Podcast: Play in new window | Download
http://traffic.libsyn.com/sedaily/security_edited.mp3Podcast: Play in new window | Download Every digital system has vulnerabilities. Cars can be hacked, locked computers can be exploited, and credit cards can be spoofed. Security researchers make a career out of finding these types of vulnerabilities. Samy Kamkar’s approach to security research is not just about dissection–it’s also about creativity. For many of the technologies he hacks on, Samy open-sources code that summarily describes the vulnerability he
http://traffic.libsyn.com/sedaily/adfraudresearch_edited.mp3Podcast: Play in new window | Download A huge percentage of online advertisements are never seen by humans. They are viewed by bots–automated scripts that are opening web pages in a browser and pretending to be a human. Advertising scammers set up web pages, embed advertisements on those pages, and then pay for bot traffic to come and view those advertisements. This aspect of the internet is bizarre and alarming.
http://traffic.libsyn.com/sedaily/adfraudeverywhere_edited_2.mp3Podcast: Play in new window | Download Advertising fraud is easy, legal, and extremely profitable. A fraudster can set up a website, scrape content from the internet, and run programmatic advertisements against that website. The fraudster can then purchase bot traffic. Those bots will visit the page, consume advertisements, and return profit to the owner of the page. In a past life, Shailin Dhar worked for a company that set
http://traffic.libsyn.com/sedaily/likefraud_edited.mp3Podcast: Play in new window | Download Botnets have a massive influence on the Internet. As we have seen recently with the Mirai Botnet, IOT bots can take down companies as big as Netflix. In our recent episodes about advertising fraud, we’ve talked about how bots are being used to take billions of dollars of revenue from advertisers. Derek Muller is one of those advertisers who has spent money on
http://traffic.libsyn.com/sedaily/antifraud_edited.mp3Podcast: Play in new window | Download When Facebook acquired Instagram, one of the first systems Instagram plugged into was Facebook’s internal spam and fraud prevention system. Pete Hunt was the first Facebook engineer to join the Instagram team. When he joined, the big problems at Instagram were around fake accounts, harassment, and large volumes of spammy comments. After seeing the internal Facebook spam prevention tools clean up Instagram, Pete
http://traffic.libsyn.com/sedaily/ghostery_edited.mp3Podcast: Play in new window | Download When you visit a web page, that web page can write data to a file on your computer, known as a cookie. Scripts on that page can also read from your cookie file to understand where you have been in the past. All of this data about you is getting shared between advertising companies like Google, Facebook, and AppNexus. Ghostery is a browser
http://traffic.libsyn.com/sedaily/adfraud_edited.mp3Podcast: Play in new window | Download Advertising fraud takes billions of dollars out of the economy every year. We don’t know exactly how much money is being lost, because we don’t know what percentage of Internet users are bots. Are You A Human is a company designed to solve that exact problem, and provide a service for verifying whether a user is real or automated. Ben Trenda is the
http://traffic.libsyn.com/sedaily/Container_Edited.mp3Podcast: Play in new window | Download Containers have become the unit of infrastructure that many technology stacks deploy to. With the shift to containers, the attack surface of an application has changed, and we need to reconsider our security models; the resource allocation of our containers, the interactions between different containers on a single machine, and the big picture–how the external web may interact with our containers. Phil Estes
http://traffic.libsyn.com/sedaily/Slack_Security_edited.mp3Podcast: Play in new window | Download Security for the popular chat application Slack is a major focus for the company. A corporate Slack account is as valuable to a hacker as a corporate email account. In today’s episode, Ryan Huber and I talk through Slack’s approach to security–from philosophical discussions of how to company approaches security to the technical practices of logging and monitoring, and why Slack has a
http://traffic.libsyn.com/sedaily/Troy_Hunt_Edited_2.mp3Podcast: Play in new window | Download When you hear about massive data breaches like the recent ones from LinkedIn, MySpace, or Ashley Madison, how can you find out whether your own data was compromised? Troy Hunt created the website HaveIBeenPwned.com to answer this question. When a major data breach occurs, Troy acquires a copy of the stolen data and provides a safe way for individuals to check if
http://traffic.libsyn.com/sedaily/Pindrop_Edited.mp3Podcast: Play in new window | Download Call centers are a vulnerable point of attack for large enterprises. Fraud accounts for more than $20 billion in lost money every year, and a significant portion of that fraud is due to customer service representatives being fraudulent social engineering attacks. Chris Halaschek joins the show today to discuss how Pindrop Security is addressing this attack vector. Every phone call that gets
http://traffic.libsyn.com/sedaily/Vault_Edited.mp3Podcast: Play in new window | Download Every software application has secrets. User passwords and database credentials must be managed carefully, because poor access controls can lead to disaster scenarios. Vault is a tool for secret management, developed at Hashicorp, a company that builds software tools for application delivery and infrastructure management. Seth Vargo is a software engineer and open source advocate at Hashicorp, and in today’s episode he discusses
“The three legs of the stool are culture, process, and tooling, and I think process and tooling are the easy ones.”
“If everyone is going to use TLS, people need to trust their certificate authority, and the way to gain trust is through openness.”
Modern automated attacks using widespread botnets have evolved in sophistication, making cybercrime an increasingly relevant threat in today’s internet. Security researchers and organizations have to stay vigilant in this cat-and-mouse game.
Shuman Ghosemajumder is the VP of Product at Shape Security, which defends applications from malware and bots. He is the former click fraud czar at Google, and he will be speaking at QCon San Francisco.
“If you don’t like what you see sometimes when you look at the world, it’s incumbent on you – you do something about it.”
Adrián Lamo is a threat analyst, hacker, and writer. In the early 2000’s, Adrián was a hobbyist white-hat hacker, breaking into companies to expose vulnerabilities and fix them.
Keybase is an open-source key directory that allows users to encrypt messages and verify identities.
Max Krohn is the co-founder of Keybase, and previously co-founded OKCupid and SparkNotes.
“What we learn again and again is that security is less about what you think of, and more about what you didn’t think of.”
Bruce Schneier is a security researcher and author of Data and Goliath.
Automobiles are now computers with security vulnerabilities. Reverse engineers have begun to dissect car security.
Craig Smith is the author of The Car Hacker’s Handbook and the founder of Theia Labs, a research and consulting firm.