Here’s Some More Information About Rogers Ongoing Email Fiasco

Posted in Commentary with tags on March 27, 2023 by itnerd

As I type this, it is March 27th and there’s still no resolution to the issues that Rogers has with their email offering. For those of you who are new to this, let me recap the sequence of events that has ben ongoing for almost the last month:

It started as a general outage, but what has dragged on for weeks is an issue with email. Anyone who uses Rogers email service (in other words they have a @Rogers.com address) cannot get their email. This is in part due to the fact that Rogers requires users to create  App Specific Passwords via Rogers Member Center on each program or device that an email address is used on. The creation of new app specific passwords doesn’t work and existing app specific passwords appear to have been deleted in many cases. That pretty much breaks your applications that rely on them. There is a workaround, but that workaround is sub-optimal because viewing mail through a web browser is not the best experience. Especially on a smart phone. And they’re the fact that you might have to call Rogers to get someone to reset your email password if you don’t know what it is. The problem with that is that since this fiasco began, Rogers wait times to speak to someone have gone through the roof. Making that a sub-optimal experience as well for Rogers customers.

Now I’ve been asking my sources inside Rogers about this whole fiasco, and they’ve told me on background that this is entirely a Rogers issue that they have yet to figure out. Specifically with the underpinnings of their App Specific Password system which is bolted onto their email service which is provided by Yahoo. I’ll have more on Yahoo in a moment. But you’re likely wondering why Rogers uses App Specific Passwords in their email offering. Here’s the answer: Security.

If a threat actor manages to get your password, and that same password is used on all the mail clients that you use, the threat actor in theory has access to your email on any device. That would be the case with the majority of email systems out there. But by using App Specific Passwords, where every email client and/or device has a unique password, any sort of pwnage that a threat actor does is limited to the one device or application. At least in theory.

Sidebar: One of the ways that you can best protect yourself online is to use completely different password for each and every service that you use as that follows the logic that Rogers is using here.

My problem with this App Specific Password scheme by Rogers is that it adds a layer of complexity that most users have problems dealing with as going to the Rogers Members Center and generating a password to use with your email client and/or of choice is easy for someone like me, but complex for many of Rogers customers. And I have to admit, I do make a fair amount of money from this because I often get phone calls for help when a customer gets a new laptop or smartphone, and they want to get their email on it. In short,Rogers implementation of App Specific Passwords isn’t something that some Rogers customers can easily understand. If Rogers wanted to improve the security of their email service, my suggestion would be to enforce the use of complex passwords. For example, “password” is less secure than “P@$$w0rd” because the latter has special characters, a number and a capitalized letter that make the password harder for a threat actor to brute force or guess. I also assume that this would be easier for Rogers to implement, less likely to run into the issues that we’ve been seeing for the last month, and most importantly it would be secure.

Now if that’s not bad enough, there’s also the fact that the underpinnings of Rogers mail service is Yahoo. A company who doesn’t exactly have the best track record when it comes to privacy and security. And I suspect the latter is the reason why Rogers decided to bolt on App Specific Passwords to what Yahoo offers. In terms of the former, Rogers themselves got caught up a change to Yahoo’s terms of service back in 2018 where Yahoo had tried to give themselves the right to do whatever they wanted with your email. While Yahoo did eventually walk that back for Canadians, it didn’t end well for Rogers as it left a bad taste in the mouths of a lot of their customers.

Now I am continuing to monitor this as I now have over three dozen clients who are affected by this… And counting. And I am continuing to publish updates on this because somebody needs to bring this issue and Rogers continued silence on this problem to light. Plus since you can’t forward your email to another provider, or export it entirely so that you have a local copy of it, Rogers email users are stuck with Rogers until they figure out how to fix this. Though I will admit to working on a way to export Rogers email so that my clients who want to dump Rogers for another ISP, but want a copy of their email have an option to accomplish that. If I get something that is workable on Mac and PC, I will publish it here. In the meantime, for the sake of Rogers customers, I hope that one of Canada’s largest telcos gets its act together and figures this out. Because as I type this, Rogers has handled this whole situation quite poorly. Which frankly isn’t a surprise given their recent track record with how they handle major outages.

