Category Security

MRuby and Language Security with Daniel Bovensiepen

http://traffic.libsyn.com/sedaily/mruby.mp3Podcast: Play in new window | Download Shopify is a company that helps customers build custom online storefronts. Shopify has built upon the same Ruby on Rails application since the founding of their business 12 years ago starting with Rails 0.5 and moving all the way to Rails 5.   MRuby is a lightweight implementation of the Ruby language. Shopify made the decision to use mruby to allow customers to

Continue reading…

Fighting Fraud at Coinbase with Soups Ranjan

http://traffic.libsyn.com/sedaily/SoupsPresentation.mp3Podcast: Play in new window | Download A cryptocurrency exchange faces a uniquely difficult fraud problem. A hacker who steals my credentials can initiate a transfer of all my bitcoin to another wallet, and it is a non-reversible, non-identifiable payment. So it is really important to prevent those kinds of fraudulent transactions. At the third Software Engineering Daily Meetup, Coinbase director of data science Soups Ranjan explained how Coinbase stays

Continue reading…

Ransomware with Tim Gallo and Allan Liska

http://traffic.libsyn.com/sedaily/Ransomware.mp3Podcast: Play in new window | Download Ransomware uses software to extort people. A piece of ransomware might arrive in your inbox looking like a PDF, or a link to a website with a redirect. Ransomware is often distributed using social engineering. The email address might resemble someone you know, or a transactional email from a company like Uber or Amazon. Tim Gallo and Allan Liska are authors of the

Continue reading…

Ad Fraud In Our Own Backyard with Shailin Dhar

http://traffic.libsyn.com/sedaily/ezanga.mp3Podcast: Play in new window | Download The online advertising industry is a giant casino. Giant technology companies are the casino owners, online publishers are the casino employees, the brand advertisers are the victims who keep returning to the casino to lose their money, and the small adtech companies are the sharks who make lots of money exploiting the inefficiencies of the system. One of these smaller adtech companies is

Continue reading…

Web Tracking with Bill Budington

http://traffic.libsyn.com/sedaily/panopticlick_edited.mp3Podcast: Play in new window | Download The Internet is decreasing in privacy and increasing in utility. Under some conditions, this tradeoff makes sense. We publicize our profile photo so that people know what we look like. Under other conditions, this tradeoff does not make sense. We do not want a television that costs less to purchase because it is silently recording all of the conversations that take place in

Continue reading…

Cloudbleed and SHA-1 Collision with Max Burkhardt

http://traffic.libsyn.com/sedaily/CloudbleedwithHaseeb.mp3Podcast: Play in new window | Download Thursday February 23rd was a big day in security news: details were published about the Cloudbleed bug, which leaked tons of plaintext requests from across the Internet into plain view. On the same day, the first collision attack against SHA-1 was demonstrated by researchers at Google, foretelling the demise of SHA-1 as a safe hashing function. What does this mean for the average

Continue reading…

Security Language with Jean Yang

http://traffic.libsyn.com/sedaily/SecureProgramming.mp3Podcast: Play in new window | Download Security vulnerabilities are an important concern in systems. When we specify that we want certain information hidden, for example our phone number or our date of birth, we expect the system to hide the information. However, this doesn’t always happen due to human error in the code because programmers have to write checks and filters across the program. In this episode, Edaena Salinas

Continue reading…

Cyber Warfare with Jared Smith

http://traffic.libsyn.com/sedaily/websecurity_edited.mp3Podcast: Play in new window | Download Vulnerabilities exist in every computer system. As a system gets bigger, the number of vulnerabilities magnifies. The web is the biggest, most complex computer system we have–but fortunately, the steps we can take to secure our web applications are often quite simple. Jared Smith is a cyber security research scientist with Oak Ridge National Laboratory. He joined me on the show to discuss

Continue reading…

Security Research with Samy Kamkar

http://traffic.libsyn.com/sedaily/security_edited.mp3Podcast: Play in new window | Download Every digital system has vulnerabilities. Cars can be hacked, locked computers can be exploited, and credit cards can be spoofed. Security researchers make a career out of finding these types of vulnerabilities. Samy Kamkar’s approach to security research is not just about dissection–it’s also about creativity. For many of the technologies he hacks on, Samy open-sources code that summarily describes the vulnerability he

Continue reading…

Ad Fraud Research with Augustine Fou

http://traffic.libsyn.com/sedaily/adfraudresearch_edited.mp3Podcast: Play in new window | Download A huge percentage of online advertisements are never seen by humans. They are viewed by bots–automated scripts that are opening web pages in a browser and pretending to be a human. Advertising scammers set up web pages, embed advertisements on those pages, and then pay for bot traffic to come and view those advertisements. This aspect of the internet is bizarre and alarming.

