Twitter notifications about important ads and developer accounts

A bug that could unexpectedly and temporarily store important information and accounts of developers who visited the website in the cache of web browsers. Developers who have accessed this service through a shared or public workstation must take action as soon as possible to avoid the risk of exploitation.

Developers using the Twitter API Management Service for their apps and services through should be careful. The microblogging site warned this community of the risk of exploit related to an error in storing their identifiers (private keys and account access data) in the cache of the web browsers used to access them. Service. There is currently no evidence that this information has been compromised. However, when in doubt, Twitter prefers to prevent this from happening.

The service provides developers with access to the third-party application usage dashboard using Twitter APIs. “If you’ve used a public or shared computer to view the tokens and keys for your development applications on, they may have been temporarily stored in your PC’s browser cache,” warned Twitter. “If someone is using the same computer as you in a short amount of time, they will be able to access the keys and tokens that you can see.” In order to avoid the risk of an exploit, the company recommends that developers regenerate the keys and tokens of their applications.

Recurring cache problems

This is not the first time Twitter has taken such precautions. This was the case last May and June when the risk of finding information in the browser’s cache was also exploitable, especially regarding billing, email addresses, phone numbers, or even the last 4 credit card numbers. .

6 ways Alibaba’s cloud challenges AWS, Azure and GCP

In recent years, Alibaba Cloud has gained momentum internationally. So much so that the Chinese supplier is becoming a serious competitor to the three major American cloud players.

Most people have heard of Alibaba, the Chinese giant equivalent to Amazon, whose businesses include e-commerce, financial services, logistics, media and marketing. The technology behind these businesses, Alibaba Cloud, is now the third largest cloud provider in the world after Amazon Web Services and Microsoft Azure. And if Alibaba Cloud has offerings that are broadly similar to those of these two competitors and Google Cloud, some …

You still have 96% of the article to read
You must have an account to continue reading

Do you already have an account?

AWS in the race for fraud

The AWS Fraud Detector tool announced at the Re: Invent 2019 conference is now available. Based on a machine learning engine, it can detect fraud in online payments and the creation of fake customer accounts.

Online fraud is a real nuisance. The market for solutions in this area, valued at more than $ 19 billion in 2018 by research firm Fortune Business Insights, is expected to grow 25.5% annually through 2026 and reach $ 110 billion by that date. . In this market, players like IBM, DXC Technologies, and Experian are well established, but we must now expect a significant new addition: AWS.

The Fraud Detector tool that was mentioned during the last Re: Invent 2019 event last December has now been announced in general availability. The latter enables the fight against online payment fraud and the search for fake customer accounts. “Organizations doing business online are particularly vulnerable to attack by criminals with a variety of modes of operation including creating fake accounts and stealing credit card payments,” said AWS. “Amazon Fraud Detector uses machine learning (ML) and leverages over 20 years of fraud detection experience from AWS and to automatically identify questionable cyber practices so you can spot more fraud. fast. With Amazon Fraud Detector, you can build a fraud detection model with just a few clicks and no previous ML experience, as Amazon Fraud Detector does most of the ML work for you. “

Fraud detection in ML increased or not

“We recently started using Amazon Fraud Detector and we are pleased that it offers a cost-effective implementation and a self-service approach to creating a machine learning model that is personalized for our company,” said a feedback . by John Kercheval, Senior Director of the Identity Services Group at GoDaddy, in a video. “The model we built in Amazon Fraud Detector can potentially detect fraudulent registrations instantly. So we’re very pleased with these results and see what else we can do.” Amazon didn’t say if he was a user of his own solution himself, but we can very strongly assume that.

Fraud Detector is based on pre-built ML models to identify fraud related to online activities such as online payments, creating fake accounts, and ordering guests. A fraud detection console allows the user to create rules (acceptance, rating, etc.) and flag suspicious accounts for in-depth analysis. A number of APIs that can be integrated with third party applications are also available as it is known that a fraud detection model can be imported into Fraud Detector from Amazon SageMaker.

In terms of pricing, AWS charges its tool by the hour ($ 0.39 for model training and $ 0.06 for hosting) and $ 0.03 per prediction for real-time fraud information. online (400,000 first predictions per month) with a sliding scale afterwards. Without the use of machine learning, the price of predicting fraud based on simple rules is not surprisingly lower, starting at $ 0.005 for the first 400,000 predictions per month.

