now browsing by tag
The bogus news is generally known as the “Martinelli hoax”, because it starts like this:
If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. Spread the word.
When we last wrote about “Martinelli”, back in 2018, we noted that the hoax was given a breath of believability because the text above was immediately followed by this:
If you receive a message to update the WhatsApp to WhatsApp Gold, do not click!!!!!
This part of the hoax has a ring of truth to it.
Back in 2016, hoax-checking site Snopes reported that malware dubbing itself WhatsApp Gold, was doing the rounds.
The fake WhatsApp was promoted by bogus messages that claimed, “Hey Finally Secret WhatsApp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.”
So WhatsApp Gold was actual malware, and the advice to avoid it was valid, so the initiator of the Martinelli hoax used it to give an element of legitimacy to their otherwise fake warning about the video.
The latest reincarnation of the hoax has kept the text of the original precisely, including the five-fold exclamation points and the weird extra spaces before punctuation marks.
The new hoax even claims that the video first mentioned several years ago still “comes out tomorrow.”
But there’s a new twist this time, with yet another hoax tacked on the end referring to yet another video “that formats your mobile.”
This time, the video is called Dance of the Pope:
Please inform all contacts from your list not to open a video called "Dance of the Pope". It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this message to as many as you can!
Ironically, Snopes suggests that this piece of the hoax – which is basically the same as the Martinelli hoax but with a different video name – is even older than the Martinelli part, dating back to 2015.
Quite why the hoax has reappeared now is not clear, though it may have been triggered by March 2020 news headlines about wunderkind Brazilian footballer Martinelli.
Martinelli currently plays for Arsenal in England, but has been tipped to appear in the Brazilian national squad at just 18 years of age; he’s also been the subject of media speculation that he might get poached from Arsenal by Spanish heavyweights Real Madrid.
Is it even possible?
In theory, playing a deliberately booby-trapped video file on your mobile phone could end up in a malware infection, if your phone has an unpatched bug in its media player software that a crook could exploit.
In practice, however, that sort of bug is very rare these days – and typically gets patched very rapidly and reported very widely.
In other words, if the creator of this warning knew enough about the “bug” to predict that it could infect any mobile phone, and could warn you about this “attack” in a video that isn’t even out yet, it’s highly unlikely that you wouldn’t have heard about the actual bug itself either from the vendor of your phone or from the world’s cybersecurity news media.
Additionally, even if there were a dangerous bug of this sort on your phone and your phone were at risk, it’s unlikely that “nothing would fix it”.
As for the imminent and unconquerable danger of an alleged double-whammy video attack of “threats” that first surfaced in 2015 and 2016…
…well, if the videos were supposed to “come out tomorrow” more than four years ago, we think you can ignore them today.
What to do?
- Don’t spread unsubstantiated or already-debunked stories online via any messaging app or social network. There’s enough fake news at the moment without adding to it!
- Don’t be tricked by claims to authority. Anyone can write “they announced it today on BBC radio,” but that doesn’t tell you anything. For all you know, the BBC didn’t mention it at all, or announced it as part of a hoax warning. Do your own research independently, without relying on links or claims in the message itself.
- Don’t use the “better safe than sorry” excuse. Lots of people forward hoaxes with the best intentions, but you can’t make someone safer by “protecting” them from something that doesn’t exist. All you are doing is wasting everyone’s time.
- Don’t forward a cybersecurity hoax because you think it’s an obvious joke. What’s obvious to you might not be to other people, and your comments may get repeated as an earnest truth by millions of people.
- Don’t follow the advice in a hoax “just in case”. Cybersecurity hoaxes often offer bogus advice that promises a quick fix but simply won’t help, and will certainly distract you from taking proper precautions.
- Patch early, patch often. Security updates for mobile phones typically close off lots of holes that crooks could exploit, or shut down software tricks that adware and other not-quite-malicious apps abuse to make money off you. Take prompt advantage of updates!
- Use a third-party anti-virus in addition to the standard built-in protection. Sophos Intercept X for Mobile is free, and it gives you additional protection not only against unsafe system settings and malware, but also helps to keep you away from risky websites in the first place.
- Don’t grant permissions to an app unless it genuinely needs them. Mobile malware doesn’t need to use fancy, low-level programming booby-traps if you invite it in yourself and then give it more power that it needs or deserves.