2 Comments »

Elon Musk Discloses That Twitter Is Worth Less Than Half Of What He Bought It For…. While Twitter’s Source Code Leaks

Posted in Commentary with tags on March 27, 2023 by itnerd

Elon Musk paid $44 billion USD for Twitter. And many said at the time he overpaid. But according to Musk, Twitter at present is worth less than HALF of what he paid for it:

Twitter is now worth just $20billion — less than half of what Elon Musk paid for it six months ago, the world’s richest man told his employees.

In a company-wide email on Friday, Musk said the social media giant has lost so much money in recent months that it is now worth jut $20billion, a whopping $24billion less than what he purchased it for in October.

He then went on to defend his decision to lay off thousands of employees in the months since he took the helm of the company, and sell off a variety of merchandise in recent auctions — claiming that Twitter was once just four months from being bankrupt.

That’s mind blowing. Sure Twitter wasn’t worth $44 billion. But prior to his purchase it was worth more that $20 billion via some quick Googling that I did. That illustrates how much he’s really screwed up here to tank the value of the company by that much money.

Oh yeah, there’s also this:

In his company-wide email on Friday, obtained by the New York Times, Musk defended his decisions to lay off massive swaths of employees, saying the ‘radical changes’ to the company were necessary to save money.

He claimed that Twitter should be looked at as an ‘inverse start-up’ as he tries to rebrand the company, saying: ‘Twitter is being reshaped rapidly.’

And if his efforts are successful, Musk suggested that Twitter can one day be worth $250billion.

His remarks came as he explained the new stock compensation package he is offering to the less than 2,000 employees still left at the company.

Under his plan, Twitter employees will receive stock grants for the company he established to buy the social media platform — the X Corporation — which will operate under the $20billion estimate.

Workers will then be able to sell and cash in on their privately-held stocks every six months. 

Doing so, he said, would allow employees to have ‘liquid stock, but without the stock price chaos and lawsuit burdens of a public company.’

Musk has previously implemented a similar program at his Space X firm. 

I don’t know what drugs Elon is smoking. But nothing that he’s done with Twitter indicates that this company will be worth $250 billion in the future. In fact I would say that Elon has sent Twitter’s valuation in the other direction. Clearly Elon is either stoned or delusional. Perhaps both.

Strangely, the fact that he’s tanked Twitter’s value by over 50% isn’t his worst problem at the moment. This is:

Parts of Twitter’s source code, the underlying computer code on which the social network runs, were leaked online, according to a legal filing, a rare and major exposure of intellectual property as the company struggles to reduce technical issues and reverse its business fortunes under Elon Musk.

Twitter moved on Friday to have the leaked code taken down by sending a copyright infringement notice to GitHub, an online collaboration platform for software developers where the code was posted, according to the filing. GitHub complied and took down the code that day. It was unclear how long the leaked code had been online, but it appeared to have been public for at least several months.

Twitter also asked the U.S. District Court for the Northern District of California to order GitHub to identify the person who shared the code and any other individuals who downloaded it, according to the filing.

Twitter launched an investigation into the leak and executives handling the matter have surmised that whoever was responsible left the San Francisco-based company last year, two people briefed on the internal investigation said. Since Mr. Musk bought Twitter in October for $44 billion, about 75 percent of the company’s 7,500 employees have been laid off or resigned.

The executives were only recently made aware of the source code leak, the people briefed on the internal investigation said. One concern is that the code includes security vulnerabilities that could give hackers or other motivated parties the means to extract user data or take down the site, they said.

Well, this is a huge problem for Elon as anyone who can grab this code from GitHub and evade detection by GitHub as to downloading this code, which frankly someone singular or plural is going to evade detection by GitHub, is going to have the means to make life a living hell for Twitter and Elon. Threat actors would be able to launch attacks on Twitter at will, then rinse and repeat as Twitter will only be able to close the attack vector that was used in any one attack. To have any hope of stopping this, Twitter would have to do a full code review to even begin to close any of the possible attack vectors that they can find. And even then they won’t get all of them as threat actors would be one step ahead of them. Not to mention that threat actors would likely come up with attacks that Twitter would never envision based on what they find in the source code. It’s the ultimate game of “whack a mole” where Twitter is always going to be on the losing end of it.

If you’re one of the few people who are still on Twitter, you might want to buckle up. Because I suspect that things are about to get very bumpy. And Elon is going to be having a number of sleepless nights in the weeks ahead.

