All posts in “Business”

MoviePass reportedly re-enrolls past subscribers, forbids cancellations

Some previous subscribers to monthly movie ticket service MoviePass are reportedly getting a rude awakening after receiving an email letting them know that they have been automatically opted back into the service as part of new plan changes, and then finding themselves unable to cancel again, according to Business Insider.

The company, which has lately been limiting subscribers to pick between just two different films at often-horrible showtimes, is expected to implement a new plan on Wednesday, August 15, that will allow subscribers to pay $10 per month to see up to three movies during that period — this time allowing them to see any film they want.

But while those changes might be compelling to current subscribers, what wasn’t expected was that those who recently canceled the service would somehow automatically be opted into the new plan.

“If you had previously requested cancellation prior to opting-in, your opt-in to the new plan will take priority and your account will not be canceled,” reads a portion of an email sent to customers.

Numerous subscribers have tweeted their frustration at the company, many including screenshots that show an error screen when they attempt to re-cancel their MoviePass accounts. “Error: Failed to cancel account,” reads the message.

It remains unclear whether this issue is simply an error or whether it’s a play by MoviePass to gain another months’ worth of subscription payments from unwitting past users.

One thing is for sure, the company could certainly use the money. Recent statements from CEO Mitch Lowe regarding various changes in policy indicate that they are for financial reasons.

“We had to right the ship as far as the amount of money we were burning,” he said with regard to recent plan changes.

Regardless of why past subscribers are being re-enrolled, there is certainly a healthy amount of outrage flowing across the internet regarding MoviePass lately — something that is unlikely to be building confidence among investors. Whether or not the company holds on long-term remains to be seen, but we expect that those who have been automatically re-enrolled will soon be able to cancel their subscriptions again.

Those interested in another subscription-based movie ticket model may still want to check out AMC’s $20-per-month option.

Editors’ Recommendations

Pricing and lack of content are still barriers against the adoption of VR

htc vive screenshot
Tomohiro Ohsumi/Getty Images

A recent survey questioned 595 virtual and augmented reality professionals about their business growth in the consumer and enterprise markets. Conducted by VR Intelligence and SuperData, the survey shows that 24 percent of the respondents report strong sales in the enterprise market while only 18 percent show strong sales in the consumer market.

According to the report, the two main barriers VR needs to overcome are headset prices and a lack of content. Although first-generation headsets like the Oculus Rift ($400) and HTC Vive ($500) have fallen in price since their debut, they’re still a high-dollar investment. These headsets also require a decent desktop capable of rendering the experiences, which could be an additional high-cost expense.

Out of all the respondents, 52 percent believe a lack of content is the largest barrier, down from 62 percent in VR Intelligence’s 2017 survey. Also down is their opinion of HMD pricing, with 52 percent believing price is an issue versus the 60 percent vote in 2017. Meanwhile, motion sickness is the least of their concerns, with 25 percent believing motion sickness is a barrier in 2018, down from 28 percent in 2017.

“The change in opinion on pricing is most likely a reflection of the price drops from major headset manufacturers like HTC, Oculus, and Google; while developments in content creation are starting to alleviate this particular barrier to adoption,” the report states. “Additionally, stand-alone devices like Oculus Go and Lenovo Mirage have brought down the entry point price of high-quality VR as they do not require a console or powerful PC.”

The survey’s respondents believe AR will hit mainstream adoption before VR due to hardware and content. The survey points to Pokémon Go, Nintendo’s highly popular game for smartphones with an AR component. Night Sky will list all the known stars, planets and constellations with a point of a camera while Amazon’s app can place virtual furniture and other goods into your real-world surroundings.

The survey shows that 12 percent of the respondents believe AR will reach mainstream adoption within a year followed by 34 percent believing adoption will take place within two years. Yet 33 percent think adoption will go mainstream in three to four years while 21 percent believe mass adoption won’t take place for five years or more.

As for VR, the survey paints a different picture. Only 6 percent of the respondents believe VR will go mainstream within a year while 27 percent believe it will happen within two years. Other respondents weren’t quite a hopeful, with 42 percent believing VR won’t go mainstream for another three to four years while 26 percent believe VR won’t be mass-adopted for five or more years.

“The wait for consumer adoption has seen many VR and AR companies target enterprise as their source for shorter-term revenue and growth,” the report adds. “From automotive to architecture, retail to tourism, manufacturing to construction, immersive tech is impacting the way companies work, design, communicate and sell.”

For the enterprise, the biggest adoption of VR is within the education sector followed by architecture/engineering/construction, manufacturing, healthcare, automotive, banking and financing, and so on.

Editors’ Recommendations

What Can Chrome 68 Teach Us About Election Security?

If you’re a technologist, you’ve probably noticed (or have been asked about) a few new things associated with Chrome 68’s release last month. One of the more notable changes is that it now uses a “not secure” indicator for any site not using HTTPS. So instead of providing a notification when a site is HTTPS, it now provides the user with a warning when it isn’t.

