The order authorizes sanctions and visa bans against people using information technology who commit or facilitate grave human-rights abuses related to “Syrian and Iranian regime brutality,” the White House said. The order would also allow the U.S. to target companies that enable human-rights abuses with technology.

Read the rest of this post on the original site »

Those fears were theoretical for a while. If you could attack the industrial computers controlling nuclear centrifuges and make them explode, as happened in the case of Stuxnet, you could, in theory, use the same approach to attack industrial computers controlling critical infrastructure in the U.S. The only thing needed is knowledge about vulnerabilities lurking in those systems.

The bad news is that, as of yesterday, those vulnerabilities are no longer a theory. The good news is that the good guys found them first.

Yesterday, researchers for a volunteer program called Project Basecamp have discovered three vulnerabilities inside a common model of industrial computer known as a programmable logic controller (PLC). These PLCs basically sit between a regular computer running Windows and a big piece of industrial equipment — say, a pump or a generator or a nuclear centrifuge.

PLCs are part of a larger set of industrial computers known as Supervisory Control And Data Acquisition (SCADA) systems. Security research into SCADA systems has increased dramatically since the revelation of the Stuxnet worm in 2010.

The work was done by researchers at Digital Bond, a security research firm specializing in work on SCADA systems. What they built was a software module called “modiconstux,” which carries out a Stuxnet-like attack on a PLC device called a Modicon Quantum, made by Schneider Electric.

Borrowing techniques learned from the Stuxnet worm, modiconstux does two things: It downloads the current set of instructions the PLC is using — a set of programming commands known as “ladder logic” — giving the attacker the ability to understand what the PLC is doing day in and day out. This is key: If you’re going to hijack a PLC to make the machine it’s controlling explode, you have to first understand the process you’re going to sabotage.

The second thing that modiconstux does is upload new ladder logic. The classic example I think of in explaining this comes from the first public demonstrations of Stuxnet carried out by researchers at Symantec. In that case, a Siemens PLC had been programmed to blow up a balloon by instructing a pump to send a certain amount of air to the balloon and then stop. After being hijacked by Stuxnet, the logic was changed in such a way that the pump didn’t stop, and the balloon popped. Not very menacing, but if you use your imagination, you can see that popping balloon as a metaphor for a lot of very dangerous outcomes.

What’s even scarier than the outcome is the fact that the exploit works without any actual computer hacking having to take place beforehand. Dale Peterson, Digital Bond’s CEO, said the attack works because the PLC is insecure in the first place. There isn’t so much as a password required to download the existing ladder logic, nor to upload the altered ladder logic. And if that PLC is connected to the Internet in any way, it is wide open to attack.

The team also released two other vulnerabilities. One tells the same Scheider Electric PLC to stop, essentially freezing it in place until it can be reset. The third is a vulnerability for a type of PLC device made by General Electric.

The vulnerabilities have been released to the wider world through Metasploit, an open source vulnerability monitoring service that’s owned by Rapid7, a Cambridge, Mass-based company that specializes in helping companies stay ahead of new computer security vulnerabilities. Metasploit subscribers can download the exploit code and test it on their own systems, and demonstrate simulated attacks that in all likelihood will scare the heck out of their bosses.

It should also scare the heck out of legislators and policymakers who have talked incessantly about the need to prepare for a “cyberattack.” Chances are, the next time there’s a serious conflict, attacks carried out by way of a computer will be used to sabotage infrastructure, sow confusion, interfere with logistics and so on. Stuxnet proved what could be done, and what to that point had generally been considered only a theory.

Created by parties unknown — though the smart money says it was Israel, with some help from the U.S. — the Stuxnet worm burrowed its way into PLCs at an Iranian nuclear installation, made the centrifuges spin too fast, and caused some of them to explode. The Iranian nuclear enrichment program was thought to be set back by anywhere from one to two years.

Since then, researchers have been on the lookout for the next Stuxnet, assuming that a second worm would be easier to construct. They’ve also been studying the inherent weaknesses in SCADA systems like PLCs. What they’re finding should give us all pause.

It has been almost two years since the infamous and mysterious computer worm known as Stuxnet was first detected by a team of researchers in Belarus.

Opinions on this vary, but the worm that is said to have caused explosions at certain nuclear installations in Iran is thought to have set that country’s alleged nuclear energy and weapons ambitions back by as much as two years.

The fascination persists. Although no one has ever taken official responsibility for it — the leading suspects in its creation are Israel and the U.S., acting together or independently — Stuxnet is widely considered to have been the most successful and innovative weapon of digital warfare ever seen.

And though numerous media accounts have, with the help of anonymous sources, filled in some of the narrative around its development, the subject of the covert cyber campaign against the Iranian nuclear program has generally remained outside the attention envelope of mainstream TV audiences.

That will change Sunday night when CBS’s popular television news documentary show “60 Minutes” turns its attention on Stuxnet, and the concept of offensive cyberwar generally.