The post WhatsApp “Martinelli” hoax is back, warning about “Dance of the Pope” – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
An online “impersonator” of a Democratic National Committee (DNC) staffer tried to contact presidential campaigns, including Sen. Bernie SandersBernie SandersWinners and losers from the South Carolina debate Five takeaways from the Democratic debate Sanders most searched, most tweeted about candidate during Democratic debate MORE’s (I-Vt.) campaign, the committee said in a statement to the candidates Wednesday.
Bob Lord, the DNC’s chief security officer, wrote in an email to the campaigns that “adversaries will often try to impersonate real people on a campaign,” The Associated Press reported.
He added that the “adversaries” could try to get campaign workers to “download suspicious files, or click on a link to a phishing site” or set up calls or in-person meetings to record and release.
Lord warned that the “impersonator” contacted the Sanders campaign and at least two others and had a domain registered overseas. But he acknowledged that anyone can register a domain name in any country.
“Attribution is notoriously hard,” he wrote. “The appropriate authorities have been alerted.”
“If you are using an alternate domain, please refrain from doing so and let us know if you are operating from a domain that others have not corresponded with before,” Lord added. “Do not use your personal mail account for official business.”
Sanders campaign spokesman Mike Casca confirmed the incident with the AP and said the domain was registered in Russia.
“It’s clear the efforts and investments made by the DNC and all the campaigns to shore up our cybersecurity systems are working,” Casca said, according to the AP. “We will remain vigilant and continue to learn from each incident.”
The Hill reached out to the DNC and the Sanders campaign for confirmation.
The Vermont senator said on Friday that he was briefed about a month ago that Russia was attempting to boost support for his campaign.
Democratic campaigns have been cautious about cybersecurity since Hillary ClintonHillary Diane Rodham ClintonDemocratic insiders stay on the sidelines in 2020 race Hillicon Valley: Twitter falling short on pledge to verify primary candidates | Barr vows to make surveillance reforms after watchdog report | DHS cyber chief focused on 2020 The Hill’s Campaign Report: High stakes at last Democratic debate before Super Tuesday MORE campaign chairman John Podesta’s emails were hacked and published after he received an email seemingly from Google directing him to change his account.
The post #nationalcybersecuritymonth | DNC warns campaigns about cybersecurity after attempted scam appeared first on National Cyber Security.
View full post on National Cyber Security
Inmates’ and correctional facilities employees’ data has been sloshed onto the web, unencrypted and unsecured, in yet another instance of a misconfigured cloud storage bucket.
Security researchers at vpnMentor came across the leak on 3 January during a web-mapping project that was scanning a range of Amazon S3 addresses to look for open holes in systems.
The leaky bucket belongs to JailCore, a cloud-based app meant to manage correctional facilities, including by helping to ensure better compliance with insurance standards by doing things like tracking inmates’ medications and activities. That means that the app handles personally identifiable information (PII) that includes detainees’ names, mugshots, medication names, and behaviors: going to the lavatory, sleeping, pacing, or cursing, for example.
JailCore also tracks correctional officers’ names, sometimes their signatures, and their personally filled out observational reports on the detainees.
Some of the PII is meant to be freely available to the public: details such as detainee names, dates of birth and mugshots are already publicly available from most state or county websites within rosters of current inmates. But another portion of the data is not: that portion includes specific medication information and additional sensitive data, vpnMentor says, such as the PII of correctional officers.
JailCore closed down the data leak between 15 and 16 January: 10 or 11 days after vpnMentor notified it about the breach (and about the same time that the security firm reached out to the Pentagon about it). The company initially refused to accept vpnMentor’s disclosure findings, the firm said.
Risk of identity theft
The leaky bucket held 36,077 PDFs of data from an Amazon server belonging to JailCore. The security researchers didn’t open each file, but the records that they did open pertained to correctional facilities in Florida, Kentucky, Missouri, Tennessee and West Virginia.
JailCore says that it’s a startup that’s currently working with six jails, totaling 1,200 inmates. It thinks that a tiny portion of real people’s information was involved in the breach. From one of its comments cited by vpnMentor:
Of those 6 jails, only 1 is using the application to track medication compliance in a 35 inmate jail and only 5 of those 35 inmates in that jail has a prescribed medication. Meaning all other reports with any mention of medication were all used for demonstration purposes only.
