Mobilisafe, the stealthy Seattle-based mobile security startup with $1.2 million in funding from Madrona Venture Group and Trilogy Equity Partnership, is opening up access to its private beta program today (invite link below) for a handful of TechCrunch readers.

In addition, the company is revealing new insights it gained during its private beta period related to the penetration of mobile devices in the SMB market – the area which happens to be the startup’s current area of focus.

Much of the current analysis on the consumerization of I.T. and the accompanying BYOD (“bring your own device”) trends are focused on the enterprise market, but Mobilisafe’s data comes from its own hands-on experience with SMB’s.

Founded by by former T-Mobile software architects Giri Sreenivas and Dirk Sigurdson, Mobilisafe is focused on building a security solution that helps companies deal with the influx of personal devices on the corporate network. But the startup doesn’t just provide businesses with tools to manage the increased number of mobile devices, it’s also performing data-mining on the aggregate data it collects, enabling its solution to learn over time, and become more predictive about its analysis and recommendations.

Mobilisafe’s big advantage is that it will be able to use the aggregate data to analyze whether an organization is more or less secure than its peers in the same industry or vertical. Right now, the focus is on providing this analysis and understanding to smaller businesses (between 15-2,500 employees), especially because they’re more at risk due to lower I.T. budgets and/or lack of in-house I.T. expertise. But such an ability could easily be useful in larger organizations in the future, if Mobilisafe wanted to go that route.

Over the past three months, Mobilisafe mapped out more than 38 million employee device connections (now up to 44M), which allowed it to uncover some interesting trends within the SMB market.

For example, the majority of SMB’s are highly mobilized, and are driven by BYOD programs, with over 80% of SMB employees already using smartphones and tablets. A new device model was introduced to a company for every 6.6 employees, but over half (56%) were running out-of-date firmware. SMB I.T. departments, meanwhile, are often at a loss when it comes to determining this sort of information for themselves.

In addition, around 39% of authenticated devices were inactive for over 30 days, something that could indicate devices which were lost, stolen, replaced or sold. In some cases, these devices may have had employee credentials and sensitive corporate data on them before disappearing off the network.

The data gathered here through Mobilisafe’s initial beta run is more of a confirmation of the market value for its mobile security solution, meant to simplify the challenges involved with assessing security risk and then knowing the next steps to take after being presented with specific issues.

Mobilisafe has been quietly running a private beta since late last year. Companies use its SaaS solution to tell Mobilisafe what kind of risk threshold they have, and then the startup does the heavy lifting to determine whether they’re falling above or below that threshold. The whole thing can be deployed in 15 minutes, without hardware or network changes, on-device software, or changes to employee behavior, the startup says.

In conjunction with the release of this new SMB data, Mobilisafe is also opening up access to its private beta to 50 TechCrunch readers who head to  mobilisafe.com/signup and enter in the code TECHCRUNCH.

Barclays Bank has unleashed Pingit, an iOS, Android and BlackBerry app that lets you send up to £300 ($470) a day to family, friends or technically-aware muggers. UK mobile number and bank account holders can get started in minutes as long as they've got one of the Barclays-branded PINSentry tools. You'll be asked to come up with a five-digit code that will lock the app to anyone but yourself (or, you know, that mugger) and then you can start spreading your cash around, baller-style. We set up our own account through the app and if you're curious about our impressions, you can find out what we thought after the break.

Gallery: Barclays Pingit iOS App

Continue reading Barclays releases Pingit mobile payments app, we go hands-on

Barclays releases Pingit mobile payments app, we go hands-on originally appeared on Engadget on Thu, 16 Feb 2012 19:32:00 EDT. Please see our terms for use of feeds.

Permalink   |  Barclays  | Email this | Comments

In 2011, Sony had several major security breaches: Sony Online Entertainment, Sony Pictures, and Playstation Network all were attacked and private data was successfully stolen. Their handling of the attacks, particularly the larger PSN one, was widely criticized.

Many users are either unaware or acutely aware of how many sites and services have financially or personally sensitive information on record. Events like the Sony hacks do not reassure them, and actions like Google’s yesterday (though arguably innocuous) may alarm them. Users want more control and more security.

And the EU is looking to give it to them. But with the threat of enormous fines, many companies will find that the most logical thing to do is move away from the entire business of storing and serving user identities.

It’s a simple fact that maintaining a database of a hundred thousand or a million (or far more) active users is a serious engineering problem in both software and hardware. Keeping things secure but still accessible, staying abreast of new regulations (like those proposed in the EU), providing localized support on billing and user data issues — it’s quite a task. Web enrollment in software and services is growing at a huge rate, and many products and “real” items such as cars and banks are increasingly reliant on online services as well. It’s been happening for a long time, sure. But the stresses are starting to get out of hand.

If you’re a car company, or a movie distribution service, or a game publisher, the process of keeping and tracking your users securely is becoming too great of a portion of your business. And with increased regulation and requirements like the EU’s (which some are calling “onerous” and a “tax” on businesses that keep electronic records, but are probably nevertheless inevitable), it’s not something on which they can get by with minimal effort.

So what will happen? The same thing that happens whenever a part of an industry begins to outgrow its role: new, dedicated companies sprout up and the world offloads the task onto them.