If you’re not familiar with the particulars of Stuxnet, here’s a brief explanation: It’s a sophisticated worm that experts say required several months and millions of dollars to design. Via long-since-patched vulnerabilities in Microsoft Windows, it is designed to burrow its way into specialized industrial computers called programmable logic controllers, made by the German industrial company Siemens. These PLCs sit between conventional computers and industrial machinery like factory equipment, generators and centrifuges used to create nuclear fuel. PLCs and systems like them are widely used and, in many cases, not well secured, in part because they were never designed to be connected to the Internet.

(I first wrote about it at my last job in 2010 in stories found here and here.)

The story goes that the worm was first introduced to Iran via infected flash drives that were dropped around the outside of certain targeted facilities. The worm was carefully programmed to target a specific installation and to remain inert until it found its target. When it did, it seized control of some 1,000 Iranian nuclear centrifuges at Natanz, about 200 miles south of Tehran. While displaying seemingly normal operating conditions to workers there, the centrifuges were forced to spin out of control and effectively destroy themselves.

In a preview video released today (embedded below), “60 Minutes” correspondent Steve Kroft appears to get a tour of the U.S. Cyber Command, the military nerve center for U.S. cyberwar operations. And, in what’s likely to be considered a not-so-subtle message in certain circles, as you see Kroft getting his tour, it’s hard not to notice the screen behind him. Plus, his host shows a Google Maps image of Iran with lots of orange dots on it.

The report, for which CBS presumably got a lot of cooperation from the Pentagon, comes not long after the Obama Administration officially declared cyberspace as a theater of war. That means, the military can conduct both defensive and offensive operations, and that an attack on certain computer systems by other countries or terrorists is essentially equivalent to an attack against U.S. territory, property and people.

It’s not the first time that “60 Minutes” has tackled the subject of cyberwar. In 2009, it first introduced TV viewers to the concept of using digital weapons to seize control of industrial infrastructure in order to sabotage it, including some once-classified footage of a test at the Idaho National Lab where a generator was destroyed using nothing more than computer code (although the same report contains references to a 2007 power outage in Brazil which Wired has said wasn’t caused by digital saboteurs after all, though CBS has said it stands by its reporting.) Aside from that, CBS’s older report serves as something of a lead-up to tomorrow’s story on Stuxnet.

It will be interesting to see if “60 Minutes” has unearthed anything new on Stuxnet that fills in more of the picture surrounding its development and use. Neither the U.S. nor Israel has ever acknowledged any involvement in its creation or use. But Israeli officials have occasionally been described as “breaking into broad smiles” when asked about the subject. It will also be interesting to see if the program asks any important questions about the state of cyberwar post-Stuxnet. It’s pretty safe to assume that other parties have learned as much as they can about how it was created and how another worm like it might be created again.

What’s impossible to guess is where the next target is.

Update: I added a link above to a Wired story that disputed some of CBS’s reporting on the 2007 Brazilian blackout. In short, Wired says the real cause of that blackout was poor maintenance and not an attack by hackers, although CBS has said it stands by its reporting on that subject.

Here’s the short preview of tomorrow’s “60 Minutes” report.

“Samsung Electronics is aware of a recent news report in Iranian media regarding an advertisement aired by HOT cable network of Israel,” Samsung said in a statement to AllThingsD. “This advertisement was produced by HOT cable network without Samsung’s knowledge or participation.”

Iran is apparently none too happy about the ad, with lawmakers reportedly considering a ban on Samsung products, under the assumption that Samsung was responsible for the ad.

Samsung, however, was responsible for a poorly received Galaxy Note ad that aired during Sunday’s Super Bowl, with the Twittersphere not taking too well to either the spot or the device.

Here is the Israeli ad in question:

The company said last week in a blog post that it is now able to censor tweets by country, igniting something of a firestorm over how it will use that power.

“There’s been no change in our stance or attitude or policy with respect to content on Twitter,” Costolo said, speaking Monday evening at the D: Dive into Media Conference.

What is different, Costolo said, is that now it will only have to block tweets in the country issuing an order, rather than for all users around the world.

“When we receive one of those, we want to leave the content up for as many people as possible while adhering to the local law,” Costolo said.

He added that the policy isn’t really about China or Iran, countries where Twitter is already blocked entirely. Nor does he expect this new capability to allow the company entree into China.

“I don’t think the current environment in China is one in which we could operate,” Costolo said.

Costolo also rejected the idea that Twitter could just ignore certain countries’ laws and still do business there.

“It is simply not the case you can operate in these countries and choose which of the laws we want (to adhere to),” Costolo said.

But when the Tehran family settled on the couch with a bowl of pistachios and switched on the television, all they saw was scrambled imagery. The satellite signal was being jammed.

“We were very disappointed that we couldn’t see the film,” said Shohreh, who declined to let her last name be used.

Read the rest of this post on the original site »

Huawei Technologies Co. now dominates Iran’s government-controlled mobile-phone industry. In doing so, it plays a role in enabling Iran’s state security network.

Huawei recently signed a contract to install equipment for a system at Iran’s largest mobile-phone operator that allows police to track people based on the locations of their cellphones, according to interviews with telecom employees both in Iran and abroad, and corporate bidding documents reviewed by The Wall Street Journal. It also has provided support for similar services at Iran’s second-largest mobile-phone provider. Huawei notes that nearly all countries require police access to cell networks, including the U.S.