JailCore asked vpnMentor to bear in mind that detainees aren’t free citizens, and that’s a whole ‘nuther can of worms when it comes to privacy rights:
These are incarcerated individuals, not free citizens. Meaning, the same privacy laws that you and I enjoy, they do not.
[…] You cannot look at this like an example of a private citizen getting certain private information hacked from the cloud. These are incarcerated individuals who are PROPERTY OF THE COUNTY (this is even printed on their uniforms) … they don’t enjoy our same liberties.
Does that mean that it’s OK to expose prison inmates to the risk of identity theft? vpnMentor’s take on that risk:
Knowing the full name, birthdate, and, yes, even the incarceration record of an individual can provide criminals with enough information to steal that person’s identity. Considering that the person whose identity is stolen is in jail, cut off from normal access to a cellphone or their email, the damage could be even greater, as it will take longer to discover.
When Vice’s Motherboard contacted JailCore, a representative acknowledged that the records were in fact generated by its app and confirmed that JailCore had sealed up the hole. The JailCore rep also told the publication that the company doesn’t think that any of the compromised PII is personally sensitive or compromising in any way.
A tub full of leaky buckets
And thus does JailCore join the Who’s Who list of organizations that have misconfigured their Amazon S3 buckets and thereby inadvertently regurgitated their private data across the world: Dow Jones; a bipartisan duo including the Democratic National Committee (DNC) and the Republican National Committee (RNC); and Time Warner Cable – to name just a few.
In fact, back in 2017, security vendor Threat Stack conducted a survey of 200 AWS users in early 2017 and found that 73% left SSH open to the public, and 62% weren’t using two-factor authentication (2FA) to secure access to their data.
Amazon took a proactive step by scanning its customers’ S3 buckets and sending warnings when it found spillage, reaching out to customers with bad security before crooks had a chance to.
It doesn’t have to be this way. There’s help out there for organizations that can take a deep breath, step away from their servers, and plunge in to learn how to better secure them: Amazon has an FAQ about how to access AWS Simple Storage Service (S3) controls and encryption.
The post Data about inmates and jail staff spilled by leaky prison app – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans It can be difficult for normal people to know when to trust the government and when not to. It can be even more confusing to figure out when to trust Mike Lee. The senior senator from the great state of Utah has, on occasion, stood up […] View full post on AmIHackerProof.com
#nationalcybersecuritymonth | Covered Security wants you to be smarter about online threats — for your employer’s sake
I took a five-minute online quiz created by a Boston startup, Covered Security. It’s designed to give you the cybersecurity equivalent of your credit score — basically, how do your online security habits compare with the average person’s, and how do they compare with the habits of security experts? Let’s just say I have some improvements to make before I reach the “average” mark on Covered’s grading scale.
What Covered is trying to do is motivate people like me to change. Not because we’re a danger to ourselves, but because we’re a danger to our employers.
“Normal people are compromised at a rate that is 124.7 percent higher than security professionals,” says Covered’s founder and CEO, Chris Zannetos.
Unfortunately, it can be tough to get people to change bad habits, such as using the same password for multiple accounts or using easy answers to the security prompt questions for password recovery (like mother’s maiden name.)
As for getting them to pay for new security software or services that might make them less vulnerable? Forget about it, Zannetos says. People are complacent about security until a hacker breaks into their Facebook account and starts messaging all of their friends or cracks a bank account and wreaks havoc.
So Covered is focusing on employers, who have a lot more at stake — billions of dollars, trade secrets, brand reputations, and stock prices. Corporate information security executives, Zannetos says, “always say that people were the soft underbelly of their security program. They are a gateway for hackers to break into the organization,” such as when employees hastily respond to an e-mail that looks like it’s from the boss requesting password information, or asking them to review an attached file. (Oops — malware, which can give the bad guys access to everything on your machine.) So Covered is planning to sell to companies, rather than to individuals, and it already has a handful that are using its software, including Aflac, the Georgia insurance company.
Covered Security was founded in 2016, and it’s still small — fewer than 10 employees, Zannetos says. The objective, he explains, was to create “a FitBit for online security. Could we make it simple, fast, and personally rewarding for people to improve their own security habits?”
