The feature, known as “two-factor” authentication, is already used by companies like Google and Apple and works by sending a pin code via text message to a user’s cell phone. Twitter has details and a tutorial video here.

The decision to add an extra security feature comes after hackers have repeatedly gained control of high profile Twitter feeds. The most prominent example occurred last month when hackers used the Associated Press’s account to say bombs had injured President Obama. The fake tweet roiled financial markets and led to calls for Twitter to improve its security features.

Attackers have also targeted CBS, the BBC and the Onion. The latter offered a candid account of how the hackers phished employees accounts and induced some of them, including a person with control over social media passwords to share log-in information.

Two factor authentication would likely have prevented those attacks because the attackers would have had to enter a password sent to the employee’s cell phone.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• The 2013 task management tools market
• How consumer media will change in 2013

Although it’s always been very important, network security seems to be attracting an increasing amount of attention these days, largely due to high-profile hacks. The Stonesoft acquisition, should it go through the usual regulatory hoops, will give Intel a boost in the areas of firewalls, evasion prevention systems and secure VPN services.

Here’s how McAfee president Michael DeCesare put it in a statement on Monday morning:

“With the pending addition of Stonesoft’s products and services, McAfee is making a significant investment in next-generation firewall technology. These solutions anticipate emerging customer needs in a continually evolving threat landscape.”

McAfee will blend Stonesoft’s services with its own existing portfolio, in particular its IPS Network Security Platform and its Firewall Enterprise product, and it looks like Stonesoft’s “next-generation” firewall will continue to be a product in its own right. In the statement, Stonesoft CEO Ilkka Hiidenheimo noted that “the combination of the two companies allows Stonesoft to benefit from McAfee’s global presence and sales organization of over 2,200 employees, best-in-class threat research and technology synergies.”

Intel said in January that it intended to “deliver more integrated solutions and comprehensive protection across mobile devices, endpoints, servers, and network through an extensible framework,” and would embark on a series of acquisitions, development initiatives and new partnerships to do so. The Stonesoft buy appears to be a pretty loud shot in that salvo.

Stonesoft’s secret sauce is its Security Engine, which can adapt to act as firewall, unified threat management system, server load balancer or VPN concentrator as needed. The company’s military-grade firewalls can be deployed as software or in the form of hardware or virtualized appliances. It’s not yet clear what will happen to the parts of Stonesoft’s portfolio not mentioned in the statement, such as its intrusion prevention system, which is also powered by the Security Engine.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• Bluetooth to Feel Blue as Personal Area Network Battles Loom
• Takeaways from connected consumer’s second quarter

The numbers bear out the trend. In the first quarter of 2013, VCs dumped nearly $353 million into IT security deals, up 90 percent over that quarter the previous year, according to MoneyTree Report data provided to GigaOM by the National Venture Capital Association. If you divide the total funding by the number of deals, the average amount was more than $16 million, up 125 percent over the $7.1 million amount in the first quarter of 2012.

Security startups that have taken on VC funding rounds this year include Cylance, TraceVector and vArmour Networks, among others.

The intersection of big data and security has been a hot space, as companies move to collect lots of information and analyze it all as fast as possible, just as companies want to derive insights on increasing and more complex data sets that can lead to overhead reductions and new revenue streams. For example, in October, EMC said it would buy Silver Tail Systems, which tracks web and mobile-app traffic and points to unusual behavior and violations that customers can set. To separate the wheat from the chaff of vulnerabilities that multiple security systems might discover and to use security staffers efficiently, Risk I/O prioritizes issues. Last year it got $5.25 million.

Are the cyberattacks nudging VCs to shell out millions? Shirish Sathaye, a general partner at Khosla Ventures, which has invested in Cylance and TraceVector along with Lookout and DB Networks, thinks the cyberattack news onslaught is making a difference.

“The first reason is, yes, every time you open a newspaper, you read about somebody being attacked,” he said, whether against consumers or companies. The likelihood and complexity of attacks only become greater as more people get online, often with multiple devices.

The multiplicity of devices accessing a network — a trend in its own right — could pose security challenges on its own, and Tenable Network Security picked up $50 million last year following the addition of features that look for vulnerabilities popping up as mobile devices and provide information on devices such as whether they are jailbroken. Last month Ionic Security, which keeps data encrypted as it moves to devices, said it had raised $9.4 million in new funding.

Another reason for the security funding boom, Sathaye said, is the success of network security player Palo Alto Networks. Prior to its public offering last year, threats might well have helped its appeal.