2 Comments »

Guest Post: Russia-backed hackers target government and IT organizations in Ukraine

Posted in Commentary with tags on March 27, 2023 by itnerd

Data presented by Atlas VPN reveals that Russian hackers have been targeting Ukraine’s and its allied countries’ government and IT organizations with ever-increasing sophistication.

The Russian government is believed to be behind the attacks, as they appear to be well-funded and well-organized. The cyber attacks have been aimed at stealing sensitive information, disrupting systems, and causing chaos in the targeted countries.

According to the recently published Microsoft Threat Intelligence report, the government sector was by far the most targeted sector by Russian state-affiliated hackers between February 2022 and January 2023. 

The team at Microsoft discovered 46 organized cyber attacks on various government bodies.

Russian threat actors were also interested in IT & communications companies, launching 17 attacks within the last year. 

The energy sector was also among the industries most targeted, as they were subject to 16 cyber attacks. 

A suspected Russian threat actor named IRIDIUM initiated several phishing activities between January 12 and January 28 of 2023, to access accounts at Ukrainian businesses in the defense and energy sectors.

This aligns with the traditional targets of Russian cyberattacks in Ukraine since the energy sector provides a significant portion of Ukraine’s revenue, and the government and telecommunications industries are key components of national security.

Russian hackers have been using a variety of tactics to infiltrate government and IT organizations. One of the methods used is spear-phishing, which involves sending emails with malicious links or attachments that, when clicked, infect the targeted computer with malware. 

The attacks have become increasingly complex over time, with hackers using advanced techniques such as zero-day exploits, which are vulnerabilities in software that are not yet known to the software vendor.

One of the most concerning aspects of these attacks is the potential for damage to critical infrastructure. Russian hackers have already targeted the energy and transportation infrastructure in Ukraine. 

Attacks outside of Ukraine

The Ukrainian government and IT organizations are not the only targets of these attacks. Russia has also targeted companies in other countries, including NATO member states, to play havoc with their operations and gain access to classified information.  

Between February 23, 2022, and February 7, 2023, Microsoft observed Russian nation-state threat activity against organizations based in 74 countries, excluding Ukraine.

According to the amount of recorded threats, EU and NATO member countries—particularly those on the eastern flank—dominate the list of the top 10 most targeted states.

In the 74 countries they attacked, Russian threat actors were particularly interested in government and IT sector firms, much like in Ukraine.

Government and IT & communications sectors suffered from 100 and 51 cyber attacks, respectively. 

Hackers corrupt IT businesses to leverage trusted technical ties and gain access to those firms’ clients in government, policy, and other sensitive institutions.

Hackers paid a lot of attention to the activities of various non-profit organizations and tried to disrupt their efforts by launching 31 cyber threats within the past year. 

Sophisticated cyber attacks were launched on companies in the education and energy sectors, with 16 threats targeting each. 

To read the full article, head over to: https://atlasvpn.com/blog/russia-backed-hackers-target-government-and-it-organizations-in-ukraine

Leave a comment »

Usually I Bash Bell’s Customer Service… Today I Will Praise Them

Posted in Commentary with tags on March 26, 2023 by itnerd

Frequent readers of the blog will know that while I like Bell for the quality of their Internet offering, I don’t like the quality of their customer service. Specifically, I’ve said this in the past:

Bell’s customer service reps are insanely aggressive and walk up to the line of what I believe to be ethical behaviour in order to get you to subscribe to more services with Bell. This behaviour by these customer service reps, whom I am pretty sure are working for outsourced overseas call centres, is sure to turn some people off. For example, when my wife and I tried to switch to Bell a year ago, their behaviour was so bad that it sent us running back to Rogers. Though that was only for one more year and ended when Rogers recent troubles started. And when we did switch a couple of weeks ago, we were forced to run the gauntlet of Bell’s customer service reps upselling us to death. None of this helps Bell’s public image in any way as a lot of people have said to me that Bell’s tech is great, but Bell’s customer service sucks. If I were Mirko Bibic the CEO of Bell, I’d be figuring out how to fix that as their Internet offering is enough to win customers over by itself without having to resort to the borderline used car salesman tactics that are used by their customer service reps. 

