Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

If you work for someone else, you likely know the drill: in comes that annual email reminding you that it’s time for unconscious bias or sexual harassment training, and if you could please finish up this mandatory module by this date, that would be terrific.

The email — not to mention the programming itself — is straight out of “Office Space.” Little surprise that when Anne Solmssen, a Harvard-trained computer scientist, happened to call a friend recently who was clicking through his own company-sponsored training program, his answer to how it was going was, “It’s more interesting when I have baseball on.”

Solmssen has some other ideas about how to make sexual harassment training far more interesting and less “cringe-worthy.” Indeed, she recently joined forces with Roxanne Petraeus, another Harvard grad, to create Ethena, a software-as-a-service startup that’s promising customizable training delivered in bite-size segments that caters to individuals based on how much they already know about sexual harassment in the workplace. The software will also be sector-specific when it’s released more widely in the first quarter of next year.

The company first came together this past summer led by Petraeus, who joined the U.S. Reserve Officers’ Training Corps to help defray the cost of her Ivy League education and wound up spending seven years in the U.S. Army, including as a civil affairs officer, before co-founding an online meals marketplace, then spending a year with McKinsey & Co. to get a better handle on how businesses are run.

Petraeus says that across her experience, and particularly in the Army, she had “great leaders who were super thoughtful” about sexual harassment training, “who cared about their [reports’] development goals and what was happening in their personal lives, and brought out the best in their people, rather than making them feel less than or marginalized.”

Still, she was aware that from an institutional standpoint, most harassment training is not thoughtful, that it’s a matter of checking boxes on an annual basis to ensure compliance with different state laws, depending on where an organization is headquartered. She marveled that so much of the content employees are being forced to consume seems “designed for a 1980s law firm.”

Solmssen was meanwhile working for a venture-backed public safety software company, Mark43. She was getting along just fine, too, but when a friend put the two in touch on the hunch that their engineering talent and vision could amount to something, that instinct proved right.

“I’d been working for Mark43 for four years, and I wasn’t particularly interested in starting a business,” Solmssen says. “But I fell in love with Roxanne and this idea, and I came to this thinking that someone needs to make [this training process] better. We’re still using the tools and technologies that we’ve had since 1997.”

So how is what they’re building different than what’s currently available? In lots of ways, seemingly. For starters, Ethena doesn’t want employees to “knock it out all at once” in an hour or two of training at the end of each year. Instead, it’s creating what it calls monthly “nudges” that deliver relevant studies and questions on a monthly basis — information that can then be used in an all-hands meeting, for example, helping to reinforce its goals.

It’s also focused on sending content and questions to people that’s iterative and that evolves based on how an individual responds. A new hire might answer very differently than a sponsor of other women within an organization, for example. It’s a stark contrast to to the black-and-white scenarios that every employee is typically presented. (Think: “Judy and Brian go to a bar after work.”)

These subtleties are a significant development, argues Petraeus, because “traditional training implicitly tells employees that going to spending time together outside of work is bad for mentorship. It’s why you hear things like, ‘I just hired my first female analyst; can I get into an Uber with her when we’re traveling?’ ” Turning every mixed-gender occasion into a potential minefield is “not the message we should be conveying.”

Yet it’s a message that’s being absorbed. According to a survey conducted earlier this year by LeanIn.Org and SurveyMonkey, 60% of managers who are men are now uncomfortable participating in a common work activity with a woman, such as mentoring, working alone or socializing together. That’s a 32% jump from a year ago. According to that same survey, senior-level men are now 12 times more hesitant to have one-on-one meetings with junior women, nine times more hesitant to travel together and six times more hesitant to have work dinners together.

Even the U.S. Equal Employment Opportunity Commission thinks sexual harassment training has gone wrong somewhere, noting that it hasn’t worked as a prevention tool in part because it’s been too focused on simply avoiding legal liability. Indeed, a few years ago, a task force studying harassment in the workplace on behalf of the EEOC concluded that “effective training cannot occur in a vacuum – it must be part of a holistic culture of non-harassment that starts at the top.” Similarly, it added, “one size does not fit all: training is most effective when tailored to the specific workforce and workplace and different cohorts of employees.”

Toward that end, and with compliance in mind, Ethena is also modernizing the content it delivers, including as it pertains to dating at work, which definitely happens; and inclusivity around pregnant colleagues, who are often subtly marginalized; and transgender colleagues, who can also find themselves feeling either misunderstood or overlooked by current sexual harassment training materials.