From Sathaye’s point of view, it’s critical to nurture the ecosystem of options for strengthening network and endpoint security. “As bad guys keep innovating, good guys have to innovate at least as fast as them, if not faster,” he said. With more money going toward IT-security startups, it does seem that plenty of other VCs think there’s an opportunity here.

Feature image courtesy of Shutterstock user LeventeGyori.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• Social 2013: The enterprise strikes back
• Crowdfunding’s rapid growth and future opportunity

To use Trusted Contacts, you can log into Facebook and go to your security settings, where you pick three or more friends to serve as your Trusted Contacts. Facebook then notifies those people that you’ve picked them, and if you ever got locked out of your account, you can ask those people to request security codes for you. Once you have three codes, you’ll be able to get into your account. You won’t have to answer security questions to get your password.

Password security is a hot topic right now, as we’ve become even more susceptible to internet hacks that can destroy personal information and leave us digitally stranded. And as the recent hack of the AP’s Twitter account proved, these hacks can have real financial and security implications for companies as well.

Facebook’s move is similar to two-factor authentication that we wrote Twitter should adopt, and which the company reportedly is working to add, although Facebook’s method uses your friends rather than a smartphone to supply the codes. Companies like Apple and Microsoft have recently stepped up password security options for their users, and it’s becoming somewhat of a must-have.

Facebook previously introduced a Trusted Friends feature in 2011 that let you designate friends to help in case you were locked out of your account, and Trusted Contacts is something of an update to that product, notifying your friends in advance.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• How consumer media will change in 2013
• Examining the rise of crowd labor platforms in 2012

In case you missed it, the AP’s Twitter account was suspended yesterday afternoon after the fake tweet — possibly posted by the Syrian army — caused a temporary shock to stock markets, which rely on news wires like the AP for up-to-date information.

On Wednesday morning, the AP announced its Twitter feed had returned and began tweeting ordinary news items (though initially forgetting to delete the hoax tweet):

The @AP Twitter account, which was suspended after being hacked, has been secured and is back up. Thank you for your patience. – @EricCarvin—
The Associated Press (@AP) April 24, 2013

Most of the account’s followers, however, appear to have disappeared. At the time of the hacking incident, the AP had nearly 2 million followers:

As of Wednesday morning at 9:30 ET, however, the AP account had fewer than 100,000 followers:

I’ve asked the AP for an explanation and am still waiting on a response. At this point,Twitter may be adding the followers back gradually; the 85,454 figure is almost double the number from earlier this morning.

Update: The AP says its social media editor ”was told by Twitter that it can take up to 24 hours for the follower count of a suspended account to return to normal.”

If the followers have indeed been wiped out, this would represent a serious blow for the AP. Like other news organizations, the AP relies heavily on social media outlets to disseminate its stories, and an organization’s (or person’s) number of Twitter followers can stand as proxy for influence.

The AP hacking incident has also led to calls for Twitter to introduce a security feature known as 2-step authentication.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• The future of mobile: a segment analysis by GigaOM Pro
• The 2013 task management tools market

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Cloud computing infrastructure: 2012 and beyond
• Takeaways from the second quarter in cloud and data
• Infrastructure Q2: Big data and PaaS gain more momentum

According to a Los Angeles Times article about Monday’s bomb attack at the Boston Marathon, the FBI has collected 10 terabytes that it’s sifting through in order to seek out clues about what exactly happened and who did it. Maybe I’m just a techno-optimist, but I find this very reassuring.

According the Times, “The data include call logs collected by cellphone towers along the marathon route and surveillance footage collected by city cameras, local businesses, gas stations, media outlets and spectators who volunteered to provide their videos and snap shots.”

Lots of data means lots of potential value

It’s reassuring because I’ve spoken with so many smart people over the years who can do amazing things with data. Ten terabytes isn’t a huge data set by any stretch of the imagination, but it’s plenty to work with if it’s of high quality. It’s very possible there are some needles in that haystack of call logs, and I’m optimistic the analysts within the FBI — possibly with some outside help — will be able to find them.

Techniques around video analysis and facial recognition are better than many people think, too. If there’s a way to stitch together hundreds — maybe thousands — of videos into a single truth of what happened, then I’m confident it will happen. By tracking faces and objects over time and place, we can recreate a crime and track down suspects without relying on after-the-fact accounts by witnesses who weren’t paying any attention until the bomb actually went off.