Yesterday, I had an interaction with Bell’s customer service team that was the exact opposite. I had a client who bought a new MacBook Pro who was trying to add their email account to it. But it wouldn’t work and they couldn’t figure out why. On top of that, the same account on other devices suddenly stopped working. Which is why I got a phone call. It didn’t take me long to figure out what the issue was, which was they were using the wrong password. That in turn locked the email account which is a feature that Bell has with its email service.

That led me to what I needed to do to fix this. Well, normally I would ask the customer to log into their MyBell account to reset the password. But they didn’t know what the username and password for that was. So that left myself and my client to call Bell which is something that we were both dreading as we both haven’t had the best interactions with Bell in the past.

So after dialling them up and getting to the right department, we had a customer service rep pick up the phone quickly who then verified who my client was and permitted the client to let me drive the call. I then explained what I needed and the rep issued a temporary password, which I then used to get into the email account via Bell’s webmail service and change it to something that the customer could remember. From there I was able to get into her email on her MacBook and I was able to not only find her username for MyBell, but I was able to use the password reset function to allow her to get into it.

Total time invested: 8 Minutes.

At no time did the customer service rep try to sell us anything. Nor did they try to hurry us off the phone. Instead they were polite, patient, and supportive. While this is a sample size of one, I am hoping that this is indicative of Bell finally realizing that they needed to course correct when it comes to their customer service. If that is the case, I applaud Bell because their quality of customer service is what is holding them back from taking Rogers breakfast, lunch, and dinner. But I will be watching closely to see if this is just a fluke, or a sign of things to come.

Leave a comment »

#Fail: GitHub Publishes  RSA SSH Host Keys BY MISTAKE

Posted in Commentary with tags on March 25, 2023 by itnerd

Well this is embarrassing.

GitHub has had to update its SSH keys after they accidentally published the private part of the key to the entire planet.

A post on Github’s security blog reveals that the company has changed its RSA SSH host keys. That will cause connection errors, and some frightening warning messages. But don’t worry developers, GitHub hasn’t been pwned. They just screwed up. But everything will be fine.

#Sarcasm

Kevin Bocek, VP Ecosystem and Community at Venafi had this comment:

“GitHub needs to take a closer look at how it manages its SSH keys as an exposure of this kind – no matter how brief – could have serious ramifications given the high level of privilege these machine identities are afforded. These critical machine identities are incredibly powerful and are used everywhere, but they’re also poorly understood and managed, making them a prime target for attackers. Unlike other machine identities, like TLS, SSH keys don’t expire. This means that a compromised identity could be abused for a long time – months or even years – without an organization knowing.

Fortunately, GitHub responded quickly to rotate the impacted machine identities once it noticed that the private SSH key was accidentally published in a public repository. And luckily, it doesn’t appear that they’ve been abused. But if an attacker had seized this opportunity, then it would have given them a very powerful weapon – potentially allowing them to spread across GitHub’s customer networks, eavesdropping on user’s connections, and accessing GitHub’s infrastructure too, while appearing completely trustworthy. In a machine-driven world, having a control plane to manage the lifecycle of machine identities is essential. As this incident shows, you can find yourself exposed very quickly and if not handled quickly, serious repercussions will follow.”

Hopefully GitHub learns from this and as a result has better practises in terms of their SSH keys so that they not only avoid the possibility of getting pwned, but being the punchline in a joke.

Leave a comment »

Twitter’s Decision To Kill Legacy Verified Checkmarks On April Fools Day Is Elon Musk’s Latest Act Of Desperation

Posted in Commentary with tags on March 24, 2023 by itnerd

Normally, I would believe that this is an April fool’s joke. But given that we’re talking about Elon Musk here, it’s not a joke. It’s just his latest act of desperation. According to PC Magazine, Elon is about to do this:

No joke: On April 1, Twitter will start removing blue checkmarks from legacy verified users.

To retain the blue check, individuals must sign up for Twitter Blue, an $8-per-month subscription service ($11 on iOS) that lets folks write longer tweets, edit posts, upload 1080p video, access dedicated customer support, and more.

Twitter verification launched in 2009 to distinguish genuine, notable account holders—celebrities, organizations, etc.—from impersonators. Until November 2022, a blue checkmark indicated an account was actually owned by the entity it claimed to represent.