Covered’s product is fundamentally about education: What are the ideal things to be doing to protect your passwords and accounts, and where have data breaches occurred recently that may affect you and your account information? The Web-based system gives you pats on the head (“kudos”) when you make small improvements, and your employer can offer prizes to people who have accumulated a certain number of kudos. (Yes, you are on the honor system: You can say that you’re using two-factor authentication — “text me a code so I can log in to my account” — without actually doing it.)
Your employer can’t peer into an individual employee’s Covered profile, Zannetos says. But they can see high-level analytic data about “where the company is weak and where they’re strong, and what behavior they need to incentivize.”
This month, to build buzz, Covered has been giving away gift cards to people who register with the site and start earning kudos.
Danahy, the security entrepreneur, says that while “most people treat the end user as a problem that is not solvable — they will always make mistakes — what Covered is doing has an optimism, and a realism, I think, that you can change that.”
The notion, he says, is that you and I should be more aware of practical behaviors, like using a password repository to create and manage our passwords, as well as read articles about the latest hacker techniques, so that we don’t become victims. Offering kudos and financial incentives to spend time doing that, Danahy says, “gamifies” the process of changing our behaviors. Danahy serves as an adviser to Covered but is not an investor in the company.
Oren Falkowitz, CEO of the California startup Area 1 Security and a former staffer at the National Security Agency and US Cyber Command, says via e-mail that the Covered concept sounds simple. “But the reality is, we humans can’t be taught to be less human. Our innate curiosity, our willingness to trust complete strangers, and our child-like interest in a good story, all work against us in cyberspace.” That’s what makes it impossible, Falkowitz says, to stop phishing attacks without relying on “specific and advanced computer software.”
“The concept of training employees so that they can better avoid being phished or falling prey to other social hacks is not new, and almost every company is doing some level of employee education in this regard these days,” says Maria Cirino, a former cybersecurity CEO and venture capitalist at the Boston firm .406 Ventures. But Covered’s approach and use of technology to change people’s bad habits could prove more effective and measurable, Cirino says. Her firm hasn’t invested. Covered has so far raised a bit more than $1 million from individual investors, and Zannetos hopes to add more to the company’s bank account in the spring.
Covered is in the midst of juggling the four balls that every startup needs to keep in the air: finding investors, closing sales, hiring skilled employees, and continually improving the product.
But the mission — making all of us a little less dumb, when it comes to online security practices — is an important one.
Scott Kirsner can be reached at email@example.com. Follow him on Twitter @ScottKirsner.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans In 1885, a psychologist named Hermann Ebbinghaus published his theory on education retention called the Forgetting Curve. His research theorizes that most people forget up to 80 percent of what they’ve learned within 48 hour, unless the information is reviewed time and again. With Deloitte reporting […] View full post on AmIHackerProof.com
On bikes and scooters, messengers with bright orange satchels whipped and weaved through Manhattan’s teeming streets. Their bags held snacks, DVDs, and diapers for a start-up called Kozmo.com, which promised deliveries in under an hour. It was the year 2000. And it all seemed magical.
The real magic, it soon turned out, was Kozmo’s ability to raise more than $250 million in funding despite running a money-losing operation. As the dot-com bubble burst later in 2000, a planned initial public offering was canceled. Kozmo was liquidated in April 2001. Among the investors left holding the bag were
(ticker: AMZN) and the venture-capital arm of SoftBank Group (9984.Japan).
Two decades later, Kozmo-like businesses are raising huge sums of money and delighting consumers. New movies get streamed straight to TVs, car service shows up instantly, and meals and goods arrive with the push of a button. Companies like
and SoftBank are still footing the bill.
Each new service undercuts the incumbents.
(LYFT) are cheaper than city cabs. A month of content from
(NFLX) costs less than one movie ticket; and Amazon makes every day feel like Black Friday.
But now we are on the precipice of another Kozmo-like reckoning. WeWork’s failed IPO—and a sudden focus on profits—has forced venture capital to rein in its voracious appetite. Investors have begun to feel the pain of a more discriminating market.
Consumers are likely to be next. Their free lunch—fueled by technology and generous private capital—is coming to an end. As the spigot turns off in both public and private markets, consumers will probably see changes from ride-sharing to food delivery that pinch their pocketbooks.
Billionaire investor and owner of the National Basketball Association’s Dallas Mavericks Mark Cuban says it will be difficult for many companies to adapt to the new reality. And it will be painful for consumers who have grown accustomed to great tech and low prices.