Read the rest of this post on the original site »

Mrs. Clinton made her second major address on the Internet Tuesday and particularly cited the recent leaking of thousands of secret State Department cables by the Web site WikiLeaks as the type of abuses that need to be guarded against. She stressed that nations need to agree on common legal platforms to ensure the Internet isn’t used for theft, espionage and political repression.

But the former first lady hailed the role that social networking sites like Facebook and Twitter have played in organizing a recent wave of political protests that have targeted dictatorial regimes in the Middle East.

“Finding the proper measure for the Internet is critical because the qualities that make the Internet a force for unprecedented progress—its openness, its level effect, its reach and speed—also enable wrongdoing on an unprecedented scale,” Mrs. Clinton told a gathering at George Washington University.

Read the rest of this post on the original site

I can’t remember a year during which computer security stories jumped so readily from the tech and business pages to the front page.

The year 2010 was bookended by two such cases. It opened with Google’s disclosure that it had come under attack in China, an apparent attempt to penetrate the Gmail accounts of certain activists and journalists.

It ended with the WikiLeaks affair, which stemmed from the alleged theft by an Army private of classified documents stored on a government network.

And let’s not forget in mid-year came the story, as fascinating as it was sobering, of Stuxnet, a computer worm developed by parties unknown–although the smart money is on Israel–that penetrated and ultimately damaged equipment used in the Iranian nuclear program.

Computer hacking–which has for too long evoked images in the public mind-set of teenagers in basements taking digital joyrides–has finally revealed itself to everyone for what it has long been for those in the know: The domain of espionage, sabotage and possibly warfare.

In Google’s case, the attacks upon its systems raised questions about where it draws the line with authorities in Beijing about such matters as freedom of speech. When the attack was first disclosed, Google publicly mulled shutting down its operations in China.

Then in protest, it stopped censoring its search results, giving mainland Chinese access to the same search results available to residents of Hong Kong. Beijing responded by blocking access to Google’s site.

Finally, Google and China came to a new agreement, and Google appeared the loser in the battle of wills.

Computer security is one of those things that companies and governments say they take seriously, but never really seem to get a grip on, judging by the results.

In any case, there is no firewall or software in existence that could have prevented Bradley Manning from stealing the documents that he is alleged to have given to WikiLeaks. As a low-level Army intelligence analyst, he was a trusted insider who had access to this material in the course of his day-to-day job.

So, it was not technology that failed. The failure was one of internal policies that allowed him access to data not relevant to his position.

Any employee of a midsize company can see how wrong that is. Human-resources documents are limited only to those who work in that department. The same is true of people who work in the legal office, business development department and so on.

But it apparently didn’t occur to anyone in government to limit the access to what became the WikiLeaks cache to people who worked only for or closely with the State Department.

If it turns out that thousands of companies are better at protecting their business secrets than the U.S. government is, then it’s not for nothing that the Central Intelligence Agency task force investigating the WikiLeaks affair bears the initials “WTF.”

Something similar was true of Stuxnet. One of the reasons the attackers, whoever they are, succeeded was that they used several so-called “zero day” vulnerabilities in Windows.

These are undocumented weaknesses that hackers save up for special occasions as a way to open a back door into a computer and then insert a troublemaking payload, like a worm. Zero day exploits are a fact of life, and once spotted in the world, they’re usually patched.

The Stuxnet attackers used as many as four zero day exploits as a way to get their worm into targeted computers. Microsoft, to its credit, made short work of fixing them once they came to light.

Even so, the Stuxnet worm burrowed its way from Windows machines into industrial control computers known as SCADA systems, which are widely used to run factories, power plants, pipelines and all sorts of other infrastructure essential to modern life.

The worm was designed to find a specific target: The systems controlling a set of as many as 1,000 centrifuges at the uranium enrichment facility in Natanz, and make them spin faster than they were supposed to.

The ability to attack industrial computers and cause them to do things they’re not supposed to do has been a lingering fear among security experts for years. Researchers at the U.S. Department of Energy in 2007 looked at the potential for attacks on SCADA systems and proved that it was possible to seize control of an electrical generator and then make it destroy itself.

They also found that many of these systems are connected to the Internet for what seem like good reasons: Convenience and cost savings. But these connections have also opened them up to the same kind of attacks that rattled the Iranian facility in Natanz.

Another Stuxnet-like worm, the thinking goes, could be used to bring down a power grid, or poison drinking water, or shut down an oil or gas pipeline. The good news is that such an attack is expensive–Stuxnet, by one estimate, cost $10 million to create–and requires a lot of specialized insider knowledge.

The bad news is that the Stuxnet source code is circulating in the wild for anyone to study. And as the WikiLeaks case shows, there are often insiders willing to take part in criminal schemes.

The other bad news? Securing these systems won’t come cheap.

If history is any judge, there will likely be a barrage of computer security companies that try to spin these incidents into opportunities to make a sales pitch. That’s what security companies do, after all.

But they usually miss the point. How can you plan for a vulnerability you’ve never seen? How can you stop an otherwise trusted insider from abusing their access to sensitive information? Both are fundamentally difficult problems for which there are no easy answers.