Since Elon Musk took over the platform, though, things have become more complicated. Musk has repeatedly said that those who received their blue checkmarks in the years before his acquisition are “totally corrupt” because some people allegedly paid for them. Going through a legit payment system from Apple or Google is more secure, he argued. But when Twitter Blue started selling access to a blue checkmark in early November, impersonators quickly seized on the opportunity. (Though it may have resulted in cheaper insulin in the US, oddly enough.)

This is a really stupid idea as I suspect that there will not be many people who presently have a checkmark are not going to pay $8 a month to Elon. And I also suspect it will drive those people from Twitter. And not having “notable” people on Twitter will make it far less appealing to advertisers. Thus you have to wonder if this is one of those things that Elon hasn’t thought through and will later do a 180 on. Or is he going to die on this hill just to try and make a few extra bucks.

Buckle up. This is going to interesting to watch.

Leave a comment »

WooCommcerce Targeted by Sophisticated Credit Card Skimmers 

Posted in Commentary with tags on March 24, 2023 by itnerd

As reported by Sucuri, a new stealthy, credit card skimming campaign is evading security scan detections by hiding their malicious code inside WooCommcerce’s Authorize.net payment gateway module making it particularly hard to find and uproot, leading to extended periods of data exfiltration. WooCommerce is used by roughly 40% of all online stores.

The previous strategy of injecting malicious JavaScript into the HTML of the checkout pages became too easy to detect by security software. Innovative threat actors are now injecting malicious scripts directly into the site’s Authorize.net payment gateway modules used to process the credit card payments. When successful, the code generates a random password, encrypts the victim’s payment details, and stores it in an image file for attackers to retrieve.

This innovative extension is harder to detect than traditional skimming methods for a few reasons:

  • Malicious scripts are called after a user submits their credit card details and checks out 
  • Regular inspections that scan a website wouldn’t yield any results as code was injected in legitimate payment gateway files
  • Threat actors manipulate WordPress’s Heartbeat API to mimic regular traffic and blend it with the victims’ payment data during exfiltration
  • Instead of plaintext to transfer details, image files have stronger encryption

Baber Amin, COO, Veridium:

   “Security measures offered by EMV and contactless cards are compromised when a user enters their credit card information during an online checkout. Additionally, this process exposes a user’s identity information, e.g. email addresses, shipping addresses, and possibly passwords.

To ensure a safe online shopping experience, it is crucial for website administrators to regularly update their content management systems and plugins. 

For merchants and consumer both, Consider the following measures for increased security.

  • Use of virtual cards for online shopping
  • Use of services like PayPal, and amazon pay for online shopping and checkout for an additional layer of payment protection.
  • Adoption of payment services like Apple Pay or Google Pay, which employ tokenization to safeguard sensitive information. These services offer a more secure and convenient experience, both in-person and online. Tokens, which are generated for each transaction, cannot be reused if stolen. This approach overcomes the limitations of EMV cards, which lack chip readers for online payments.
  • And lastly look for embedded finance vendors that can combine biometrics with tokenized payments to eliminate both credit card and identity data from ever getting to the payment gateway.”

This is all good advice that we all need to follow when we shop online as the threats related to online shopping are increasing every single day.

UPDATE: Rui Ribeiro, CEO and Cofounder, Jscrambler added this comment:

     “This attack highlights an often-overlooked security issue: companies must protect the client-side experience from the moment the visitor is on the site to the moment they leave. In this case, the hacker injected malicious code directly into the payment module, collecting sensitive data. This incident underscores how important it is for security teams to know about all the third-party JavaScript running on their website, what data it is accessing, and when. Not only is the customer experience tainted, but the compromised websites can face issues around data privacy, loss of revenue and reputation. New regulations under PCI DSS v4 will require companies to monitor this type of activity on payment pages. To do that, they will need visibility and control over the JavaScript that’s loaded into their web pages, whatever the source, every time. Whether it’s a hijacking attack, data skimming or a simple configuration error, we must protect each visitor interaction.”

1 Comment »

Guest Post: What the Fall of Silicon Valley Bank Means for the Future of Venture Capital

Posted in Commentary with tags on March 24, 2023 by itnerd

By Wendy Jarchow, Chief Investment Officer, River SaaS Capital

Last Friday Silicon Valley Bank (SVB) collapsed, causing the second largest bank failure in U.S. history. On Sunday, New York Signature Bank’s customers began withdrawing their cash, causing the regulators to take control and shut down the bank. Fortunately, due to the rapid response from regulators, the deposit outflows from small and midsized lenders have slowed, and it looks like any other major collapse has been avoided. 