“It’s hard to sustain the growth rates that IPO investors look for, and it’s even harder to retrain customers to accept higher and profitable pricing after [companies’] subsidizing the cost for so long,” Cuban tells Barron’s in an email.
Several customers of these start-up services agree. “There is a tipping point,” says Kristen Ruby, president and founder of the Ruby Media Group, who spends $30 to $40 on food delivery multiple times a week. “Consumers will be put over the edge if the fees continue to get any higher.”
Andy Bachman, a rabbi who works as executive director of a New York City organization called the Jewish Community Project Downtown, says he orders with Seamless or
(GRUB) a couple of times each month. “Many people in the city who have more disposable income, they’re not going to have a problem with a small rise in delivery price,” he says. “But a normal family like ours, we’d stop using it.”
For much of the past decade, investors poured billions of dollars into start-ups, choosing to judge success by scale. Profits were for another day. Then, investors started to fear that the day might never come.
First came the weak performance of the unicorn IPOs. The share prices of hotly anticipated new stocks like Uber and
(PINS) have tumbled by more than 30% from their summer highs. The direct listing for
(WORK) has also proved to be a disappointment.
The turning point was the failed IPO of WeWork, the shared office-space company. At its peak, the company was worth $47 billion in the private market. Its IPO filing—which detailed huge losses and bewildering managerial decisions—triggered a reawakening among investors who suddenly remembered lessons from the internet bubble. WeWork was forced to shelve its offering and ultimately needed a bailout from SoftBank to stay solvent.
“The WeWork IPO process instilled a level of discipline in the market that hadn’t been there for a while,” says Mario Cibelli, manager of hedge fund Marathon Partners Equity Managment. “From the summer to the fall, you have gotten into a completely different environment. That exit opportunity that a lot of the private companies would be eyeing essentially dissipated. The public markets are demanding a different kind of risk profile and behavior.”
Jim Chanos, the short seller best known for predicting the collapse of Enron, blames SoftBank and its $100 billion dollar Vision Fund for fueling many of the unsustainable strategies. The Japanese company was WeWork’s largest investor.
“It’s very clear now that SoftBank got swept up and led the vanguard on this and maybe didn’t spend the time they should have on the business models,” says Chanos, the founder and managing partner of Kynikos Associates. “The whole WeWork thing was silly from the beginning.”
SoftBank declined to comment on the criticism over its business-model analysis of WeWork. But in an investor presentation in November, SoftBank said that it was now telling companies to focus on generating free cash flow (a measure of profitability) and that they should aim to be “self-financing.” It also started a new “no rescue package” policy for its portfolio companies.
“SoftBank figured that out a little bit late,” Chanos says. “Maybe these companies should have a path to profitability.”
The shift in sentiment has hit private markets, too. In the third quarter, start-ups received $27.5 billion in new venture capital during the third quarter, down 17% from the previous quarter and the lowest total in nearly two years, according to Dow Jones VentureSource.
Some of the start-ups won’t survive the new environment, while established businesses will be forced to raise consumer prices.
Internet TV is a good lesson for what consumers can expect. Virtual cable bundles, or virtual MVPDs (multichannel video programming distributors), hit the market roughly three years ago, promising to allow cord-cutters to get the best of live TV at a fraction of the cost of cable. At first, YouTube TV, Hulu Live TV,
PlayStation Vue, and DirecTV Now (currently called AT&T TV Now) all offered live-TV packages streamed over the internet for just $30 to $40 a month.
The low prices didn’t last. Craig Moffett, MoffettNathanson’s telecom analyst, says the virtual bundlers wrongly assumed that the business would have the winner-take-all economics akin to Google and
But content businesses are weighed down by a cost structure that doesn’t scale like native web businesses.
“The math never made any sense,” Moffett says. “The programming costs alone were north of $30 for those packages. After customer-service and customer-acquisition costs, there was simply no way anyone was going to make money.”
Faced with rising losses, Moffett notes, the internet TV services were forced to replicate the same price increases that drove people to cut the cord in the first place. As the prices went higher, subscriber growth sputtered. In October, Sony announced that it would shut down its Vue service in January. AT&T TV Now, meanwhile, raised its price so high—$65 a month, from the initial $35—that customers started to defect. Net subscriber losses for the service totaled nearly 700,000 in the past four quarters, according to MoffettNathanson. Internet TV now looks much like cable TV—both in cost and subscriber trends.