Spending money on last year’s security vulnerabilities is like preparing to fight the last war: Circumstances inevitably change, and they certainly will in 2011. New kinds of attacks will arise, and they will catch their targets by surprise.

And the public, like the CIA, will reasonably ask, “WTF?”

The unvarnished fact is that the networked society to which we’ve become accustomed in the last several years has a soft, vulnerable underbelly.

And the more we rely upon it, the more people with a combination of advanced technical skills and repugnant motivations are going to look for ways to turn it against us.

Some will do so as a means of making a personal profit. Others may see it as a way of advancing a political or ideological agenda.

But others will want to use theirs skills to do serious harm to innocent people on a large scale.

And the events of 2010 point the way to a world where that’s a more realistic scenario than it ever was before.

(Of course, Twitter hasn’t revealed the secret formulas that helped it aggregate, tabulate and rank these topics.)

In the Twitterverse, after the BP oil spill and soccer, the next most popular topic of conversation in 2010 was the movie “Inception,” followed by the Haiti earthquake and the vuvuzela. The iPad, Android, Justin Bieber, Harry Potter and Pulpo Paul round out the top 10. It’s an odd list, indeed.

The person most discussed on Twitter in 2010 was obviously he of the dedicated servers, Mr. Bieber. (It’s somewhat shocking that world events and tech gadgets were able to keep the teen phenom out of the overall top spot.) Beating out her royal highness Lady Gaga, the No. 2 person on Twitter was Brazilian president-elect Dilma Rousseff (pictured).

Here’s the full 2010 list, courtesy of Twitter, followed by 2009′s list for comparison.

2010 Twitter Trends

Overall Top Trends:
1. Gulf Oil Spill
2. FIFA World Cup
3. Inception
4. Haiti Earthquake
5. Vuvuzela
6. Apple iPad
7. Google Android
8. Justin Bieber
9. Harry Potter and the Deathly Hallows
10. Pulpo Paul

News Events:
1. Gulf Oil Spill
2. Haiti Earthquake
3. Pakistan Floods
4. Koreas Conflict
5. Chilean Miners Rescue

People:
1. Justin Bieber
2. Dilma Rousseff
3. Lady Gaga
4. Julian Assange
5. Mel Gibson

Movies:
1. Inception
2. Harry Potter and the Deathly Hallows
3. Scott Pilgrim vs. the World
4. Despicable Me
5. Karate Kid

Television:
1. MTV Video Music Awards
2. Pretty Little Liars
3. True Blood
4. Walking Dead
5. Grammy Awards

Technology:
1. Apple iPad
2. Google Android
3. Apple iOS
4. Apple iPhone
5. Call of Duty: Black Ops

World Cup:
1. FIFA World Cup
2. Vuvuzela
3. Pulpo Paul
4. Dunga
5. Diego Maradona

Sports:
1. LeBron James
2. Wimbledon
3. Manchester United
4. Brock Lesnar
5. Celtics

Hash Tags:
1. #rememberwhen
2. #slapyourself
3. #confessiontime (hash tag started by Usher)
4. #thingsimiss
5. #ohjustlikeme

2009 Twitter Trends

News Events:
1. #iranelection
2. Swine Flu
3. Gaza
4. Iran
5. Tehran
6. #swineflu
7. AIG
8. #uksnow
9. Earth Hour
10. #inaug09

People:
1. Michael Jackson
2. Susan Boyle
3. Adam Lambert
4. Kobe (Bryant)
5. Chris Brown
6. Chuck Norris
7. Joe Wilson
8. Tiger Woods
9. Christian Bale
10. A-Rod (Alex Rodriguez)

Movies:
1. Harry Potter
2. New Moon
3. District 9
4. Paranormal Activity
5. Star Trek
6. True Blood
7. Transformers 2
8. Watchmen
9. Slumdog Millionaire
10. G.I. Joe

TV Shows:
1. American Idol
2. Glee
3. Teen Choice Awards
4. SNL (Saturday Night Live)
5. Dollhouse
6. Grey’s Anatomy
7. VMAS (Video Music Awards)
8. #bsg (Battlestar Galatica)
9. BET Awards
10. Lost

Sports (Teams, Events, Leagues):
1. Super Bowl
2. Lakers
3. Wimbledon
4. Cavs (Cleveland Cavaliers)
5. Superbowl
6. Chelsea
7. NFL
8. UFC 100
9. Yankees
10. Liverpool

Technology:
1. Google Wave
2. Snow Leopard
3. Tweetdeck
4. Windows 7
5. CES
6. Palm Pre
7. Google Latitude
8. #E3
9. #amazonfail
10. Macworld

Hash Tags:
1. #musicmonday
2. #iranelection
3. #sxsw
4. #swineflu
5. #nevertrust
6. #mm
7. #rememberwhen
8. #3drunkwords
9. #unacceptable
10. #iwish

Among activities detailed in the documents was the extensive, and increasingly successful, push by the U.S. for an international consensus to confront Iran’s nuclear program. Five newspapers obtained early access to the documents, which had been gathered by the website WikiLeaks.

The cables showed how some Arab leaders were largely in sync with Israel to support greater financial penalties, if not military operations, against Iran unless it abandons its nuclear ambitions. Regarding Iran, Saudi Arabia’s King Abdullah was portrayed in an April 2008 memo as having told the U.S. “to cut off the head of the snake.”