There’s also a heavy focus on analytics. If 60% of employees don’t know about a company’s policies around office dating, for example, or employees in an outfit’s marketing department appear to know less about an organization’s values than other departments, it will flag these things so managers can take preventative action. (“Say there’s a new manager in the LA office where employees seem to be answering less consistently,” suggests Solmssen. “We can provide additional training to get that person up to speed.”)

For Petraeus — who is the daughter-in-law of retired general and former CIA director David Petraeus — the overarching goal is to kill off mandatory yearly training where the takeaway for many employees, the fundamental standard, is, “Can I go to jail for this comment?”

It’s too soon to say if Ethena will be successful. It’s only halfway through a pilot training program at the moment. But Solmssen and Petraeus are strong pitchmen, and they say their software will be available beginning in the first quarter of next year for $ 4 per employee per month, which is on a par with other e-learning programs.

The startup has also won the support of early backers who’ve already given the months-old outfit $ 850,000 to start hiring. Among those investors: Neo, a venture fund started last year by serial entrepreneur Ali Partovi; Village Global; and Jane VC, which is a fund focused on women-led startups.

Numerous angel investors have also written Ethena a check, including Reshma Saujani, who is the founder of the organization Girls Who Code, and a handful of military veterans.

As for the last group, “they’re not a group that’s typically represented in startup ventures,” observes Petraeus, “but in terms of leadership and thinking about how to get a diverse team oriented around the same goal,” they’re hard to match.


TechCrunch

It’s been a rough run for Kik of late. The once mighty messaging service announced in late September that it would be shutting down its app. CEO Ted Livingston noted in a blog post that the startup would be trimming its headcount from over 100 people to “an elite 19 person team,” following a protracted 18 month battle with the SEC.

Today the service noted on Twitter, however, “Great news: Kik is here to stay!!!! AND there’s some really exciting plans for making the app even better. More details coming soon. Stay tuned.”

The news follows an October 7 tweet from Livingston that noted, “Some exciting news: we may have found a home for Kik! We just signed an LOI [letter of intent] with a great company. They want to buy the app, continue growing it for our millions of users, and take the Kin integration to the next level. Not a done deal yet, but could be a great win win. More soon.”

Along with the previously noted shutdown of Kik Messenger, the executive added that the far leaner team would be shifting its focus to its cryptocurrency, Kin. “[N]o matter what happens to Kik, Kin is here to stay,” Livingston said of the two-year-old currency at the time. “Kin operates on an open, decentralized infrastructure run by a dozen independent companies. Kin is a currency used by millions of people in dozens of independent apps.”

Kin was the subject of an SEC lawsuit earlier this year, following its $ 100 million ICO raise. “The SEC charges that Kik sold the tokens to U.S. investors without registering their offer and sale as required by the U.S. securities laws,” the commission wrote in June.

What the future ultimately looks like for Kik is still very unclear following the fairly cryptic tweet. We’ve reached out to the company for comment.


TechCrunch

SpaceX CEO Elon Musk delivered an update about Starship, the company’s nest generation spacecraft, which is being designed for full, “rapid reusability.” Musk discussed the technology behind the design of Starship, which has evolved somewhat through testing and development after its original introduction in 2017.

Among the updates detailed, Musk articulated how Starship will be used to make humans interplanetary, including its use of in-space refilling of propellant, by docking with tanker Starships already in orbit to transfer fuel. This is necessary for the spacecraft to get enough propellant on board post-launch to make the trip to the Moon or Mars from Earth – especially since it’ll be carrying as much as 100 tons of cargo on board to deliver to these other space-based bodies.

Elon Musk

These will include supplies for building bases on planetary surfaces, as well as up to 100 passengers on long-haul planet-to-planet flights.

Those are still very long-term goals, however, and Musk also went into detail about development of the current generation of Starship prototypes, as well as the planned future Starships that will go to orbit, and carry their first passengers.

The Starship Mk1, Mk2 and the forthcoming Mk3 and Mk4 orbital testers will all feature a fin design that will orient the vehicles so they can re-enter Earth’s atmosphere flat on their ‘bellies,’ coming in horizontal to increase drag and reduce velocity before performing a sort of flip maneuver to swing past vertical and then pendulum back to vertical for touch-down. In simulation, as shown at the event, it looks like it’ll be incredible to watch, since it looks more unwieldy than the current landing process for Falcon boosters, even if it’s still just as controlled.