“Everybody initially hoped they would be able to grab market share and build a position that would give them more negotiating leverage and eventually be profitable to raise prices,” Moffett says. “In retrospect, neither of those assumptions held water.”
Moffett thinks the virtual-cable story could be repeated in other markets.
So what can consumers expect to happen in the ride-hailing, food-delivery, and streaming-video-subscriptions markets in the near future? Here’s a breakdown by industry:
With stocks of the major U.S. ride-hailing players—Uber and Lyft—battered in recent months, consumers should expect to see a wave of price increases in the coming year.
Wall Street data indicate that the ride-hailing firms can get away with higher prices. Canaccord Genuity says its latest price tracker shows that Lyft and Uber fares were up 6% on average since May, adjusted by ride class. Last month,
released an analysis of New York City ride-hail data, suggesting that demand for the service was inelastic. The firm found that when per-ride pricing rose 23% because of a congestion surcharge, it resulted in only a 10% decline in volume.
There are strong signals that a sea change is already under way. On Lyft’s last earnings call, the company’s chief financial officer said there was “increasing rationality” in the market, noting that average ride prices were higher year over year, adjusted for type of ride. Moreover, the company’s September-quarter adjusted margin on earnings before interest, taxes, depreciation, and amortization, or Ebitda, improved 32 percentage points, to a negative 13%, from the prior year. Lyft has said that it expects to be profitable by late 2021.
Marcelo Lima, a hedge fund manager at Heller House whose firm owns Lyft shares, sees a brewing duopoly in the U.S. ride-hailing space. He is more optimistic about Lyft than Uber because of the former’s North American focus. “I like the focus of Lyft; it’s a clear story,” he says. “They have a good chance of reaching very good economics soon.”
Uber, meanwhile, is being held back by its other money-losing units, like autonomous driving and food delivery.
What kind of actual price changes can consumers expect in the near term? Mike Puangmalai, a private investor who spent eight years as an analyst at Relational Investors, says, “For a $25 trip, don’t be surprised if it’s $30 this coming year. I do think prices will go up.”
Uber’s willingness to lose money has thrown the nascent food-delivery business into disarray. Four well-funded players—DoorDash, Uber Eats, Grubhub, and Postmates—have been trying to outdo one another with wider networks and better discounts. Staggering losses and great deals for customers are the result.
Uber Eats lost more than $300 million in the September quarter, with losses up nearly 70% year over year. Grubhub shares plunged 43% in late October, when it offered profit guidance well below Wall Street expectations. Industry analysts widely believe that DoorDash and Postmates are losing money and will have difficulty going public, given recent trends.
DoorDash and Postmates didn’t respond to emailed requests for comment.
Chanos, whose firm is short shares of Grubhub, believes that the food-delivery companies are facing pressure from restaurants asking for lower commission rates. He also expects that consumers will see fewer coupons and promotions from the delivery firms, adding that higher prices would probably result in far lower delivery volume.
In a statement, Grubhub said that it “has proved itself as the only food-delivery business in the U.S. with a profitable, transparent, and sustainable business model.”
“Several of our peers have achieved national scale,” Grubhub said, “but we are the only one that has grown without unsustainable shortcuts like incurring massive operating losses, offering irrational diner pricing, and giving drivers substantial subsidies.”
Cibelli, whose firm owns Grubhub shares, predicts that all of the players will have to fix their businesses by cutting back on the discounts that attracted customers in the first place. “Uber Eats, Postmates, and DoorDash are all going to have to approach break-even and cease their cash burn,” he says. “The odds of consolidation are quite high. Likely, you will eventually have two dominant players.”
The hedge fund manager believes that with fewer players, aggregate industry profitability will improve as the overlap in operating expenses such as marketing and administrative spending gets eliminated. After the consolidation, he predicts, the remaining companies will be able to raise prices, benefiting Grubhub’s stock price.
Bulls and bears agree that the current competitive landscape isn’t sustainable. Cibelli says that the private companies that used their enormous fund raising to chase low-profit-margin sales will face the biggest obstacles.