Read the rest of this post on the original site

The development further fueled suspicions that the worm, which was discovered in July and has disproportionately hit facilities in Iran, was designed to attack Iranian nuclear facilities.

Read the rest of this post on the original site

The plan announced Monday also provides for quickly “surging” large numbers of CIA officers to hot spots around the globe such as the tribal areas of Pakistan or East Africa. Past agency plans haven’t provided for such war-time demands.

The moves reflect an effort to bolster agency operations and analysis without causing too much disruption, CIA veterans said. Although historically there has been tension between the CIA and the Pentagon, this plan aligns the two agencies’ priorities, the veterans said.

Read the rest of this post on the original site

This week: We took a coffee break (and made an interview and video) with Mehdi Maghsoodnia, CEO of BookRenter, a company that claims to be “numero uno” in online textbook rentals, a bone of contention between it and larger competitor Chegg.

Who: Mehdi Maghsoodnia

What: Chief Executive Officer

Why: BookRenter is in a battle with competitor Chegg. Mehdi freely admits that Chegg holds more market share, but says his model has the staying power to outlast it. Presumably, Chegg begs to differ.

Where: bookrenter.com (Web site); @bookrenter (Twitter); Campbell, Calif. (analog place)

Who else: BookRenter is in a battle for the hearts and minds of college students everywhere. On one side, it competes with college bookstores, Amazon (AMZN), and a trial-rental program from Barnes & Noble (BKS). Once a customer goes the way of rental rather than purchase, BookRenter has to fight with Chegg, the textbook service now led by longtime Silicon Valley exec Dan Rosensweig and whose eggshell has been stuffed with $144 million in venture funding.

Five Stats You Won’t Find in His Facebook Profile

Worst Job Ever: I used to sweep the grounds for a hotel in San Francisco, called Roberts at the Beach Motel (it’s still there). It was right next to the zoo, and the wind would blow all the dust, sand and junk into the hotel, and my job was just to sweep the floor. That was not at all fun.

Geek Crush: I’m a fanatic in terms of business models, and I track the careers of people I admire. I keep track of Maynard Webb, who used to be the COO at eBay (EBAY). I track people with clever minds and clever ideas.

Gadget of the Moment: I love my Apple (AAPL) iPhone–for the first time recently I traveled without my laptop. It was great. The app environment is fascinating. If you look on my phone, the apps are in two distinct sections. One is all the games that keep my kids busy, and the second category is functional things for me. News feeders, banking…and I watch all kinds of videos on the TED app when I’m traveling.

International Businessman of Mystery: I was born in Iran. Then, we moved to London. I traveled a lot and lived all over. I realized early on that a consequence of that is I’m culturally very unmarketable. It’s pretty impossible to market to me. Which, by definition, means I’m not the greatest marketer, because I don’t know what makes people want to buy things.

It’s All in the Family: I sit on the board of Nature Air, an airline in Costa Rica. It’s the first regional green airline, and it’s the family business.

Bio in 140 Characters

Mehdi grew up global, but landed in Silicon Valley. He spent time as a VC then moved to head CafePress. Now he’s CEO at BookRenter.

The Five Questions

Let’s get right into this. How are you guys different from Chegg?

When I was at CafePress, we were the biggest online t-shirt retailer in the world. We spent a lot of time getting shirts in from China, organizing them, putting them in bins, tracking them, printing them and so on. I observed how much of our management bandwidth and resources went into back-end fulfillment as a retailer. I came out of CafePress and was sitting on the venture side when I saw Chegg and BookRenter. I said, “These are two teams satisfying specific demands out there, but with totally different business models.”

Chegg was trying to do everything–taking on warehousing, buying the books, etc. There were many companies doing that, by the way. Amazon among them. The BookRenter team was clever, and they said, “Let’s flip this on its head.” Investing in a book as stock is a losing venture, because your individual investment on the book loses value over time. You also lose money on leasing the warehouse, forklifts, all of it.

At BookRenter, we have all kinds of partnerships that handle those logistics, including recent partnerships with school bookstores themselves. We are in a cyclical business, where maybe four months out of the year we are handling books, and, in the other eight, the books are in the students’ hands. Our costs adjust within those cycles as quickly as changes happen.

How do you track and price all the books when you don’t own them?

So, most of the business is done today on an inventory capitalization model. That is to say, you have a position on what books you have. Everyone buys books and then has to find a match for that book in a rental relationship.

BookRenter takes a very different approach. Our software system creates rental relationships in real time, which means it figures out prices and availability for every new rental. If you come to us and say you want to rent a biology book, the system turns around and queries our suppliers and decides who will be able to get us that book at the lowest overall cost. Our cost algorithm is complex and takes into account things like the reliability of the provider for meeting its commitment on that book.

Once the determination has been made, only then do we take a position on that book and add it to inventory. I can offer as many books as [Chegg] or anyone else, because I’m offering that book virtually. I only pay when I have a paying customer.

You’ve got a lot to say about how you are going to gain on Chegg. Is this really a market that is worth the fight?