This already happens to some extent, of course. It’s not like every company in the world maintains an independent and proprietary database of its users. There are services and software for this purpose, and the user-management business is plenty real already.

But for the millions and millions of people and accounts still internally managed (numbers that are growing worldwide in any market you can think of as online services gain more traction), the situation no longer makes sense. Why should a company that runs a movie distribution service also be running a world-class user-management service? It doesn’t make any sense. It’s like a restaurant making its own forks.

It was logical for a while that data related to Sony services should reside on Sony servers, administrated by Sony. But in a day where our logins transcend sites, and everything we do is personalized, that no longer really rings true — to Sony, that is. Regular humans want to go to a site, put in their user name and password, and have their data retrieved. They don’t really care if the data is served by Sony or a third-party site because it’s never said one way or the other.

But for Sony and companies like it, the increasingly expensive and complicated user-management part of their business is starting to look like an attractive target for spinning off to third-party services. And third-party services are going to start revving their engines to attract these user-weary multinationals. This doesn’t apply to services like Instagram and Spotify, naturally; they’re account-focused to begin with.

It will be much easier for a company built from the ground up for user databases to handle these requirements and adjust to local laws. They can do it faster, better, and cheaper than an internal team, and compete directly with each other. It’ll be good for the user data sector and good for the multinationals hoping to offload this burden. Not to mention good for the users: the EU regulations require fast turnaround on data, instant notification of security breaches, and impose heavy fines for abusive or neglectful companies. Sony wants to worry about the quality of its games and devices, not about whether each of its 20 internal user-tracking divisions is jumping through legal hoops.

Secure account management isn’t the most exciting business, but you better believe it’s going to show some serious growth over the next few years, and everyone will gain by it.

OverTheGeicoE writes "CNET has a story on DHS' whole car X-ray scanners and their potential cancer risks. The story focuses on the Z Portal scanner, which appears to be a stationary version of the older Z Backscatter Vans. The story provides interesting pictures of the device and the images it produces, but it also raises important questions about the devices' cancer risks. The average energy of the X-ray beam used is three times that used in a CT scan, which could be big trouble for vehicle passengers and drivers should a vehicle stop in mid-scan. Some studies show the risk for cancer from CT scans can be quite high. Worse still, the DHS estimates of the Z Portal's radiation dosage are likely to be several orders of magnitude too low. 'Society will pay a huge price in cancer because of this,' according to one scientist."

Read more of this story at Slashdot.

OverTheGeicoE writes "Recently, TSA's 'Blogger Bob' Burns posted a rant against a cupcake on the TSA blog. Perhaps it made you wonder if TSA and its parent agency, the Department of Homeland Security, really understand what we're saying about them, especially online. Well, thanks to a Freedom of Information Act lawsuit from the Electronic Privacy Information Center, we now know a lot more about how they monitor online comments aside from 'Blogger Bob.' EPIC has received hundreds of pages of documents regarding DHS's online surveillance program. These documents reveal that DHS has contracts with General Dynamics for '24/7 media and social network monitoring.' Perhaps it will warm your heart to know that DHS is particularly interested in tracking media stories that 'reflect adversely' on the U.S. government generally and DHS specifically. The documents include a report summary that might be representative of General Dynamics' work. The example includes summaries of comments on blogs and social networking sites, including quotes. Then again, you might remember J. Edgar Hoover's monitoring of antiwar activists during the Vietnam War, which certainly wasn't for the protesters' benefit."

Read more of this story at Slashdot.

An anonymous reader sends this quote from an article at the San Francisco Chronicle: "Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."

Read more of this story at Slashdot.

Trailrunner7 writes "A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against the defense industry. The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in 'dozens of attacks' and contain features that would allow remote attackers to steal smart card credentials and access sensitive information."

Read more of this story at Slashdot.

First time accepted submitter lampsie writes "Despite spending at least 51 million euro over the last decade buying and storing 7000 e-voting machines from Dutch firm Nedap, the Irish Finance minister has announced that they are now 'worthless'. The machines were originally trialled in 2002 on three regional elections, but a nationwide rollout in 2004 was put on hold after a confidential report expressed serious concern over the security of the voting machines. According to the report, the integrity of the ballot could not be guaranteed with the equipment and controls used. Several years on, and tens of millions later, it looks like the pen and paper ballot will remain for now."

Read more of this story at Slashdot.

Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"

Read more of this story at Slashdot.

OverTheGeicoE writes "TSA recently announced that it is looking for vendors of 'radiation measurement devices'. According to the agency's Request for Information, these devices 'will assist the TSA in determining if the Transportation Security Officers (TSO) at selected federalized airports are exposed to ionizing radiation above minimum detectable levels, and whether any measured radiation doses approach or exceed the threshold where personnel dosimetry monitoring is required by DHS/TSA policy.' A TSA spokeman claims that their RFI 'did not reflect any heightened concern by the agency about radiation levels that might be excessive or pose a risk to either TSA screeners or members of the traveling public.' Concern outside the agency, however, has always been high. TSA has long been criticized for its apparent lack of understanding of radiological safety, even for its own employees. There has been speculation of a cancer cluster, possibly caused by poor safety practices in baggage screening."

Read more of this story at Slashdot.