SpaceX Starship Mk1 29

The front fins on the Starship prototype will help orient it for re-entry, a key component of reuse.

Musk also shared a look at the design planned for Super Heavy, the booster that will be used to propel Starship to orbit. This liquid-oxygen powered rocket, which is about 1.5 times the height of the Starship itself, will have 37 Raptor engines on board (the Starship will have only six) and will also feature six landing legs and deployable grid fins for its own return trip back to Earth.

In terms of testing and development timelines, Musk said that the Starship Mk1 he presented the plan in front of at Boca Chica should have its first test flight in just one to two months. That will be a flight to a sub-orbital altitude of just under 70,000 feet. The prototype spacecraft is already equipped with the three Raptor engines it will use for that flight.

Next, Starship Mk2, which is currently being built in Cape Canaveral, Florida, at another SpaceX facility, will attempt a similar high altitude test. Musk explained that both these families will continue to compete with each other internally and build Starship prototypes and rockets simultaneously. Mk3 will begin construction at Boca Chica beginning next month, and Mk4 will follow in Florida soon after. Musk said that the next Starship test flight after the sub-orbital trip for Mk1 might be an orbital launch with the full Super Heavy booster and Mk3.

Elon Musk 1

Musk said that SpaceX will be “building both ships and boosters here [at Boca Chica] and a the Cape as fast as we can,” and that they’ve already been improving both the design and the manufacture of the sections for the spacecraft “exponentially” as a result of the competition.

The Mk1 features welded panels to make up the rings you can see in the detail photograph of the prototype below, for instance, but Mk3 and Mk4 will use full sheets of stainless steel that cover the whole diameter of the spacecraft, welded with a single weld. There was one such ring on site at the event, which indicates SpaceX is already well on its way to making this work.

This rapid prototyping will enable SpaceX to build and fly Mk2 in two months, Mk3 in three months, Mk4 in four months and so on. Musk added that either Mk3 or Mk5 will be that orbital test, and that they want to be able to get that done in less than six months. He added that eventually, crewed missions aboard Starship will take place from both Boca Chica and the Cape, and that the facilities will be focused only on producing Starships until Mk4 is complete, at which point they’ll begin developing the Super Heavy booster.

Starship Mk1 night

In total, Musk said that SpaceX will need 100 of its Raptor rocket engines between now and its first orbital flight. At its current pace, he said, SpaceX is producing one every eight days – but they should increase that output to one every two days within a few months, and are targeting production of one per day for early in Q1 2019.

Because of their aggressive construction and testing cycle, and because, Musk said, the intent is to achieve rapid reusability to the point where you could “fly the booster 20 times a day” and “fly the [starship] three or four times a day,” the company should theoretically be able to prove viability very quickly. Musk said he’s optimistic that they could be flying people on test flights of Starship as early as next year as a result.

Part of its rapid reusability comes from the heat shield design that SpaceX has devised for Starship, which includes a stainless steel finish on one half of the spacecraft, with ceramic tiles used on the bottom where the heat is most intense during re-entry. Musk said that both of these are highly resistant to the stresses of reentry and conducive to frequent reuse, without incurring tremendous cost – unlike their initial concept, which used carbon fibre in place of stainless steel.

Musk is known for suggesting timelines that don’t quite match up with reality, but Starship’s early tests haven’t been so far behind his predictions thus far.


TechCrunch

Vape lung is spreading and the CDC is warning people not to use vaping products while they are investigating the cause. In a media briefing, the public health agency said that some 450 people are now thought to be affected, and as many as five have died.

The CDC’s incident manager for this issue, Dana Meaney Delman, summed up the situation as follows:

CDC, states, and other partners are actively investigating, but so far, no definitive cause has been established. No specific e-cigarette device or substance has been linked to all cases, and e-cigarette include a variety of chemical and additives; consumers may not know what these products contain.

Based on the clinical and laboratory evidence to date, we believe that a chemical exposure is likely associated with these illnesses. However, and I really want to stress this, more information is needed to determine which specific products or substances are involved

Reports earlier this week suggested that Vitamin E acetate, a byproduct of the vitamin complex formed during the vaporization process, may be to blame. Delman downplayed this, saying that although they are working with the labs that made that connection, nothing has been established as yet.

One trend worth noting, however, is that very few of the cases involve only nicotine products; most of the afflicted users reported using THC exclusively or as well as nicotine. This could be the result of many factors, however, so take it with a grain of salt.