Oh yes, the market is growing very fast. We saw 300 percent growth year over year in January. The textbook business is a $9-billion-a-year industry. Someday we hope that a third of that is rentals. The value proposition is there. Renting is cheaper than buying. It’s even cheaper than buying used. Eighteen months from now, we are still going to be a smaller player, but we have the longevity.

Do you do this for the competition, or is it something else that drives you?

I’ll be honest. The best possible outcome for us is that Chegg stays prosperous. Both of us are fighting the same battle in terms of converting some of the buying market to a renting market. So, we are all in the same market development boat. But what I really like about this is the process. I see our business as a 0.9 version, so there are so many things we can still work on.

Organizationally and market-wise, it’s a very exciting thing to design a system for. You have to balance the needs of all kinds of partners. It’s like playing multidimensional chess with very good players. It’s just fun. Also, the growth factor is great. If I had to solve these problems in a business that wasn’t growing, that’s not a lot of fun.

I’ve been there man, that’s deadly. You put a lot of intellectual work into it and you can’t get anyone to care.

As a current student, I’ve got to ask: How have you dealt with undoubtedly the biggest customer problem–highlighting?

[Laughs] You know, that was a real issue early on. Our early policy was no highlighting at all, of any kind. It turned out that students didn’t seem to mind [the highlighting], and in fact many liked it. It was like someone had already done the work of showing them the important parts of the book. Today, we will only charge for damage if there’s been a real issue, like, someone spilled water all over the book and really ruined it.

The In Living Color Interview

]]> http://allthingsd.com/20100305/almost-famous-mehdi-maghsoodnia-of-bookrenter/feed/ 0 http://allthingsd.com/20100211/iran-tweets-engulf-twitter/ http://allthingsd.com/20100211/iran-tweets-engulf-twitter/#comments Thu, 11 Feb 2010 23:52:02 +0000 Sarmad Ali http://voices.allthingsd.com/?p=21276 As the Iranian regime clamps down on antigovernment protesters on the 31st anniversary of the Islamic Revolution, many people around the world are using Twitter to exchange information and disseminate updates on the situation on the ground.

Iran-related keywords, including “iranelection” and “22bahman” (a reference to today’s date in the Persian calendar) were popular on the microblogging service Thursday, as users discussed Iranians’ rights to free speech and the rallies outside Iran’s notorious Evin prison.

“This is what Iran’s police have become, thugs,” Michael P. Whaley tweeted, linking to a YouTube video that purports to show authorities beating a protester. Others, such as Raymond Morrison, shared photos from Tehran in their posts.

Read the rest of this post on the original site

]]> http://allthingsd.com/20100211/iran-tweets-engulf-twitter/feed/ 0 http://allthingsd.com/20100211/twitter-buzz-over-irans-gmail-ban/ http://allthingsd.com/20100211/twitter-buzz-over-irans-gmail-ban/#comments Thu, 11 Feb 2010 08:53:10 +0000 Sarmad Ali http://voices.allthingsd.com/?p=21257 As soon as news of Iran’s ban on Gmail broke, Twitter was awash with outrage about Iranian censorship, but also with jokes about whether Google’s (GOOG) new update service had prompted the decision.

“Honestly, I didn’t think Buzz was *that* bad,” Alistair Coleman said in an update, a quip echoed in dozens of tweets linked to reports of the ban. “Iran hates Google Buzz so much it shuts down Gmail,” tweeted Aaron Spencer, who added the hashtag “#halfkidding.”

Read the rest of this post on the original site

]]> http://allthingsd.com/20100211/twitter-buzz-over-irans-gmail-ban/feed/ 0 http://allthingsd.com/20100210/twitter-taps-pixar-exec-as-cfo/ http://allthingsd.com/20100210/twitter-taps-pixar-exec-as-cfo/#comments Wed, 10 Feb 2010 23:48:40 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=34666 Twitter has finally found a chief financial officer.

Ali Rowghani, currently CFO and senior VP of strategic planning at Pixar Animation Studios, will bring his financial acumen to the microblogging service come March, making it, for better or worse, a “legitimate” company.

“Ali will be an important member of a growing team focused on creating value for our users and capturing the financial opportunities that result from it,” Twitter CEO Evan Williams said in a statement. “His thoughtfulness on retaining a great culture to work and staying consistent with your principles will also be a significant contribution.”

Great. But how is he with IPOs?

Rowghani’s pre-Twitter bio:

Ali Rowghani is Chief Financial Officer and Senior Vice President of Strategic Planning for Pixar Animation Studios, Disney Animation Studios, and Disney Toon Studios. In this role he oversees the finance teams at each animation division, the Facilities and Real Estate functions at Pixar, as well as the business aspects of Pixar’s RenderMan software group.

Ali joined Pixar in 2001 and has held a variety of finance positions at the studio. He was appointed Director of Pixar’s Production Finance and Strategy group in 2004. Before joining Pixar, Ali was an Associate at McKinsey & Company, a global management consulting firm. During his time at McKinsey, Ali was based for nine months in Germany. He later spent one year in Japan with McKinsey Global Institute, the Firm’s renowned economics think tank.