This change has been quite a long time in the making. Google spelled out the details earlier this year. Following quite a bit of feedback, discussion and gnashing of teeth, the change finally arrived. Predictably, not everyone was prepared — and a subset of website users now get the “not secure” warning for sites that, prior to the change, seemed hunky-dory.

One of those groups is users of U.S. state and local government websites. For example, the front pages of 14 states (including, for example, California, Florida and Ohio) do not have encryption enabled and are therefore have been generating a “not secure” warning for site visitors, according to the Center for Digital Government.

Likewise, four of the 10 biggest U.S. cities do not have it enabled as yet. The warning itself represents an arguably somewhat minor user interface issue, though it’s one that nevertheless is important to address. Users receiving those warnings, particularly those who are less technology-savvy, may have legitimate concerns about a site now can be classified as “not secure.”

The UI impact is important to note and subsequently address. Tthe shift itself is a good one, as it incentivizes enhanced security of websites. Neither of those things is why I’m calling it to your attention, though. Instead, I’m mentioning it because it puts into sharp relief another issue that may seem unrelated at first blush. However, it is important to address it generally and to view it as a useful earning moment for enterprise security practitioners. Specifically, the issue is election security — that is, ensuring secure, reliable, free and fair elections.

A Learning Moment?

This may strike some as a contentious thing to say at first. After all, the front page of a municipality, state, or even a civilian federal agency almost certainly is not a participant in the election process in any real or direct way.

For example, the server that runs California’s homepage (www.ca.gov) is almost certainly not used to directly support any election in California. It is unlikely to be part of the same infrastructure, and it’s a good bet it’s not even in the same datacenter.

Still, looking at the Chrome 68 HTTPS notification change could be a useful learning moment. Why? Because, despite a significant amount of time to prepare — and vocal warnings from the technology community at large — not every state was able to prepare equally.

This is in part because there’s a sizable surface area involved: Each state and municipality is responsible for ensuring that its own resources are taken care of and moved to HTTPS within the time window. Because that responsibility is distributed, each set of personnel is responsible for getting learning about the change, understanding its significance, and taking the right action to address it.

This is, in fact, similar to where the U.S. is with election security. I’ve made the point in the past that election security is a fairly asymmetric contest from a security perspective. Meaning, on offense you have one or more nation states that are well funded, that operate around the clock, that are sitting on a stockpile of zero-day vulnerabilities, and that have dedicated engineering staff that are among the best in the world at breaking into stuff.

On defense you have a state or municipality — say for example Manchester, New Hampshire. Is it reasonable to expect an individual state or city to defend against a dedicated target attack under the circumstances outlined? It’s difficult, because responsibility and resources for defense are spread thin and are distributed, while the offense is centralized and coordinated.

What I think really drives the point home is that replacing a certificate on a website is a relatively trivial affair, while securing the technology side of a major election is anything but. The fact that the U.S. demonstrably has been having challenges doing the easy part doesn’t inspire confidence about the ability to do the hard part down the road. When the stakes involve a minor website UI issue, maybe that’s OK. When it’s instead the fundamental principle on which your system of government rests, maybe it’s less so.

Adapting for Businesses

Of course, while election security is interesting from a theoretical point of view, the more salient point for security practitioners is how we can adapt these implications and lessons into securing our businesses.

There are, after all, situations that occur in business that have similar dynamics to both election security and the HTTPS issue. For example, you may have multiple business units that are distributed. You may work for a holding company or other organizational structure where distributed security-relevant tasks need to be performed by multiple different people throughout the organization. If so, there are a few things you can do to help ensure a positive and consistent outcome.

First is to improve communication. Having a reliable mechanism for sharing information about security-relevant tasks — both what needs to be done and how to do them — is a useful starting point.

Second, establishing clear accountability and ownership for security tasks ensures that as staff members become alerted to what they need to do and how to do it, they can be chartered with executing to make sure it happens.

Third, where there’s asymmetry — for example situations in which individual business units or departments are likely to be attacked by adversaries that disproportionately are better equipped than they are — introducing an element of standardization or centralization can help offset an attacker’s advantages.

At the end of the day, we can take away quite a few lessons. Paying attention to how these two issues interrelate both informs us about the seriousness of election security and gives us information that we can adapt for defending the organizations we’re chartered to protect.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.


Ed Moyle is general manager and chief content officer at Prelude Institute. He has been an ECT News Network columnist since 2007. His extensive background in computer security includes experience in forensics, application penetration testing, information security audit and secure solutions development. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the information security industry as author, public speaker and analyst.

Bloatware could be putting millions of Android devices at risk

Millions of Android devices could be vulnerable from the moment they’re taken out of their boxes, thanks to a combination of manufacturer skins and carrier bloatware added to the Android operating system’s firmware.