The first death was reported in late August in Indiana, but other suspected cases have turned fatal in Illinois, Minnesota, California and Oregon — as reported by The Washington Post, though the CDC said three are confirmed and one is under investigation. The number of reported cases has skyrocketed, though this is likely a consequence of better information coming from state health authorities and hospitals, rather than a sudden epidemic.

In the meantime, the only advice they have is to avoid e-cigarette and vape device usage, especially modified devices or homebrew material. The fact is no one really knows what chemicals are formed in the conditions created by these devices, and some of them could be toxic.

While the investigation is ongoing, CDC has advised that individuals consider not using e-cigarettes because as of now, this is the primary means of preventing this type of severe lung disease. And of course e-cigarette use is never safe for youth, young adults, or pregnant women.

People who do use e-cigarette products should monitor themselves for symptoms (e.g., cough, shortness of breath, chest pain, nausea, vomiting, or others) and promptly seek medical attention for any health concerns. Regardless of the ongoing investigation, people who use e-cigarette products should not buy these products off the street and should not modify e-cigarette products or add any substances that are not intended by the manufacturer.

The CDC is working with numerous state authorities and the FDA to identify the cause of this malady, and will soon publish a report in The New England Journal of Medicine detailing the first 53 cases identified. This should help doctors and other health workers tell if they are dealing with a case of vape lung or something else.

Daniel Fox from WakeMed Hospitals in North Carolina characterized the condition as they had encountered it, with a preliminary diagnosis of “lipoid pneumonia”:

What we wanted to report and what we have seen has been a cluster of five cases that will be reported later today. Each of these cases featured a pulmonary illness in a relatively young person. Ranging in age from 18-35 from what we saw here in North Carolina. The symptoms that these patients were experiencing were being short of breath, having some GI or gastrointestinal symptoms of nausea and vomiting and fevers.

One of the things that was found in common with all of these cases is that all patients were using vaped substances in e-cigarettes. They all had abnormal chest x-rays and developed a need for a lot of oxygen.

All of our patients underwent evaluation, and after the clinical evaluation we found a certain type of pneumonia that was noninfectious. It’s called lipoid pneumonia. Basically, can be, it can occur when either oils or lipid-containing substances enter the lungs.

That is consistent with the Vitamin E acetate hypothesis, as that substance is oily and could enter the lungs mixed with the vapor and then stay there. But none of the doctors or experts on the call made that connection officially.

Some patients are being misdiagnosed as having bronchitis or a viral infection. If you are or anyone you know is getting sick and uses vaping products a lot, it’s worth mentioning this if you get checked out.

Delman concluded her briefing with an assurance that everything that can be done is being done:

Please know that CDC, FDA, state, and clinical partners are working hard to understand why people are getting sick. We will continue to share what we know and what we don’t know to help health departments, clinicians, and the public respond to this outbreak.

If you are concerned about your health or the health of a loved one who is using an e-cigarette product, contact your healthcare provider, or your local poison control center at 1-800-222-1222.


TechCrunch

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $ 1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.


TechCrunch

Hostinger said it has reset customer passwords as a “precautionary measure” after it detected unauthorized access to a database containing data on millions of its customers.

The breach is said to have happened on Thursday. The company said it received an alert that one of its servers was improperly accessed. Using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database containing customer usernames, email addresses, and scrambled passwords.

Hostinger the API database had about 14 million customers records. The company has more than 29 million customers on its books.

“We have restricted the vulnerable system, and such access is no longer available,” said Daugirdas Jankus, Hostinger’s chief marketing officer, in a blog post.

“We are in contact with the respective authorities,” said Jankus.

hostinger

An email from Hostinger explaining the data breach. (Image: supplied)

News of the breach first broke overnight. According to the company’s status page, affected customers will be contacted by email to reset their passwords.

The company also said that financial data wasn’t taken in the breach, nor was customer website files or data affected.

But one customer who contacted TechCrunch about the breach accused the company of being potentially “misleading” about the scope of the breach.

A chat log seen by TechCrunch shows a customer support representative telling the customer it was “correct” that financial data can be retrieved by the API but that the company does “not store any payment data whatsoever.” Hostinger uses multiple payment processors, the representative told the customer, but did not name them.

“They say they do not store payment details locally, but they have an API that can pull this information from the payment processor and the attacker had access to it,” said the customer.

We’ve reached out to Hostinger for more, but a spokesperson didn’t immediately comment when reached by TechCrunch.