It’s not that witnesses are lying, it’s just that an attack like this might artificially color certain observations as being more nefarious than they really were. A Middle Easterner standing nearby might seem suspicious in hindsight, for example, but a witness might not have seen that guy cheering on a friend beforehand, stop to get a soda, and then meander over to the area where the bomb went off.

I have no clue what really happened, of course, I just know that cameras — especially hundreds of them at different angle and shooting over different timeframes — don’t suffer from selective or incomplete memories.

Can we crowdsource some surveillance?

I also find all this now-surveillance data reassuring because — if it proves useful — it might actually help to preserve our civil liberties going forward. We don’t necessarily needs drones flying overhead and cameras on every corner if we can crowdsource (at least from densely populated areas or big events) relatively high-resolution videos and photos during the investigation phase. We don’t necessarily need all orders of mobile call and location-tracking if we can collect what we need from the relevant area afterward.

This does little to prevent attacks, of course, and intelligence agencies will no doubt continue to trace phone calls and generally do what they do. That’s fine by me. If airports want to use facial recognition to flag known threats as they walk in the door, I’m not sure I can take issue with that either.

But by and large, it seems there’s precious little that surveillance — especially video — can do to predict crime unless an agency already knows what it’s looking for and has the means to act fast enough to make a difference. (IBM Fellow and general identity analytics guru Jeff Jonas wrote a great blog post in November about what’s actually possible to predict given the data on hand.)

So to the extent anyone thinks additional surveillance is going to help solve crimes that we didn’t see coming, I think I’d rather leave the data in the hands of hundreds or thousands of individuals and businesses rather than a handful of city, state and federal governments that might be tempted to overstep the bounds of what’s acceptable.

Really, though, the notion of how to prevent terrorist attacks and other mass-casualty crimes is a complex issue, and I’m not sure there are many ethically right or wrong answers. But when we get past the tragedy and criminality of what happened in Boston, we have to look at it as part of the bigger picture that’s shaping up around all the data we’re generating, collecting and analyzing. If terabytes of geospatially targeted call records and crowdsourced audio-video surveillance can help solve this type of crime and save all the time, money and privacy concerns of more-intrusive and expansive government efforts, then maybe there’s something worth considering.

Feature image courtesy of Shutterstock user Faraways.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• NewNet Q4: Platform mania and social commerce shakeout
• NewNet Q4: Platform mania and social commerce shakeout

In the ACLU’s blog, Principal Technologist and Senior Policy Analyst Chris Soghoian wrote:

“Google’s Android operating system now has more than 75% of the smartphone market, yet the majority of these devices are running software that is out of date, often with known, exploitable security vulnerabilities that have not been patched. For consumers running these devices, there is no legitimate software upgrade path. The problem isn’t that consumers aren’t installing updates, but rather, that updates simply aren’t available. Although Google’s engineers regularly fix software flaws in the Android operating system, these fixes aren’t packaged up and pushed to consumers by the wireless carriers and their handset manufacturer partners.”

As the ACLU hints in that last sentence, carriers aren’t the only culprit here. Before they can send out an Android update, carriers have to wait until handset makers tweak Google’s code for their own purposes since no one – save Google – is running a generic version of Android on their devices. Recently, Android device makers have gotten faster at releasing updates for their phones, but it’s by no means instantaneous.

Still, carriers are definitely a large part of the bottleneck, often asking for Android features to be removed from a build for competitive reasons. A case in point is Verizon’s disabling of Google Wallet on its NFC-capable phones. The fragmentation and politics of the Android ecosystem has led my colleague Kevin Tofel to call for Google to take back control of Android’s distribution from carriers and device makers.

Getting timely updates for services and features is one thing, but the ACLU is saying that critical security fixes are getting lost in the shuffle. Carrier industry group CTIA didn’t comment directly on the ACLU’s accusations, but it did imply that the threat of security vulnerabilities in the U.S. was overblown. In a statement, CTIA VP of Cybersecurity and Technology John Marinho said:

“Based on recent reports, U.S. wireless networks are among the most secure in the world because the carriers and the overall mobile industry are vigilant in preventing and protecting against malicious attacks. In addition, most U.S. wireless users shop at trusted application stores, which is why we have an app infection rate of less than 2 percent. Meanwhile, many other countries have app infection rates that are more than 10 times greater, and in the case of Russia, the app infection rate is reported at more than 90 percent.”