How did this happen?

According to Pitchbook, venture capital deal activity sank over 30% last year and a slowdown in initial public offerings and continuing drawdown in valuations signaled trouble for 2023. However, startup spending hadn’t slowed, even with the expected decline in funding. 

Silicon Valley Bank had been seeing an influx in deposit accounts and a declining need for loans with total client funds having fallen for the last five quarters. With the declining need for loans, SVB needed to offset its assets with a new revenue stream and turned to government securities while the interest rates were at zero. This left the bank open to vulnerabilities, given that the government started to raise interest rates since SVB invested. 

Last Thursday, the CEO of SVB announced his intention to sell those government securities at a loss to offset its current assets. This spurred venture capitalists to turn to social media and other online platforms and recommend that their portfolio companies and borrowers immediately withdraw their money. 

These social media conversations induced panic and fear while providing a sense of uncertainty for all organizations that trusted the institution with their assets. The alarm of organizations withdrawing funds publicly sparked a run on the bank that SVB could not handle. Late Friday, SVB was closed by regulators due to being insolvent. 

Luckily, the U.S. government took action on Sunday night and announced that depositors will be made whole. 

Over the weekend, companies who banked with SVB had to scramble to open new bank accounts and communicate with their customers and employees about the changes and potential impact. Had the regulators not acted quickly, many startups could have had to shut their doors overnight, not being able to make payroll or other recurring expenses. 

In hindsight, had venture capitalists and startup founders stayed calm, this immediate collapse could have been avoided.

However, that doesn’t mean that the venture and startup community is out of the woods yet. 

Where do we go from here? 

Venture capital exists in order to help startup companies that a traditional bank won’t invest in grow and scale. They prioritize tech innovation and growth along with growing the bottom line. There are higher risks, but much bigger rewards. 

Silicon Valley Bank was arguably the epicenter of the financial system for the startup ecosystem because it was not only the bank for these startups, but also provided loans to venture capital and private equity firms. With that said, the future is uncertain, but here are a few things to keep in mind. 

Cyber startups will continue to flourish

In 2022, cybersecurity companies raised a total of $18.5 billion in venture capital funding and cyber security valuations didn’t fall as radically as other industry valuations fell indicating that the area is ripe for innovation and growth. 

Cyber startups should be whole even with the fall of SVB. The government did the right thing when SVB and Signature Bank failed and that was to use the FDIC insurance fund, called the Deposit Insurance Fund, that banks pay into to pay customers at each bank back in full. Although the cap on insured deposits is $250K, to stop panic from spreading, regulators successfully made the exception to make customers whole.

However, access to capital will continue to shrink 

With a projected recession on the horizon, venture capitalists were already pulling back on new investments and concentrating on solidifying their existing portfolio. With the fall of SVB, their appetite for risk will continue to dwindle. Plus, one of their main sources of loans for venture capital is now gone. 

The venture market is not going away because of what happened in the banking industry recently; however, it will be more difficult to get access to capital, at least initially as investments are less available, and likely more expensive.  

We will see a bounce back in venture investing and likely new resources to fill the gap that SVB leaves, but the timing is uncertain. Startups need to preserve cash and closely manage their burn in an effort to extend their runway. Bridging to a larger equity raise by borrowing money from an independent debt provider could be a good resource for some strong growth companies.

The future of SVB and what it means for venture capital is still up in the air

If SVB gets absorbed by a larger bank like, it’s hard to say if they will be funding startups at the same rate. Some large banks will make loans to startups if those startups meet the loan criteria, usually with strong collateral. 

As we have seen in the past, most software and tech companies don’t possess the collateral needed to secure traditional bank financing. Venture banks, like SVB, tend to be more nimble than the big banks. That being said, some of the largest banks such as JPMorgan Chase, Bank of America, Citi have groups/bankers focused on small business so perhaps we could see a shift in mindset where the large banks expand their appetite for risk to support emerging companies.

What should startup founders do now? 