Cookie Management and Consent: is Boursorama playing with fire?

Adblocker non grata, third-party cookie for hidden traceability, standard acceptance of cookies, non-systematic recording of selection preferences … The online banking site Boursorama has implemented a management of cookies and consent that is far from flawless, but ‘after that Company complies with the recommendations of the CNIL.

There is sometimes (often) a gap from theory to practice. This is usually the case with regard to the general regulation on the protection of personal data (RGPD) and in particular the guidelines for the use of cookies by websites. The decision of the Council of State of June 19, 2020 to go in the direction of the website editors to block access to internet users who refuse cookies, despite the fact that the CNIL considers the use of wall cookies to be contrary to the GDPR, sounded like a blow. from thunder. “The CNIL is continuing its work on drafting recommendations and guidelines regarding cookies and other tracers. The guidelines are therefore being adapted to take account of this decision. [du Conseil d’Etat]. This adjustment and the acceptance of this recommendation by the CNIL College should take place after the beginning of the school year September 2020 according to a schedule that has yet to be specified, ”the commission explained to us.

In this still fluid legal context, websites are doing their best – or not – to apply the regulation while waiting for a clearer legal framework. With regard to Boursorama, on the contrary, the efforts made in terms of the management and consent of cookies seem far from bearing fruit. It has been suggested that the choice of online banking does indeed raise questions in this area. Start by tracking the activities of users and customers of Boursorama services in their own customer area. Boursorama has taken over a personalized subdomain that is registered in the form of a CNAME field in the DNS (c0011) in order to counter potential ad blockers that could “interfere with good navigation” and prevent “zero risk consultation” of accounts .boursorama .com) actually refers to, depending on AT Internet, and allows the protection of browsers and ad blockers to be bypassed.

Using a CNAME managed by a third party, in this case AT Internet, can also pose a security risk. Indeed, a malicious user at the service provider – or even an employee targeted by social engineering – can access technical logs and the required privilege level, keep session logs, and possibly log in instead of the user. ‘User. “It’s a potential source of security breaches, and the contractual framework, in turn, requires a security commitment. Otherwise, Boursorama can be blamed for negligence in using partners,” said Florence Bonnet, Associate Director of Data at Inside the TNP cabinet. “There is no such thing as zero risk, but it is very theoretical here, it takes a number of factors to get there, and even if it were, the malicious person could not do anything because of all the sensitive operations that are protected”, Aurore Gaspar, deputy general manager of Boursorama told us.

Boursorama is far from being an isolated incident

“A CNAME enables the creation of subdomains and dummy URLs that are transmitted under the caudal forks of built-in ad blockers thanks to marketing and advertising data that are identified as proprietary but not third-party data,” said an expert in digital marketing who preferred to remain anonymous. “The goal is to disguise a bit of third party cookies by presenting them as proprietary cookies,” said Florence Bonnet. “This helps circumvent measures that have been taken for browsers that want to bypass them. On the other hand, on the part of Boursorama, there is no desire to hide anything. “When customers arrive at the seats, they will not be tracked until they have given their consent by accepting the installation of cookies or otherwise setting them on the cookie management console,” said Aurore Gaspar.

But why go to so much trouble to hide a third-party cookie as the owner? “Chrome deletes third-party cookies, but not proprietary cookies. This allows Boursorama to follow up on the person from the moment the person gives their consent,” continues the anonymous digital marketing expert. “Unfortunately, Boursorama is not an isolated case, it is still very common in France today.” And Florence Bonnet at the start: “For us, Boursorama is a bad student. We see that companies are clearly complying with the regulations. We cannot say this is the case if third party cookies that are being tracked are insufficiently qualified and therefore not valid consent. . It’s up to the person to come forward, it’s an abusive practice but in this case it’s not just boursorama. “

From self-advertising space to monetized advertising

Among the choices that Boursorama makes in relation to cookies, some can prove to be bothersome. This is the case, for example, with the cookie wall, where the standard acceptance options for 5 processing categories (storage and access to information, personalization, selection, distribution and measurement of advertising, selection, distribution and measurement of content and statistics) are set to “On” set. If the user manually clears these check boxes, preference history will not run. Result: The user / client has to restart the procedure for rejecting cookies with each connection. What are the navigation plotters in the customer area of ​​Boursorama set up for? At the moment, in order to promote self-advertising, ie internal products and services, it cannot be ruled out that these advertising spaces will be monetized in the future. “There are no third-party advertisements in the customer area, we are a pretty innovative company and if that happened one day it would of course be consent,” assures Aurore Gaspar.