Image courtesy of Shutterstock user gosphotodesign

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• Controversy, courtrooms and the cloud in Q1
• Opportunities and challenges for mobile deals

Bain, who has spent several years pushing complicated document-management software, just released desktop and mobile apps called SearchYourCloud through his company, Simplexo, to let others search and encrypt documents with the storage services people use today. Bain said SearchYourCloud’s release will be able to ride the wave of a couple of big trends.

SearchYourCloud acknowledges that employees use Dropbox, Box, Google Drive, Microsoft Exchange and other easy-to-use services for both personal and business use. That’s why the software doesn’t automatically encrypt every file. It only encrypts those files that users select, and it keeps them in a separate SearchYourCloud folder on Dropbox or another service. Meanwhile, SearchYourCloud is also a nod to the fact that employees don’t just use one single cloud storage service. A search of, say, Dropbox doesn’t always immediately turn up a given document.

Currently, with Windows desktop and iOS apps, Simplexo lets customers search through Dropbox, Exchange and Sharepoint, and it can search through users’ desktop files as well. Support for Box.net, Evernote and Google Drive is on the way on the storage side, and Android and Windows Mobile and desktop Mac support on the app side. Bain said he would like to add the capability for searching across backup instances on Amazon Web Services’ S3 service and other locations later this year.

While Bain is eager to gain enterprise adoption of SearchYourCloud, he might be facing a moving target. IT departments could enforce more rules on where documents can be stored, and cloud storage providers could provide cross-cloud search tools. Other companies with either document encryption or cross-cloud searching could add the other feature and compete directly with Simplexo. Until then, SearchYourCloud appears to be a much-needed crutch.

SearchYourCloud shows search results across various cloud storage services.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• The role of converged infrastructure in the data center
• NewNet Q4: Platform mania and social commerce shakeout
• A field guide to cloud computing: current trends, future opportunities

So, if you’re an upstart in this business with serious security chops, how do you set yourself apart? Do what Tresorit is doing, and offer a bounty to any hacker who can breach your cryptography.

Tresorit was founded in 2011, received $1.7 million in funding last year from Euroventures and nine private investors, and is now freshly out of closed beta, with its storage being based on Azure. The firm has strong security cred as a spinoff of Hungarian security outfit CrySys Lab, which was responsible for identifying the notorious Duqu worm. And Tresorit is so sure of itself that, from April 15th, it will offer a $10,000 reward to any hacker that busts its cryptography.

“We’re positioning ourselves as an enterprise or small and medium business solution, but right now we’re targeting consumers too, because we need to reach credibility,” CEO István Lám explained to me. “That’s why we’re starting this campaign where we offer $10,000 to the first one who can hack this encryption.”

Crypto challenge

One issue with some  Tresorit rivals, such as Mega and Wuala, is that they use something called “convergent encryption”, which essentially means they can deduplicate the stuff their customers are storing on their systems. In the case of Mega, whose customers frequently use the service for storing movie files (entirely legally, of course), this helps avoid a situation where the same multi-gigabyte file is stored thousands of times, thereby keeping down Mega’s costs.

Some security specialists are wary of this approach because they fear it can undermine user privacy.

“If 10,000 people upload the same movie to Mega, they only have to store one file,” Lám said. “That leaks information about who has the same file – you can track one [piece of] information from another. So, from the very beginning, we dropped the idea of convergent crypto because that’s simply unacceptable for us.”

Of course, Tresorit is ultimately going for a somewhat different user base; one that demands secrecy but that isn’t necessarily going to be uploading dozens of bulky movies. As such, while Mega famously offers 50GB of free storage, Tresorit’s free option maxes out at 5GB…

… Although, if you’re reading this before 23:59 GMT on May 20th 2013, you can get a free 50GB Tresorit account for life by signing up here. Just thought I’d mention that. Anyway…

In terms of business-friendly features, Tresorit uses public key cryptography to establish keys between people, so users can share access to files without sharing passwords. There are no master keys for bosses, but Lám said the company will soon introduce a “threshold cryptography” system, where at least two managers will need to be present in order to decrypt and open an employee’s account.

Right now the client is only available for Windows, but OS X, iOS and Android versions will arrive before June, as will the first paid-for premium Tresorit accounts. Lám declined to reveal the pricing or capacity for these accounts ahead of that launch.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Dissecting the data: 5 issues for our digital future
• Connected world: the consumer technology revolution
• What Enterprise Software Vendors Could Learn from the Consumer Space