Tag Security

Google BeyondCorp with Max Saltonstall

http://traffic.libsyn.com/sedaily/2018_02_09_GoogleBeyondCorp.mp3Podcast: Play in new window | Download Employees often find themselves needing to do work outside of the office. Depending on the sensitivity of your task, accessing internal systems from a remote location may or may not be OK. If you are using a corporate application that shows the menu of your company’s cafe on your smartphone, your workload is less sensitive. If you are accessing the proprietary codebase of

Continue reading…

Modern War with Peter Warren Singer

http://traffic.libsyn.com/sedaily/Modern_War.mp3Podcast: Play in new window | Download Military force is powered by software. The drones that are used to kill suspected terrorists can identify those terrorists using the same computer vision tools that are used to identify who is in an Instagram picture. Nuclear facilities in Iran were physically disabled by the military-sponsored Stuxnet virus. National intelligence data is collected and processed using the MapReduce algorithm. The military keeps up

Continue reading…

Secure Authentication with Praneet Sharma

http://traffic.libsyn.com/sedaily/Keyless.mp3Podcast: Play in new window | Download When I log into my bank account from my laptop, I first enter my banking password. Then the bank sends a text message to my phone with a unique code, and I enter that code into my computer to finish the login. This login process is two-factor authentication. I am proving my identity by entering my banking password (the first factor) and validating

Continue reading…

Keybase with Max Krohn

http://traffic.libsyn.com/sedaily/Keybase.mp3Podcast: Play in new window | Download Public key encryption allows for encrypted, private messages. A message sent from Bob to Alice gets encrypted using Alice’s public key. Public key encryption also allows for signed messages–so that when Alice signs a message, Alice uses her private key and Bob can verify it if Bob has her public key. In both cases, Bob needs Alice’s public key! If Bob gets that

Continue reading…

Internet Monitoring with Matt Kraning

http://traffic.libsyn.com/sedaily/InternetMonitoring.mp3Podcast: Play in new window | Download How would you build a system for indexing and monitoring the entire Internet? Start by breaking the Internet up into IP address ranges. Give each of those address ranges to servers distributed around the world. On each of those servers, iterate through your list of IP addresses, sending packets to them. Depending on what sorts of packets those IP addresses respond to, and

Continue reading…

Static Analysis with Paul Anderson

http://traffic.libsyn.com/sedaily/StaticAnalysis.mp3Podcast: Play in new window | Download Static analysis is the process of evaluating code for errors, memory leaks, and security vulnerabilities. The “static” part refers to the fact that the code is not running. This differentiates it from unit tests and integration tests, which evaluate the runtime characteristics of code. If you use an IDE or a linter, you are using a basic form of static analysis all the

Continue reading…

Attack Attribution with John Davis

http://traffic.libsyn.com/sedaily/AttackAttribution.mp3Podcast: Play in new window | Download When a cyber attack occurs, how do we identify who committed it? There is no straightforward answer to that question. Even if we know Chinese hackers have infiltrated our power grid with logic bombs, we might not be able to say with certainty whether those hackers were state actors or rogue Chinese hackers looking for an offensive asset to sell to their government.

Continue reading…

Car and IoT Security with Chris Craig

http://traffic.libsyn.com/sedaily/SecurityChrisCraig.mp3Podcast: Play in new window | Download Ransomware and DDoS attacks happen all the time. Sometimes they affect large swaths of users. WannaCry ransomware froze the computer systems in hospitals. Mirai botnet DDoS attacks took down a DNS provider, making Netflix and Twitter inaccessible for a short period of time. These are innocent attacks compared to what we could face from a world where cars, heart rate monitors, and other

Continue reading…

MRuby and Language Security with Daniel Bovensiepen

http://traffic.libsyn.com/sedaily/mruby.mp3Podcast: Play in new window | Download Shopify is a company that helps customers build custom online storefronts. Shopify has built upon the same Ruby on Rails application since the founding of their business 12 years ago starting with Rails 0.5 and moving all the way to Rails 5.   MRuby is a lightweight implementation of the Ruby language. Shopify made the decision to use mruby to allow customers to

Continue reading…

Coinbase Security with Philip Martin

http://traffic.libsyn.com/sedaily/CoinbaseSecurity.mp3Podcast: Play in new window | Download At Coinbase, security is more important than anything else. Coinbase is a company that allows for storage and exchange of cryptocurrencies. Protecting banking infrastructure is difficult, but in some ways the stakes are higher with Coinbase, because bitcoin is fundamentally unregulated. If a hacker were able to syphon all of the money out of Coinbase accounts, Coinbase would have no recourse–which means this