The news comes from a study by mobile security firm Kryptowire. It tested 10 devices sold across the U.S. by a variety of carriers and discovered that various additions made to the Android operating system by manufacturers and carriers could leave users open to being hijacked and hacked. According to Wired, these vulnerabilities ranged from getting unfettered access to the microphone to being able to completely lock a user out of their phone.

A particularly disturbing example was the Asus ZenFone V Live, which was discovered to have security flaws that could lead to the entire system being taken over. From there, a hacker could take screenshots, screen recordings, tampering with text messages and phone calls, and more. Asus is aware of this issue and is working to seal the hole.

Android’s open-source nature is one of its major strengths, and that accessibility has allowed manufacturers to put their own spins on Google’s operating system, whether that be the light changes made by Motorola, the larger changes made by Samsung, or the vast overhauls made by Huawei to the core Android systems.

While these changes allow each company to use Android while still being individual, tampering with such core code always comes with risks. In addition, having to make big changes to Google’s code often means that vital security patches and major updates can be much slower on phones with significant UI changes. Carrier bloatware — apps added after manufacture by networks — is often unremovable, can also add to security problems if delivered with security issues at the time of release.

In order to avoid possible security issues, it’s best to always make sure your phone is fully up-to-date and only ever install apps from the Google Play Store. Updates can commonly be found in Settings > System > Updates, though that may change from phone to phone. We’ve also put together a guide on how to remove or disable bloatware, as well as some of the best antivirus and security Android apps available, so you can ensure your security is in tip-top shape.

Editors’ Recommendations

Lenovo’s new mobile workstations pack a punch with Xeon CPUs, Quadro graphics

new lenovo mobile workstations pack xeon cpu thinkpad p72

Lenovo introduced two new mobile workstations arriving at the end of August that are based on eighth-generation Intel Core and Xeon processors. The ThinkPad P1 is the thinnest of the two, measuring 0.7 inches, while the bigger ThinkPad P72 is thicker at 1 inch. Both support huge amounts of system memory, Nvidia’s professional graphics and fingerprint scanners so you’re not relying on passwords.

For starters, we have the ThinkPad P72 sporting a 17.3-inch IPS screen. You’ll have a choice of two resolutions: 1920 x 1080 with a brightness of 300 nits, and 3840 x 2160 with a brightness of 400 nits. This latter screen option supports 100 percent of the Adobe RGB space along with a 10-bit color depth, while the 1920 x 1080 panel has a 72 percent NTSC color gamut.

Backing this display is a variety of eighth-generation Core and Xeon processor options, although Lenovo didn’t specify the model numbers (outside mentioning the Core i9) in its announcement. Discrete graphics can be configured up to Nvidia’s Quadro P5200 graphics chip and system memory up to a hefty 128GB (4x 32GB DDR4). You can throw in 16GB of Optane memory too and up to 6TB of storage.

On the connectivity front, the ThinkPad P72 provides two Thunderbolt 3 ports, three USB-A ports, one HDMI 2.0 port, one Ethernet port, a Mini Display Port 1.4 jack, a Smart Card reader, an SD card reader, and an audio combo jack. Wireless connectivity is handled by Wireless AC and Bluetooth 5.0.

Powering this mobile workstation is a 99WHr battery and 230-watt external power supply. Operating system choices include Windows 10 Pro for Workstations, Windows 10 Pro, Ubuntu Linux and Red Hat Linux. It measures 16.4 x 11.1 x 1.0 inches and has a starting weight of 7.5 pounds.

The ThinkPad P72 arrives later this month with a starting price of $1,950.

new lenovo mobile workstations pack xeon cpu thinkpad p1

Next, we have the smaller ThinkPad P1 packing a 15.6-inch screen. Again, the workstation supports a variety of eighth-generation Core and Xeon processors, but it’s a little less packed than the ThinkPad P72 although there’s plenty to love at the lower price.

“When we set out to create the ThinkPad P1, we knew our challenge was to build a mobile workstation that would carry the legacy of professional power and reliability of our ThinkPad portfolio, but also meet our customer’s need for a thin, light, and sleek design,” says Rob Herman, Lenovo’s general manager of workstations.

Here we see the same display resolutions and color space support, but Lenovo specifically lists Nvidia’s Quadro P1000 and P2000 as discrete GPU options. You’ll also see up to 64GB of system memory (2x 32GB) and storage options cut back to 4TB on an M.2 NVMe SSD.

With this laptop, Lenovo throws in an IR camera for facial recognition along with an HD camera. The connectivity and port complement is identical to the P72 although this laptop is powered by a smaller 80WHr battery and an external 135-watt power supply. It measures 14.2 x 9.7 x 0.7 inches and has a starting weight of a lighter 3.76 pounds.

The ThinkPad P1 arrives by the end of August with a starting price of $1,800.