“The CMP [plate-forme de gestion des consentements] provide for the purposes except that they are not clearly defined and do not meet the requirements of European regulations, ”explains Florence Bonnet. “They provide that we can choose something other than consent as a legitimate interest that will allow Boursorama to opt out. This may be the reason why some have already configured the CMP to set cookies by default, even if it does not conform to the RGPD. “According to its privacy policy, Boursorama bases profiling for advertising purposes – and thus tracking – on legitimate interests. It includes it in commercial prospecting. “On this point, the choice of legal basis can be debated, but the purposes are not precise enough,” admits Florence Bonnet.

An entry from the CNIL in the event of the required consent that has not been obtained in accordance with the GDPR

And the CNIL for its part states: “The deposit and reading of cookies imply, in principle, a free, specific, informed and unambiguous consent, after the user has been informed of the purposes of the tracer and the means of refusal. The only exceptions are currently in Article 82 of the Data Protection Act. Article 15 of the “ePrivacy” Directive allows Member States to limit this obligation (that of Article 5 (3) of the “ePrivacy” Directive) for certain purposes. The clarity implies in particular that the acceptance of cookies is not may be the default mode, or by default it may result from inactivity or pre-checked checkboxes, etc. […] If consent is required and it is not obtained in accordance with the legal provisions (beforehand, free, specific, informed and unambiguous), users can contact the CNIL. “It remains to be seen whether Boursorama will agree to change the management of cookies in order not to face such a situation.

How GovChat helped South African administrations change during the lockdown

The GovChat service has proven to be an integral part of the Republic of South Africa’s administrations’ response to the Covid-19 pandemic. CIO Africa interviewed its founding CEO, Eldrid Jordaan, apparently via chat.

Eldrid Jordaan attended a dozen different meetings every day at 1 p.m. As the founder and director of GovChat, the official civic engagement platform on behalf of the South African government, Eldrid Jordaan is the man responsible for connecting millions of citizens with government officials. And the workload has only increased due to the coronavirus outbreak. The government is actually using the platform as part of its efforts to address the social and economic impact of the Covid-19 health crisis.

In that chat exchange, Jordaan explained to the CIO Africa why he created the platform, launched in September 2018 in collaboration with the Department of Cooperative Governance and Traditional Affairs, and how he and his team contributed to the fight of the South African Government against Covid-19.

CIO Africa: Tell us about your professional background.

Eldrid Jordaan: I was part of the team that started Mxit, a free South African instant messaging app. I was on the management team at Mxit, which enabled me to measure the appetite of the country’s citizens for a platform that gives young South Africans the opportunity to interact with the government. That experience taught me that people don’t really want to communicate with the national government; They were more interested in speaking to their local public officials who could address the issues closer to home. When Mixt closed its doors, I started GovChat.

What was the business / social problem you wanted to solve with GovChat?

The main goal was to bridge the communication gap between citizens and government and enable them to connect with each other through platforms such as WhatsApp, Facebook Messenger and USSD [Unstructured Supplementary Service Data ou Données de Services Supplémentaires non Structurées, un service télématique mobile, une sorte de minitel sur mobile développé uniquement en Afrique, NDLR]. We didn’t develop a mobile application for two reasons. The first reason is of course related to the high data costs in the country. And second, because around 80% of all phones in the African continent are Android phones that have major messaging platforms like WhatsApp and Facebook pre-installed. Instead of building our own standalone app, we decided to build our platform within these existing, pre-installed messaging platforms.

Can you explain your contribution to us regarding the COVID-19 health crisis?

To read the rest of this article, visit CIO.

Fortnite, League of Legends victim of Tencent ban?