“DoorDash, especially, has created transactions more aggressively than would have occurred naturally by offering too good of a deal for consumers, especially on the fast-food-chain side,” Cibelli says. “It’s nice to press a button to have
delivered to you very cheaply, but these are inferior transactions.”
consumer survey revealed that 58% of diners said promotions and deals played a role in their food-delivery decisions. Furthermore, only 36% of consumers said they were exclusive to one platform.
Fast-food orders are especially problematic in terms of profitability. Morgan Stanley estimates that two-thirds of fast-food orders were under $7. In a typical $10 fast-food order, the firm says that a food-delivery company would lose $3.80 because of a $5 cost per delivery, net of fees.
Consumers are unlikely to readily accept higher delivery prices, as they might be with higher ride-hailing costs.
“If there are less promotions like free delivery, I’m not going to order as much personal meals,” says Puangmalai, 37, who is also a freelance software developer. “My usage will go down on the lower-ticket stuff.”
While the ride-hailing and food-delivery industries are due for a reckoning, online video streaming has a longer runway. The “free lunch” in video could last for a while, thanks to the deep pockets of big tech and media.
These companies have already told their investors to expect many years of continued losses, as they build their streaming libraries. AT&T, for example, expects its HBO Max to lose more than $4 billion before turning profitable in 2025.
The WeWork moment hasn’t hit the streaming business largely because video-streaming companies have other profitable businesses, like theme parks, movies, wireless services, and smartphones that can subsidize the streaming efforts at attractive price points.
(DIS) launched its Disney+ streaming service at just $7 a month, about 45% lower than Netflix’s standard plan. In its first year, Disney plans to have a library of 7,500 TV episodes and 500 movies—including the company’s Pixar, Star Wars, and Marvel films. Disney has told investors that it won’t make money on Disney+ until 2024.
Disney isn’t alone in firing large shots in the streaming wars. In October, WarnerMedia unveiled details for its HBO Max streaming service, which will start in May. Warner says the service will have 10,000 hours of content from HBO, Warner Bros., DC Entertainment, CNN, TNT, Cartoon Network, Adult Swim, and other WarnerMedia properties. It will have 50 “Max Originals” by 2021. Despite having double the content, HBO Max will cost $14.99 a month, the same current cost as standard HBO.
The low cost of streaming is all the more striking given the costs being spent on content to power the services. Cowen estimates that Netflix and Amazon will spend $15 billion and $8 billion, respectively, for content in 2019. The firm thinks that
(AAPL), which just introduced its Apple TV+ service at $4.99 a month, will spend $6 billion annually within two years.
“The pricing environment will definitely be more muted than in the past five years due to the increased competition,” says Cowen analyst John Blackledge.
Indeed, Netflix may be looking to cut the entry price in certain markets. It is already trying lower-priced mobile-only plans in India, suggesting that cheap plans may be the key to its international expansion.
The problem for Netflix is that running a streaming service continues to get more expensive. On its last earnings call, Netflix’s management acknowledged that the content cost for the hottest TV shows with multiple bidders had risen 30% over the past year. The bull case for Netflix stock has always been its potential to raise subscription prices over time. But new streaming options are sure to limit Netflix’s pricing power.
Over the past year, it was quite the roller-coaster ride for the streaming giant’s investors. Netflix’s stock price started 2019 strong, with a 40% rally through July, but it then lost all those gains in just two months after the company posted a disappointing second quarter. Netflix shares did rebound into year-end, closing up 21% for 2019, though materially lagging the major indexes. Shareholders should expect more volatility and lackluster relative returns for the next few years.
The uncertainty for the longtime market darling speaks to a new dynamic on Wall Street. Delighted consumers are no longer aligned with happy investors. As the unicorns grow up, they’ll look more like cable companies and less like nonprofits.
“If something is too good to be true, it probably is,” Moffett says.
Josh Nathan-Kazis contributed to this article.
Write to Tae Kim at firstname.lastname@example.org
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Working for NASA is a big job and a true honor. Every day, the talented men and women of NASA must think on a cosmic level because it’s not just about space exploration and research. Sometimes it’s about planetary safety, such as their plan to destroy […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans With help from Eric Geller, Mary Lee and Martin Matishak Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans * UK-U.S. trade documents were leaked last month * Reddit believes Russian campaign behind the leak * UK fears attempt to influence the Dec. 12 election * British spies investigating the matter By Michael Holden LONDON, Dec 7 (Reuters) – The leak of classified UK-U.S. trade […] View full post on AmIHackerProof.com