Related stories:


TechCrunch

If you can’t trust your bank, government or your medical provider to protect your data, what makes you think students are any safer?

Turns out, according to one student security researcher, they’re not.

Eighteen-year-old Bill Demirkapi, a recent high school graduate in Boston, Massachusetts, spent much of his latter school years with an eye on his own student data. Through self-taught pen testing and bug hunting, Demirkapi found several vulnerabilities in a his school’s learning management system, Blackboard, and his school district’s student information system, known as Aspen and built by Follett, which centralizes student data, including performance, grades, and health records.

The former student reported the flaws and revealed his findings at the Def Con security conference on Friday.

“I’ve always been fascinated with the idea of hacking,” Demirkapi told TechCrunch prior to his talk. “I started researching but I learned by doing,” he said.

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

Blackboard’s Community Engagement platform had several vulnerabilities, including an information disclosure bug. A debugging misconfiguration allowed him to discover two subdomains, which spat back the credentials for Apple app provisioning accounts for dozens of school districts, as well as the database credentials for most if not every Blackboard’s Community Engagement platform, said Demirkapi.

“School data or student data should be taken as seriously as health data. The next generation should be one of our number one priorities, who looks out for those who can’t defend themselves.”
Bill Demirkapi, security researcher

Another set of vulnerabilities could have allowed an authorized user — like a student — to carry out SQL injection attacks. Demirkapi said six databases could be tricked into disclosing data by injecting SQL commands, including grades, school attendance data, punishment history, library balances, and other sensitive and private data.

Some of the SQL injection flaws were blind attacks, meaning dumping the entire database would have been more difficult but not impossible.

In all, over 5,000 schools and over five million students and teachers were impacted by the SQL injection vulnerabilities alone, he said.

Demirkapi said he was mindful to not access any student records other than his own. But he warned that any low-skilled attacker could have done considerable damage by accessing and obtaining student records, not least thanks to the simplicity of the database’s password. He wouldn’t say what it was, only that it was “worse than ‘1234’.”

But finding the vulnerabilities was only one part of the challenge. Disclosing them to the companies turned out to be just as tricky.

Demirkapi admitted that his disclosure with Follett could have been better. He found that one of the bugs gave him improper access to create his own “group resource,” such as a snippet of text, which was viewable to every user on the system.

“What does an immature 11th grader do when you hand him a very, very, loud megaphone?” he said. “Yell into it.”

And that’s exactly what he did. He sent out a message to every user, displaying each user’s login cookies on their screen. “No worries, I didn’t steal them,” the alert read.

“The school wasn’t thrilled with it,” he said. “Fortunately, I got off with a two-day suspension.”

He conceded it wasn’t one of his smartest ideas. He wanted to show his proof-of-concept but was unable to contact Follett with details of the vulnerability. He later went through his school, which set up a meeting, and disclosed the bugs to the company.

Blackboard, however, ignored Demirkapi’s responses for several months, he said. He knows because after the first month of being ignored, he included an email tracker, allowing him to see how often the email was opened — which turned out to be several times in the first few hours after sending. And yet the company still did not respond to the researcher’s bug report.

Blackboard eventually fixed the vulnerabilities, but Demirkapi said he found that the companies “weren’t really prepared to handle vulnerability reports,” despite Blackboard ostensibly having a published vulnerability disclosure process.

“It surprised me how insecure student data is,” he said. “School data or student data should be taken as seriously as health data,” he said. “The next generation should be one of our number one priorities, who looks out for those who can’t defend themselves.”

He said if a teenager had discovered serious security flaws, it was likely that more advanced attackers could do far more damage.

Heather Phillips, a spokesperson for Blackboard, said the company appreciated Demirkapi’s disclosure.

“We have addressed several issues that were brought to our attention by Mr. Demirkapi and have no indication that these vulnerabilities were exploited or that any clients’ personal information was accessed by Mr. Demirkapi or any other unauthorized party,” the statement said. “One of the lessons learned from this particular exchange is that we could improve how we communicate with security researchers who bring these issues to our attention.”

Follet spokesperson Tom Kline said the company “developed and deployed a patch to address the web vulnerability” in July 2018.

The student researcher said he was not deterred by the issues he faced with disclosure.

“I’m 100% set already on doing computer security as a career,” he said. “Just because some vendors aren’t the best examples of good responsible disclosure or have a good security program doesn’t mean they’re representative of the entire security field.”


TechCrunch

Created by R the Company. Powered by SiteMuze.