Ali holds a Bachelor of Arts degree and a Master of Business Administration degree, both from Stanford University. He was awarded a Fulbright scholarship and spent a year studying at the University of Bonn in Germany. Born in Iran, Ali moved to Dallas, TX with this family when he was five years old. He remains a huge fan of the Dallas Cowboys.

]]> http://allthingsd.com/20100210/twitter-taps-pixar-exec-as-cfo/feed/ 0 http://allthingsd.com/20100210/iran-to-suspend-googles-email/ http://allthingsd.com/20100210/iran-to-suspend-googles-email/#comments Wed, 10 Feb 2010 21:15:49 +0000 Chip Cummins And Jessica E. Vascellaro http://voices.allthingsd.com/?p=21216 Iran’s telecommunications agency announced what it described as a permanent suspension of Google Inc.’s (GOOG) email services, saying a national email service for Iranian citizens would soon be rolled out.

It wasn’t clear late Wednesday what effect the order had on Gmail services in Iran. Iranian officials have claimed technological advances in the past that they haven’t been able to execute.

Google didn’t have an immediate comment about the announcement.

Read the rest of this post on the original site

]]> http://allthingsd.com/20100210/iran-to-suspend-googles-email/feed/ 0 http://allthingsd.com/20100120/web-access-is-new-clinton-doctrine/ http://allthingsd.com/20100120/web-access-is-new-clinton-doctrine/#comments Thu, 21 Jan 2010 07:23:16 +0000 Siobhan Gorman http://voices.allthingsd.com/?p=20368 The U.S. plans to make unrestricted access to the Internet a top foreign-policy priority, Secretary of State Hillary Clinton plans to announce Thursday.

The announcement, which has been scheduled for weeks, comes in the wake of accusations last week that Chinese hackers penetrated Google Inc.’s (GOOG) computer networks. The attack, which also targeted Chinese dissidents, is the kind of issue Mrs. Clinton aims to address, said Alec Ross, a senior adviser.

The growing role of the Internet in foreign policy became clear last year during protests in Iran after allegations of election fraud. The government tried to crack down on protesters’ Internet communications, but they circumvented digital blockades to send out video and Twitter messages about violence against demonstrators.

In one new initiative, the State Department plans to offer financial support to grass-roots movements that promote Internet freedom, Mr. Ross said.

Read the rest of this post on the original site

]]> http://allthingsd.com/20100120/web-access-is-new-clinton-doctrine/feed/ 0 http://allthingsd.com/20091109/twitter-lists-get-a-tryout-during-fort-hood-shootings/ http://allthingsd.com/20091109/twitter-lists-get-a-tryout-during-fort-hood-shootings/#comments Mon, 09 Nov 2009 18:46:22 +0000 Marisa Taylor http://voices.allthingsd.com/?p=17599 As news of the Fort Hood shooting rampage spread last week, media outlets and readers both put Twitter and its new lists feature to the test.

Just as the service was instrumental in providing updates during the summer’s election protests in Iran, Twitter feeds from Texas-based news sources such as the Austin-American Statesman and the Killeen Daily Herald provided a stream of local updates.

The Statesman’s feed amassed more than 3,000 followers by the end of the day Thursday, and soon larger news outlets such as Huffington Post, CNN and the New York Times (NYT) had tapped into it and other sources by using Twitter Lists, which lets users create groups of other Twitter accounts that others can view and follow.

“Lists proved a new way to follow breaking news on Twitter, with filtered groupings of local news outlets, military accounts, and local citizens,” Craig Kanalley wrote on Poynter’s E-Media blog.

Read the rest of this post on the original site

]]> http://allthingsd.com/20091109/twitter-lists-get-a-tryout-during-fort-hood-shootings/feed/ 0 http://allthingsd.com/20090807/boomtown-decodes-twitters-denial-of-service-blog-post-so-you-dont-have-to/ http://allthingsd.com/20090807/boomtown-decodes-twitters-denial-of-service-blog-post-so-you-dont-have-to/#comments Sat, 08 Aug 2009 00:17:56 +0000 Kara Swisher http://kara.allthingsd.com/?p=17142

This morning, in a blog post titled “The Adventure Continues,” Twitter co-founder Biz Stone gave more of an explanation for the outage that the microblogging service endured due to a denial-of-service attack yesterday.

Fortunately, BoomTown can read between the lines in order to decipher the secret message herein!

Biz wrote: The Adventure Continues.

Translation: By “adventure,” I mean yet-another-friggin’-Twitter-birdie-crisis.

Considering all the fail whales, the stolen documents and now this, I would have to say we have now taken Time Warner (TWX) online unit AOL’s title as Internet company most likely to experience technical difficulties. Do not adjust your screens! Please stand by!

Biz wrote: In the past 24 hours, we’ve been contending with a variety of attacks that continue to change in nature and intensity. We’re working to restore access to apps built on the Twitter platform that were affected by defensive measures–there was some overcompensation on our part as we tune our system to deal with this scale of attack.

Translation: We’d like to blame this one on TechCrunch somehow, and are hard at work on another impolitic internal memo about how to do so that also manages to insult potential acquirers, such as Google (GOOG), Microsoft (MSFT), and our investors.