As startups try to navigate when VC investing will return to pre-2022 levels, there are things they can do to ensure their companies keep moving forward. Entrepreneurs and existing investors will need to focus on a few things to maximize their “dry powder.” 

Here are the 3 areas startups should concentrate on in the foreseeable future. 

  1. Focus your time and resources outside of VC

Understand that venture firms will be focused on the most promising companies within their existing portfolios so now is not the time to focus on raising capital from these investors. 

  1. Make the most of resources within your control. 

Here are three main areas that you can control over this next period: 

  1. Focus on customer acquisition costs. Marketing spend can be mitigated by focusing on existing customers v acquiring new. 
  2. Be diligent with cash. Focus on bootstrapping, which can extend the runway.
  3. Streamline operations, including remote working to avoid office expenses where appropriate. 
  4. Leverage existing investors / relationships or focus on independent resources

Not many banks have the startup resources or mindset to support early stage companies. With that in mind, look for financing from your current investors, your cap table or bootstrapping from friends and family. 

You can also identify independent resources, such as stand-alone venture debt providers who understand the inherent risks associated with early stage companies and who can partner with you to help you achieve your goals.

  1. Hang on

We know it’s easy to let panic set in, but strong leaders shine in a time of turmoil.  Lean on your network, overcommunicate to your teams and know that this situation inevitably will shift.  

Leave a comment »

The US Will Try And Ban TikTok…. Here’s Why That Will Happen, And What Might Stop It From Happening

Posted in Commentary with tags on March 24, 2023 by itnerd

Yesterday, the CEO of TikTok Shou Zi Chew took a visit to Washington to try and head off a ban of the Chinese owned social media app. And from all reports such as this one from Platformer, it didn’t go all that well for TikTok. And it now looks more likely than ever that TikTok will be banned. Here’s why that’s all but certain:

  • Everyone on both sides of the aisle want TikTok Banned: There’s rare agreement from Democrats and Republicans on wanting to ban TikTok. Which means any legislation that relates to a ban will likely go through the House and Senate very quickly and get signed off by The White House almost instantly.
  • Nobody wants to buy TikTok: The only way TikTok avoids a ban is if ByteDance who are the Chinese owners of TikTok sell it to an American company. But the thing is, I don’t know who would want to go down that road to buy TikTok. Forbes estimates that TikTok is worth $50 Billion which isn’t an insignificant amount of money. Then whoever buys TikTok would have to hop through so many hoops to avoid having the US government lower the boom on them. And that won’t be cheap. Thus this is a scenario that simply won’t happen.
  • China: The Chinese government created rules that gives it veto power of any sale of Chinese tech to foreign interests. Thus there is zero chance that China would sign off on any sale of TikTok to the US. Which means that a ban would be the only option for the US.

That’s all great. But here’s two reasons why a TikTok ban won’t happen:

  • Young people use TikTok, and they vote. Thus you have to wonder if politicians will really want to ban an app and anger a bunch of people who have the ability to sway an election that’s coming next year.
  • The courts are likely to weigh in and it is possible that they would stop any ban from happening.

So is a ban of TikTok inbound? I think that lawmakers will try and ban it. But it’s far from a sure thing as far as I can see.

Leave a comment »

KAYAK and OpenTable integrate ChatGPT

Posted in Commentary with tags , on March 23, 2023 by itnerd

Sister brands KAYAK and OpenTable have launched plugins with OpenAI’s ChatGPT to power personalized recommendations for travel and dining. The union is a first-of-its-kind integration, with KAYAK among ChatGPT’s first travel collaborators to enable flight, hotel and rental car recommendations while OpenTable is ChatGPT’s only restaurant tech collaborator at launch, giving ChatGPT users restaurant recommendations and a direct link to book.

Here’s an example of how this works:

[User] “What’s the cheapest flight from New York to London this summer?”

Flight results from KAYAK will populate in a matter of seconds

[User] “I’d love to experience Afternoon Tea while I’m there, where can I get a reservation for 2 people”

Restaurant results from OpenTable will populate in a matter of seconds

The integration brings a fun, engaging and conversational element to the travel, dining and planning experience, so that finding that perfect destination or restaurant is as easy as texting your best friend.

For more information on KAYAK’s integration, see KAYAK’s blog here.

Leave a comment »

« Older Entries
Newer Entries »