Continue reading…

Ad Fraud Everywhere with Shailin Dhar

http://traffic.libsyn.com/sedaily/adfraudeverywhere_edited_2.mp3Podcast: Play in new window | Download Advertising fraud is easy, legal, and extremely profitable. A fraudster can set up a website, scrape content from the internet, and run programmatic advertisements against that website. The fraudster can then purchase bot traffic. Those bots will visit the page, consume advertisements, and return profit to the owner of the page. In a past life, Shailin Dhar worked for a company that set

Continue reading…

Botnet Facebook Likes with Derek Muller

http://traffic.libsyn.com/sedaily/likefraud_edited.mp3Podcast: Play in new window | Download Botnets have a massive influence on the Internet. As we have seen recently with the Mirai Botnet, IOT bots can take down companies as big as Netflix. In our recent episodes about advertising fraud, we’ve talked about how bots are being used to take billions of dollars of revenue from advertisers. Derek Muller is one of those advertisers who has spent money on

Continue reading…

Fraud Prevention with Pete Hunt

http://traffic.libsyn.com/sedaily/antifraud_edited.mp3Podcast: Play in new window | Download When Facebook acquired Instagram, one of the first systems Instagram plugged into was Facebook’s internal spam and fraud prevention system. Pete Hunt was the first Facebook engineer to join the Instagram team. When he joined, the big problems at Instagram were around fake accounts, harassment, and large volumes of spammy comments. After seeing the internal Facebook spam prevention tools clean up Instagram, Pete

Continue reading…

Ad Tracking with Larry Furr

http://traffic.libsyn.com/sedaily/ghostery_edited.mp3Podcast: Play in new window | Download When you visit a web page, that web page can write data to a file on your computer, known as a cookie. Scripts on that page can also read from your cookie file to understand where you have been in the past. All of this data about you is getting shared between advertising companies like Google, Facebook, and AppNexus. Ghostery is a browser

Continue reading…

Ad Fraud with Ben Trenda

http://traffic.libsyn.com/sedaily/adfraud_edited.mp3Podcast: Play in new window | Download Advertising fraud takes billions of dollars out of the economy every year. We don’t know exactly how much money is being lost, because we don’t know what percentage of Internet users are bots. Are You A Human is a company designed to solve that exact problem, and provide a service for verifying whether a user is real or automated. Ben Trenda is the

Continue reading…

Container Security with Phil Estes

http://traffic.libsyn.com/sedaily/Container_Edited.mp3Podcast: Play in new window | Download Containers have become the unit of infrastructure that many technology stacks deploy to. With the shift to containers, the attack surface of an application has changed, and we need to reconsider our security models; the resource allocation of our containers, the interactions between different containers on a single machine, and the big picture–how the external web may interact with our containers. Phil Estes

Continue reading…

Slack Security with Ryan Huber

http://traffic.libsyn.com/sedaily/Slack_Security_edited.mp3Podcast: Play in new window | Download Security for the popular chat application Slack is a major focus for the company. A corporate Slack account is as valuable to a hacker as a corporate email account. In today’s episode, Ryan Huber and I talk through Slack’s approach to security–from philosophical discussions of how to company approaches security to the technical practices of logging and monitoring, and why Slack has a

Continue reading…

Electronic Frontier Foundation with Nate Cardozo

http://traffic.libsyn.com/sedaily/EFF_Nate_Edited.mp3Podcast: Play in new window | Download When the US government hacks its own citizens, The Electronic Frontier Foundation is often the best source of reporting to find out what laws the government has broken. When a change to the privacy policy of Google or Facebook is made, the Electronic Frontier Foundation is the best place to find out how that change in privacy exploits users. The Electronic Frontier Foundation

Continue reading…

Data Breaches with Troy Hunt

http://traffic.libsyn.com/sedaily/Troy_Hunt_Edited_2.mp3Podcast: Play in new window | Download When you hear about massive data breaches like the recent ones from LinkedIn, MySpace, or Ashley Madison, how can you find out whether your own data was compromised?   Troy Hunt created the website HaveIBeenPwned.com to answer this question. When a major data breach occurs, Troy acquires a copy of the stolen data and provides a safe way for individuals to check if

Continue reading…

Security and Machine Learning in the Call Center with Pindrop Security’s Chris Halaschek

http://traffic.libsyn.com/sedaily/Pindrop_Edited.mp3Podcast: Play in new window | Download Call centers are a vulnerable point of attack for large enterprises. Fraud accounts for more than $20 billion in lost money every year, and a significant portion of that fraud is due to customer service representatives being fraudulent social engineering attacks.   Chris Halaschek joins the show today to discuss how Pindrop Security is addressing this attack vector. Every phone call that gets

Continue reading…

  • 1 2