The reason we doused this crisis with extra amounts of weed killer is because no one will be able to accuse us of sitting by in our usual chill manner, which is exemplified by the official Twitter company motto: “Scoble dude, relax, it’s only 140 characters.”

Biz wrote: The ongoing, massively coordinated attacks on Twitter this week appear to have been geopolitical in motivation. However, we don’t feel it’s appropriate to engage in speculative discussion about these motivations. The open exchange of information can have a positive impact globally and our job is to keep Twitter services running reliably to the best of our ability.

Translation: And if blaming TechCrunch does not work, there is always Iran to point the finger at!

However, we don’t feel it’s appropriate to engage in speculative discussion of these motivations–mostly because it will just piss off the hackers more and they will crush our little technical operation like it is papier maché.

Which, let’s be honest, it is. Anybody got any spare Elmer’s Glue?

Biz wrote: As a reminder, no data or personal information of any kind has been compromised. Denial of Service attacks are a known quantity on the web and they are not going away any time soon. Nevertheless, we can and will improve system response to these assaults such that they don’t interfere with our normal, everyday Twittering.

Translation: No data or personal information of any kind have been compromised, except–of course–for Ashton Kuchter’s.

But, to be fair, that dude overshares like Perez and Paris Hilton combined and on steroids.

Not that we mind him tweeting pictures of his wife’s posterior, but he makes John Mayer seem shy.

Denial-of-service attacks are a known quantity on the Web, much the way our fail whale is.

Nevertheless, we can and will fail again, so there will be yet another spate of articles and blog posts about the indignity of life without Twittering to show just how indispensable we are.

]]> http://allthingsd.com/20090807/boomtown-decodes-twitters-denial-of-service-blog-post-so-you-dont-have-to/feed/ 0 http://allthingsd.com/20090727/one-way-to-help-iran-protesters-donate-thumb-drives/ http://allthingsd.com/20090727/one-way-to-help-iran-protesters-donate-thumb-drives/#comments Mon, 27 Jul 2009 15:37:54 +0000 Andrew LaVallee http://voices.allthingsd.com/?p=13804 The creators of a program aimed at counteracting Iran’s Internet filters have issued a call for something that lies around unused on plenty of desks: USB thumb drives.

The program, called Haystack, allows Iranian citizens to access the Internet without the impediments on Facebook and other sites that the government has imposed. It also masks the user’s identity online, a crucial safety measure amid efforts by pro-regime Internet users to track down protesters.

Read the rest of this post on the original site

]]> http://allthingsd.com/20090727/one-way-to-help-iran-protesters-donate-thumb-drives/feed/ 0 http://allthingsd.com/20090625/cnn-we-dont-need-youtube-and-twitter-to-tell-us-whats-going-on-in-iran-weve-got-ireport/ http://allthingsd.com/20090625/cnn-we-dont-need-youtube-and-twitter-to-tell-us-whats-going-on-in-iran-weve-got-ireport/#comments Thu, 25 Jun 2009 18:06:35 +0000 Peter Kafka http://mediamemo.allthingsd.com/?p=8533 The “Iran is Twitter’s defining moment” meme is losing momentum to the “Iran is YouTube’s defining moment” meme. But CNN has a different spin. Time Warner’s (TWX) cable news channel wants us to know that it isn’t dependent on either the micromessaging service or Google’s (GOOG) video site to report what’s happening in Iran–it has iReport.

For those of you who don’t watch CNN or visit CNN.com with any frequency, iReport is the news service’s attempt to create its own user-generated news hub. It’s supposed be to be able attract eyeballs on its own and in some cases, feed the Web site and the cable channel with free content donated by viewers.

To date, iReport is best known as the place where someone posted a bogus item about Apple (AAPL) CEO  Steve Jobs. But CNN says it has been using the site heavily to augment its Iran coverage. From a press release it sent out earlier this week: “Since last week, we’ve received 4555 iReport submissions related to Iran–including more than 1600 this past Saturday and Sunday alone, and an additional 689 just yesterday. To date, 150 of the Iran-related iReports have been vetted and verified by CNN producers for use on CNN air or online–something the likes of YouTube or Flickr just aren’t equipped to do given their lack of newsgathering infrastructure.” (Yesterday CNN told me it added another 399 Iran-related iReports, and that seven had made it onto air. Presumably those numbers are still increasing.)

The breast-beating seems a bit much given that CNN, like every other cable network, has been happy to play up any bit of social media it uses in its Iran reporting. But the point about the vetting and verification is interesting.

I checked with CNN rep Jennifer Martin, who spelled out what that means: That CNN producers have contacted the people who sent in all of the Iran-related iReports it has featured on the network and at least verified that they are who they say they are. That in itself seems worthwhile, and maybe even worth bragging about.

Andy Plesser at Beet.TV has more, including an interview with CNN.com producer Lila King.

Here’s an example of some the “verified” footage the network has used so far. For some reason the play/pause/etc. controls don’t show up on these embedded videos, but I’ve been able to get them to start and stop by clicking on the image:

Iranians shouting “Allah O Akbar” at night:

A pro-Mousavi rally:

]]> http://allthingsd.com/20090625/cnn-we-dont-need-youtube-and-twitter-to-tell-us-whats-going-on-in-iran-weve-got-ireport/feed/ 0