To stop hackers, Signal Sciences thinks like them. Also: Myspace confirms data breach
By Paresh Dave
May 31, 2016 | 7:39 AM
To think like a hacker, start-up founder Andrew Peterson hired some people who know hackers well.
His co-founders at Venice cybersecurity start-up Signal Sciences Corp. include a guy whom companies used to pay to try to hack them and a guy who led engineers often responsible for leaving unintended holes in software.
The blend of expertise is informing software now used by dozens of companies, including Prezi, Under Armour and Chartbeat, to spot and quickly close gaps in their online programs that hackers exploit.
“If you view security as a tool instead of a liability, then you need a way to find where issues exist,” Peterson said during a conversation in Venice last week. “You can’t solve the problems you can’t see.”
Signal Sciences’ program churns through the logs that show what information users are sending to a website or an app, and what they’re getting back in return, Peterson said. The goal is to identify “signals” in the large set of data that correspond to malicious activity.
Take an online shopping website.
After checking out, users arrive at a receipt page that has a unique URL, usually ending with a series of numbers and letters. Peterson’s hacking experts, such as co-founder Zane Lackey, put on their bad-actor shoes and note that someone might try to switch the last digit in the sequence to see if they can land on another user’s receipt – a potential goldmine of personal data usable in additional hacks.
When hackers use software to automate that numerical trick, they might spawn a firestorm of 404 errors. Those occur when visitors land on a page that doesn't exist. Engineers like co-founder Nick Galbreath, who have defended against such attacks, are adept at recognizing the pattern. They might also see other tell-tale signs of an attack -- perhaps hackers are using the anonymous-browsing app Tor to visit the receipt page. In addition, the automation software could be masquerading as a legitimate bot, for instance one that scans webpages for inclusion in search engines.
Mixing together those factors creates a spotting tool. Signal Sciences can then track how many attackers are actually employing that tactic. The data help a company decide whether to prioritize fixing that issue – for instance, by scrambling the code in the URL – among the many vulnerabilities it must address.
Trying to eliminate errors before turning software live used to be the norm. But inspired by tech companies like Facebook and Etsy (Peterson’s former employer) that seek to quickly get feature improvements in front of users, organizations across industries are launching updates to online programs several times a day that might contain flaws.
Whether users see more or less information pilfered as a result of the faster development process is unclear. But Peterson contends that software like Signal Science is not just better at locating vulnerabilities, but also showing which ones hackers have actually found. Those can be tackled first. In his mind, that’s a big improvement.
“The bar is so low that even a little bit of hindrance will cause a hacker to move on to a new target, a new website,” Peterson said.
The 25-person company, working out of a converted three-story home three blocks from the beach, will try win over more customers with that message in the coming months as its sales team expands. Investors who put $9.7 million into Signal Sciences earlier this year aren't pushing for the company to quickly show profits. But in a cooling environment for start-up financing, Peterson says he wants to know sooner rather than later if the service sells.
Myspace data breach
A hacker claims to have poached usernames, email addresses and passwords for 360 million Myspace accounts, according to LeakedSource, a repository for stolen online data.
Myspace confirmed the breach, saying Tuesday that it believed the incident was the work of the Russian hacker responsible for similar breaches of LinkedIn and Tumblr.
The company said the stolen data included usernames, passwords and email addresses for some accounts created before June 11, 2013, and that it has invalidated passwords for the affected accounts.
If the number reported by LeakedSource is true, the data breach would be one of the biggest ever because of the sheer quantity of people affected. The social media website hit its peak between 2006 and 2008, growing a substantial workforce in Los Angeles, before being eclipsed by Facebook.
A number of entrepreneurs have tried to revive it, and it now stands as a hub for pop culture news and access to music. Magazine publisher Time Inc. bought Myspace’s parent company in February and integrated the website with its People and Entertainment Weekly network.
Time did not respond to a request for comment.
Tech company behind YouTube stars gets cash
Victorious, a Santa Monica start-up that builds mobile apps for YouTube creators and brands, raised $25 million in a new round of funding.
The money will be used to expand globally, according to Business Insider, which first reported the news last week.
The series B round was led by New York’s Marker LLC and Dentsu Ventures, which is based in Japan. Other investors included Kleiner Perkins Caufield & Byers and Redpoint Ventures.
Victorious was launched in 2014 and builds apps for YouTube personalities like Ryan Higa and Lily Singh to interact with fans.
The company has created over 100 apps and has now raised a total of $50 million.
Former Ubeam executive continues critical blogging
Paul Reynolds, a former vice president of engineering at wireless charging technology developer Ubeam, took aim at advisory boards in his latest blog post about the misconceptions of start-up culture.
Since leaving the Los Angeles company, Reynolds has expressed skepticism about whether Ubeam can live up to its promises of cost-effective, long-range wireless charging. But in a recent interview, Reynolds said the goal of his ongoing criticism is to raise questions about whether venture capitalists and the media are doing proper diligence of start-ups making lofty claims.
“People have to demand greater accountability and care,” he said. “He who has the gold makes the rules ultimately.”
His latest frustration is with start-ups that announce a board of advisers amid a controversy about its business. Such groupings of outside experts in a certain field are only effective if they’re tightly integrated with a company from an early stage, Reynolds said.
“These aren't adults coming in to sort out the situation, they're generally just window dressing to distract,” he wrote of such cases. “If these companies were serious about transparency they'd have created the Advisory Board from the beginning, not just during a crisis.”
Elsewhere on the web
Snapchat has hired former Vanity Fair editor Betsy Lack to run brand strategy, according to Recode.
Latino-focused online video company Mitu plans to move its offices to downtown Los Angeles from Santa Monica because it’s running out of space to house its growing workforce, according to Bloomberg.
What’s like to be a 13-year-old girl these days? Try sending 1,000 Snapchat messages in a day to come off as more impressive to boys, according to the Washington Post.
The raunchy new media company ArsenicTV turns over its Snapchat account to hot models. It has viewers but no so much of a business plan, according to Bloomberg.
A new tech-infused clothing store in Santa Monica lets you order from a screen, automatically have items brought to dressing rooms and test out fashions in a virtual reality lounge, according to Apparel News.
Having amassed 2.5 million fans on Facebook, anonymous sharing app Whisper is now integrating ads onto its page, according to Adweek.
A Georgia lawsuit over a car crash involving a man who accused the other driver of using Snapchat while driving – and drew the tech start-up in as a defendant – has been put on hold after the company said logs didn’t show any activity before the crash, according to CNN Money.
In case you missed it
Santa Monica video game developer Naughty Dog has long cultivated an unusually free-flowing development process that empowers anyone at any stage to share their ideas -- and defend them. Its dogmatic emphasis on uniting story designers and technology makers is the sort of multidisciplinary collaboration that's all the buzz at business schools and entrepreneurship seminars.
Drivers for ride-hailing services such as Uber, Lyft and HopSkipDrive are generally safer than the average American driver, according to a new study by automotive analytics firm Zendrive and research firm Aite Group.
A handful of start-ups that have built business models that involve doing the legwork of filing price protection claims are up in arms now that Amazon appears to be judging more strictly requests for price match refunds.
Los Angeles becomes the center of the tech universe for a moment this week. Technology CEOs Elon Musk, Jeff Bezos, Jack Dorsey and Sundar Pichai are among the speakers expected on stage at the invite-only, sold-out Code Conference being held Tuesday through Thursday at the Terranea Resort in Rancho Palos Verdes.