“Investing in all the traditional security in the world to prevent your website from having vulnerabilities will not help if your users’ own bad habits of reusing passwords results in cybercriminals being able to log in to your application just like those users.”
“What this creates is a data-driven defense network, which is constantly learning, constantly improving and capable of autonomously defending itself”
“Being transparent with users and enforcing good operational practices is just as important as investing in security technology.”
Shuman Ghosemajumder, CTO of Shape Security and MIT Technology Review’s Martin Giles discuss responsibilities that companies have towards protecting the sensitive personal information they hold about us.
“The economy of the Internet as a whole is suffering so that we can learn which passwords have been stolen. Because Blackfish can see all automated log-ins in real time, [it] can capture compromised usernames and passwords,” Sarah Squire says, “instead of buying them.”
“Credential stuffing only works because many users still use the same login details on multiple sites. This is a serious security risk that's only getting worse as the volume of data breaches rises.”
“New technology uses a bloom filter computer science approach to help detect potentially breached passwords, before a breach is publicly disclosed.”
“GUEST: Shuman Ghosemajumder Chief Technology Officer Shape Security Discussing the launch of Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”
“Today, the company released Blackfish, a product that could help blunt the impact of stolen password caches from massive breaches like Yahoo (the mother of all breaches), Adobe and Home Depot to name but a few examples.”
“Shape Security today launched Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”
“It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.”
“For years we’ve been educating people not to enter their personal information into sites they have never visited before to protect them from phishing,” said Shuman Ghosemajumder, chief technology officer of Shape Security. “And that’s exactly what the notification site asks people to do.”
Shape CTO Shuman Ghosemajumder on Equifax breach: "You should probably act as though your data has been compromised."
“...a profound implication for how we use SSNs throughout the country, as it is possible that as a result of this breach, the majority of adults’ SSNs are now compromised.”
"...organizations should not act out the old adage that the CISO’s primary job is to get fired when something goes wrong, in this case."
"Credential-stuffing attacks are not rare. They account for more than 90 percent of the Internet traffic to log-in pages at major services, Shape Security’s Ghosemajumder says."
"Quid looked at more than 50,000 companies and chose 50 it deemed the most promising."
"This incident has many people suggesting that everyone in the world should change all of their passwords immediately."
"Criminals are already using image recognition technology, in combination with "Captcha farms," to by-pass this security measure."
"In 2011, while serving as deputy assistant secretary of defence at the Pentagon, Shape Security co-founder Sumit Agarwal observed a rising trend in the volume and complexity of automated attacks on Web and mobile applications. "
"On most websites, users enter their email addresses in lieu of user IDs, so cybercriminals often need only to crack a victim’s password once to gain entry to several of his or her accounts."
"A study out today from Shape Security shows that it's common for credential-stuffing login attempts to account for more than 90% of all login activity on Internet-facing systems at Fortune 100 firms."
"Now consider credential stuffing. The term was coined by Shape Security co-founder Sumit Agarwal when he was serving as Deputy Assistant Secretary of Defense at the Pentagon."
"Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security."
"According to figures from Shape Security, at least 11 gaming organizations suffered credential leaks last year."