Going to FS-ISAC Summit? Join us Monday, May 21st from 9pm-11pm at the Boca Beach Club as we kick off the conference in style – enjoy dessert, open bar, and two live DJ sets as we cap off Day 1. We will be celebrating our new product, Blackfish!
At our booth we’ll be giving away a bunch of prizes that will allow you to make or control your own (benevolent) bots – Lego Mindstorms sets, remote control BB-8s, and arduino starter kits.
Definitely make sure to check Ariya’s and my talks at the conference. I’m really excited to give the security talk and go over some of the insanity we get to work with at Shape.
Ashley Madison data stolen… Twitch.tv breached, passwords need to be reset… 10 million passwords leaked! 13 million! 80 million!
What does this mean to you and your websites? You use secure passwords, your sites haven’t been compromised, and you have safeguards in place to protect your customers, so you don’t need to worry, right?
Jarrod Overson reveals the world where these passwords are traded, sold, verified, and used to exploit your sites. Even if you are diligent, doing everything you can to protect yourself and your users, you can’t protect against legitimate logins. So what can you do? Jarrod explains how you can start exploring how vulnerable you really are, how you might start recognizing malicious traffic, and what you can do to start taking a stand against your attackers.
General Keith B. Alexander, who retired as NSA Director in 2014, has become the founder and CEO of a new startup, Ironnet. During his RSA session this year, he talked about how to heal the wounds to the tech community and what gift he’d send Snowden if he were given the opportunity. For the tech community, he recommended classified briefings to get technology companies the facts. For Snowden, he said he would send him the oath, which was met with loud applause from the audience. Take a look at the FCW article here.
2. Breaches are happening, even during RSA
On the 2nd day of RSA, a major hotel chain notified their 18 million members via email that their accounts had been reset out of an abundance of caution. According to us at Shape, it seems possible, even likely, that account checkers had been used to hijack 200 accounts at the hotel chain. Take a look at the Shape blog post on account checkers.
3. Taking security up one level – to the Board
Everyone seemed to like and agree with what was said at the presentation, “A CISO’s Perspective on Talking to the Board about Cybersecurity”. See what WSJ wrote about it here.
4. Password management is hard
Shape’s own Zhiwei Li spoke about password managers, exposing several vulnerabilities (now plugged) and discussing which manager would be the best manager in various cases. Take a look at his presentation slides.
5. Botnets are alive and well despite takedowns
Botnets are alive and well, despite takedowns. The federal agencies behind the takeover of a major Zeus botnet (12 governments, 13 companies, 4 non-profits and 3 USG federal agencies) said the criminal enterprises have learned and adapted to build more sophisticated and evasive botnets. Check out the list of agencies involved on the RSA session summary page.
It was a great show for Shape Security. If you go to a lot of conferences, like we do, then we’ll be seeing you at Blackhat in Vegas, and again at RSA in San Francisco in 2016.
Shape will be at O’Reilly’s Fluent Conference in a big way next week and we’re hoping to meet a huge round of new faces in the web community. Several of us will be speaking, doing a book signing, and hanging around our booth in the sponsor’s hall. Make sure you stop by and say hello to:
Adding a WebSocket service to an application is often misunderstood to be high performance by default, however there are many more considerations that must be made, both on the client and server, before the best performance can be achieved. Real-time technologies like SPDY, WebSocket, and soon HTTP 2.0 have their own sets of hurdles and anti-patterns to overcome and this talk will provide the checklist you need to fine tune your application’s real-time performance.
High Performance Websites, by Steve Souders, was first released in 2007. The follow-up – Even Faster Web Sites – was published in 2009. These books have served as web optimization canon for a generation of web developers. The problem is: it’s now 2015. Browsers, browser features, internet connectivity – they’ve all changed dramatically. A lot of the best practices from 2007 and 2009 no longer apply. And yet, many developers are still holding on to those practices – advocating for performance tweaks that are no longer relevant.
RSA 2015 is around the corner. Will you be attending? Come meet with Shape Security and learn more about our technology. We have a booth, are hosting a private meeting suite at the St. Regis hotel, and offering free expo passes to everyone with our discount code. Read more details below.
Private Meeting Suite
Our Co-Founders sponsored a Suite in the St. Regis. The suite has food, wifi, and a relaxing place to put up your feet. Reserve a time to come unwind and learn about Shape.