If US President bans Chinese Tencent’s WeChat, the company’s many subsidiaries and investments could also be banned, including some popular games.

Will President Trump stop you from playing Fortnite or League of Legends? Such is the fear of some that Tencent Holdings unexpectedly added to the list of Chinese companies to which the recent decrees apply. The president probably had no intention of at least explicitly depriving players of their favorite games. However, by including Tencent on its list, there is a risk that a large portion of the companies in the Chinese conglomerate or those in which the company invests will be affected.

In fact, the latest decree specifically targets WeChat, a popular messaging app from Tencent. The reasons and restrictions are very similar to the First Decree extending the previous TikTok ban. The document basically states that the US could ban the video-sharing service altogether if a takeover by Microsoft or another company is not completed within 45 days. In particular, it is Section 1 (a) of these two decrees, the wording of which hardly changes, except for the name of the target company, which contains the most important information. “The following actions are prohibited under applicable law for 45 days after the date of this Regulation in the Council: WeChat transactions by any person or property under the jurisdiction of the United States with Tencent Holdings Ltd. (aka Téngxùn Kònggǔ Yǒuxiàn Gōngsī), Shenzhen, China, or a subsidiary of such entity, as specified by the Minister of Commerce (Secretary) under Section 1 (c) of this Ordinance. “

Tencent a gaming mogul

In the case of Tencent, this would mean that customers in the US would be banned from playing games or playing games from Tencent’s subsidiaries. However, it is unclear whether the regulation also prohibits users from working with companies in which Tencent is involved.

The list of game developers Tencent owns or has invested in is long and includes some big names in the industry:

– Riot Games: Tencent owns Riot Games. In 2011, the company bought a 93% stake in Riot Games before acquiring the remaining 7% four years later. In particular, Riot Games is the publisher of the hugely popular League of Legends game. In addition, in April last year, Riot bought Hypixel, the company that runs Minecraft’s servers and reportedly developed a Minecraft competitor.

– Tencent also has a 40% stake in Epic Games, the developer of the Fortnite game, and the Epic Game Store. This investment was made in 2012.

– Tencent still owns up to 11.5% of the shares in Bluehole, the developer of PlayerUnknown’s Battlegrounds, also known as PUBG.

– Tencent also owns around 80% of Grinding Gear Games, the developer of Path of Exile.

– In 2019 Tencent acquired a majority stake in Supercell, the developer of the mobile games Clash of Clans and Clash Royale.

PCGamer also notes that Tencent only has a small stake in Frontier Developments (Elite: Dangerous, Planet Zoo) and Discord, the popular chat server. As in the case of TikTok, the Trump administration is concerned about the security of U.S. data. “Like TikTok, WeChat automatically collects a large amount of information about its users,” the decree says. “This data collection could enable the Chinese Communist Party to access personal and confidential information about American users.”

Trump wouldn’t do that … would he?

If, as some rumors suggest, the White House is not planning to target video game subsidiaries like Riot Games, the text of the decree is too vague to be entirely sure. The decree goes on to say: “After 45 days from the date of the appointment, the Minister of Commerce will indicate which transactions are affected by the provisions of subsection (a) of this decree.” In other words, until September 20, we won’t know which Tencent subsidiaries will be affected by the order. The Trump administration is unlikely to ban some of the world’s most popular games and take the risk of angering millions of people. But if that happened it would be the most groundbreaking event Fortnite has ever offered.

Jrme Manceau, Kaz’s new Marketing Director, wants to strengthen the brand with its communities

Jrme Manceau has been promoted to Marketing and Sales Director at Manga Publishing House Kaz. Since acquiring Crunchyroll, Crunchyroll has developed a strategy for developing the brand, particularly by leveraging its large community on social media. (Photo Kaz)

Jérôme Manceau, who is enthusiastic about Manga and his division, can only be happy. Since the end of 2016 he has been sales director of the manga and Japanese animation publisher Kazé Manga & Anime (see box). In June last year he became its marketing director. His appointment confirms the merger of the two marketing and trading activities following the takeover of the Japanese parent company Viz Media by the specialized American distributor Crunchyroll (Warner Media) in September 2019.