Continue reading…

Fighting Fraud at Coinbase with Soups Ranjan

http://traffic.libsyn.com/sedaily/SoupsPresentation.mp3Podcast: Play in new window | Download A cryptocurrency exchange faces a uniquely difficult fraud problem. A hacker who steals my credentials can initiate a transfer of all my bitcoin to another wallet, and it is a non-reversible, non-identifiable payment. So it is really important to prevent those kinds of fraudulent transactions. At the third Software Engineering Daily Meetup, Coinbase director of data science Soups Ranjan explained how Coinbase stays

Continue reading…

Ransomware with Tim Gallo and Allan Liska

http://traffic.libsyn.com/sedaily/Ransomware.mp3Podcast: Play in new window | Download Ransomware uses software to extort people. A piece of ransomware might arrive in your inbox looking like a PDF, or a link to a website with a redirect. Ransomware is often distributed using social engineering. The email address might resemble someone you know, or a transactional email from a company like Uber or Amazon. Tim Gallo and Allan Liska are authors of the

Continue reading…

Web Tracking with Bill Budington

http://traffic.libsyn.com/sedaily/panopticlick_edited.mp3Podcast: Play in new window | Download The Internet is decreasing in privacy and increasing in utility. Under some conditions, this tradeoff makes sense. We publicize our profile photo so that people know what we look like. Under other conditions, this tradeoff does not make sense. We do not want a television that costs less to purchase because it is silently recording all of the conversations that take place in

Continue reading…

Stripe Machine Learning with Michael Manapat

http://traffic.libsyn.com/sedaily/stripeantifraud_edited.mp3Podcast: Play in new window | Download Every company that deals with payments deals with fraud. The question is not whether fraud will occur on your system, but rather how much of it you can detect and prevent. If a payments company flags too many transactions as fraudulent, then real transactions might accidentally get flagged as well. But if you don’t reject enough of the fraudulent transactions, you might not

Continue reading…

Cloudbleed and SHA-1 Collision with Max Burkhardt

http://traffic.libsyn.com/sedaily/CloudbleedwithHaseeb.mp3Podcast: Play in new window | Download Thursday February 23rd was a big day in security news: details were published about the Cloudbleed bug, which leaked tons of plaintext requests from across the Internet into plain view. On the same day, the first collision attack against SHA-1 was demonstrated by researchers at Google, foretelling the demise of SHA-1 as a safe hashing function. What does this mean for the average

Continue reading…

Security Language with Jean Yang

http://traffic.libsyn.com/sedaily/SecureProgramming.mp3Podcast: Play in new window | Download Security vulnerabilities are an important concern in systems. When we specify that we want certain information hidden, for example our phone number or our date of birth, we expect the system to hide the information. However, this doesn’t always happen due to human error in the code because programmers have to write checks and filters across the program. In this episode, Edaena Salinas

Continue reading…

Cyber Warfare with Jared Smith

http://traffic.libsyn.com/sedaily/websecurity_edited.mp3Podcast: Play in new window | Download Vulnerabilities exist in every computer system. As a system gets bigger, the number of vulnerabilities magnifies. The web is the biggest, most complex computer system we have–but fortunately, the steps we can take to secure our web applications are often quite simple. Jared Smith is a cyber security research scientist with Oak Ridge National Laboratory. He joined me on the show to discuss

Continue reading…

Security Research with Samy Kamkar

http://traffic.libsyn.com/sedaily/security_edited.mp3Podcast: Play in new window | Download Every digital system has vulnerabilities. Cars can be hacked, locked computers can be exploited, and credit cards can be spoofed. Security researchers make a career out of finding these types of vulnerabilities. Samy Kamkar’s approach to security research is not just about dissection–it’s also about creativity. For many of the technologies he hacks on, Samy open-sources code that summarily describes the vulnerability he

Continue reading…

Antifraud Architecture with Josh Yudaken

http://traffic.libsyn.com/sedaily/antifraud_architecture_edited.mp3Podcast: Play in new window | Download Online marketplaces and social networks often have a trust and safety team. The trust and safety team helps protect the platform from scams, fraud, and malicious actors. To detect these bad actors at scale requires building a system that classifies every transaction on the platform as safe or potentially malicious. Since every social platform has to build something like this, Smyte decided to

Continue reading…

Fraud Prevention with Pete Hunt

http://traffic.libsyn.com/sedaily/antifraud_edited.mp3Podcast: Play in new window | Download When Facebook acquired Instagram, one of the first systems Instagram plugged into was Facebook’s internal spam and fraud prevention system. Pete Hunt was the first Facebook engineer to join the Instagram team. When he joined, the big problems at Instagram were around fake accounts, harassment, and large volumes of spammy comments. After seeing the internal Facebook spam prevention tools clean up Instagram, Pete

Continue reading…

  • 1 2