as exciting as self-driving cars. In his view, though, the enterprise companies that don’t start using machine learning now will inevitably be left behind in the long run. “If you don’t get there, there’ll be no place for you in the next 20 years,” he said.

Engineering, of course, will also get a chunk of this new funding, with an emphasis on relatively new products like MLFlow and Delta, two tools Databricks recently developed and that make it easier to manage the life cycle of machine learning models and build the necessary data pipelines to feed them.

Powered by WPeMatico

Coda’s programmable document editor comes out of beta, launches iOS app

Coda, which is coming out of its limited beta today, wants to reinvent how you think about documents and spreadsheets. That’s about as tough a challenge as you can set yourself, given how ingrained tools like Word, Excel and their equivalents from the likes of Google, Zoho and others are. Coda’s secret weapon is that it combines text and spreadsheet functionality into a single document, with the ability to build some basic programming into them and add features from third-party services as a bonus.

In addition to opening up the service to anyone, Coda also today launched its new mobile app for iOS (with Android following at some point in the future).

“It’s the best of documents, spreadsheets, presentations, applications — all brought into one new surface,” Coda founder and CEO (and former head of product for YouTube Shishir Mehrotra told me. “But the phrase we like to use is that Coda allows anyone to make a doc as powerful as an app.”

You’re not going to use Coda, which was founded in 2017 and received funding from VC heavyweights like Greylock, Khosla Ventures and NEA, as a full-blown low code/no code service. It’s still a bit too limited for that. But you can use it to build your own custom inventory system, for example, or to build a basic CRM or to-do app that fits your specific needs. Or you could just use it as an online text editor and then slowly add features like third-party integrations with the likes of Slack or Figma as needed. All of that is easy enough for anybody who has ever used a function in Excel or Google Sheets.

So far, tens of thousands of people have used the service during its private beta. Mehrotra tells me that about 15 percent of them are from the Bay Area and that a good amount of them simply use the service as a basic document editor.

The new iOS app, unsurprisingly, mostly focuses on consuming content and using the functions that you have built in the web app. It’s unlikely that you’ll want to build a whole new experience on your phone, after all. In the demos I’ve seen, Coda nicely transforms cells and their functions into usable tables and cards on the iPhone.

Powered by WPeMatico

YouTube expands test of its Instagram-like Explore tab to more devices

YouTube is expanding the test of its “Explore” feature, a new discovery tool it first introduced as an experiment within its iPhone app last year. Similar to Instagram’s Explore page, the new YouTube feature aims to introduce users to a diverse set of personalized recommendations so they can more easily find something new to watch. The test is now available across devices, and has been updated to also suggest smaller, up-and-coming YouTube creators, the company says.

The changes to Explore were announced in a recent Creator Insiders video, where the company shares ideas it’s thinking about or testing ahead of a public debut — like a change to the “dislike” button, for example.

Last year, the company published a video to Creator Insiders where it talked about a plan to develop a new place within the YouTube app that would help people broaden their horizons when looking for something different to watch.

Today, YouTube’s recommendation technology relies heavily on past viewing activity and other in-app behavior to make its content suggestions, the company explained. With the Explore tab, however, YouTube aims to widen recommendations to include various topics, videos and channels you may not have otherwise encountered.

For instance, the Explore section might recommend videos about high-end cameras after you watched videos about telescopes. Or it might recommend videos about kittens or puppies because you watched other animal videos.

When YouTube launched Explore last year, the test was only rolled out to 1 percent of YouTube’s iPhone app users.

On testers’ devices, Explore replaces the Trending tab in the app’s navigation at the bottom of the screen. The section of Trending videos then became just another sub-category within Explore, alongside other top-level sections like Gaming, Movies, Music, Originals and more.

While Explore was initially available only to iPhone users, the test has now gone live across devices, including iPhones, iPads, Android phones and tablets and on the desktop, YouTube confirmed to TechCrunch. But it’s still only available to a “small amount” of testers, the company says.

In addition, Explore has been updated to include a new section called “On the Rise,” which will feature up-and-coming YouTube creators.

Here, a shelf is shown showcasing creators with fewer than 10,000 subscribers. These suggestions are personalized to you, too, based on which channels you currently like and regularly watch.

Beneath the “Under 10K” section are other creators YouTube thinks you’ll like, based on your YouTube watch history as well as those whose channels are watched by other fans of your favorite creators.

These recommendations may include those channels with more than 10,000 subscribers, but there will be a cap on how many subscribers a creator can have to be categorized within this “On the Rise” section. (That cap is still TBD, though.)

We understand that while YouTube has expanded the experiment’s reach, it doesn’t yet have a definitive plan for rolling out to the public the Explore tab.

For now, Explore is still considered an experiment and the company is looking to gather more feedback before making a formal decision about the feature’s wider availability.

Powered by WPeMatico