His mission? Transform the marketing and sales strategy to position the small publisher as a reference brand and no longer as a product supplier. Jérôme Manceau regrets that we very regularly meet readers in the salons who know our licenses very well but don’t even know who Kazé is. Our brands worked independently for SVOD, physical products and licenses. We are now trying to create a 360 ° universe for each of them and therefore identify a coherent ecosystem with publications on physical media, theatrical releases, SVOD, etc. It’s also a coherent strategy for all the supports the new Marketing Director wants to provide: social networks, influencers, physical events extended in the digital space, e-commerce, original content, etc. “I want all the supports to be connected, so that they can feed each other. That our digital, display and event campaigns can be found everywhere. That’s why we bring marketing and sales together! “”

Differentiate targeting based on the social network

At the moment, however, Kazé is barely exploiting his presence, even if it’s important on social media. “With a total of around 600,000 subscribers, we are the largest publisher specializing in Japanese social media entertainment,” explains Jérôme Manceau. We were the first to open a Snapchat account. 240,000 people subscribe to the publisher’s YouTube account, 215,000 to his Facebook page and 94,500 and 86,000 to his Twitter and Instagram accounts, respectively. Crunchyroll is also at the head of a large community with, for example, more than 2 million Instagram subscribers.

“We have had a real development strategy in this area since the takeover. And since we took office, in addition to classic marketing, we have had a strong digital branch in the team that deals with social networks and influence. The small publisher intends to expand its contact points with targeted communication according to the respective network. The company has so far treated all of its target groups equally, even though they have very different profiles. His Instagram subscribers are more interested in paper manga than others.

For more news on innovation in the marketing profession, please visit our Enjeux Marketing website.

A monthly show with youtubers

Specifically, from 2021 Kazé wants to strengthen both its voice in networks as a brand and the creation of original content. At the moment it is often content to announce its new offers. And its commercial actions are due to competitions or price cuts. Jérôme Manceau is enthusiastic and enthusiastic about his subject. “We want to create a monthly show with influencers who become ambassadors for our brand and our products and share our news, as is the case in Japan. We’d also like to shoot original documentaries: a day with a director or with a mangaka. We are even in contact with audiovisual production companies to convert manga into short films. “”

A single entry point for the relaunch of e-commerce

The marketing team that Jérôme Manceau oversees consists of nine people, two of whom work in direct marketing. The display and purchase of advertising space make up the largest part. “After a failed attempt four years ago due to lack of resources, we are thinking about e-commerce again. Online sales are a real point of sale, but we can’t fight Amazon or Fnac. However, thanks to the licenses we hold, we have been able to offer completely exclusive products. The new head of marketing is also considering a digital space that brings together everything his customers are looking for: his products, of course, but also tickets for European conventions, characters, etc. “There are no such individual entry points, Jérôme Manceau emphasizes. We lose ourselves on that of Fnac before we get there. “Kazé will be hiring an e-commerce specialist in the coming months and intends to rely on social media to improve this service.

Offer exclusively for physical events

Finally, Kazé also intends to strengthen its presence at physical events, to animate its community and especially to expand everything in the digital realm. “We are only represented at one trade fair, the Japan Expo,” says Jérôme Manceau. We want to do more and have a privileged space for discussion with our community. And above all with a response on the digital side. “”

“The challenge for us is to structure ourselves, to review the organization and processes in order to get off to a good start with this new strategy, said the Marketing Director of Kazé. For example, from now on a marketer will work on both manga and DVDs with a global brand vision. All of these “value creation paths” aim to offer the community a range of services to promote a brand ecosystem and no longer position Kazé as a simple product supplier.

Emmanuelle Delsol

Who is Kaz

The company, born in France in 1994, has belonged to the American group Crunchyroll since it took over Kazé’s parent company, Viz Media, in September 2019.

– Activity: Publishing and marketing of printed manga and Japanese cartoon series on DVD and SVOD, licensing of related brands for television sales, theatrical releases and merchandising. More than 400 references and 150 licenses in the catalog. We find key titles in manga and cartoon series One-Punch-Mann, My Hero Academia, Le Tombeau des Lucioles, The Promised Neverland, Black Clover and Hokuto no Ken.

– 2019 turnover: 16 million euros

– Workforce 2020: around 20 people