Security

Use of HTTPS (which stands for HTTP Secure) has grown from 13% of the top one million websites to 19% in the past year . With major media sites such as NYTimes.com joining the movement, now over half of all web requests are served securely to the browser. Two years after the launch of Let’s Encrypt, this is fantastic progress. In this new era of state sponsored hacking and fully professionalized cybercrime, it is heartening to see engineers get seriously organized and tackle something on the scale of securing the entire web. ...

The CEO of our portfolio company JumpCloud , Raj Bhargava, reached out to me after my rant on digital security earlier this week . Since JumpCloud plays in the world of digital authentication, they are well versed in security issues and are helping organizations with securely connecting their users to their IT resources (systems, app, storage, WiFi, servers, etc.). He pointed me to a five-step video they put up about how IT organizations can step-up their WiFi security – not only from KRACK, but from man-in-the-middle attacks and from having poor WiFi security hygiene.

We live in a digital world with a false sense of security. While watching Blade Runner 2049 I smiled during a scene near the end where Deckard says to K, “What Have You Done?!?!?” I expect that this false sense of security will still exist in 2049 if humans manage to still be around. The first big piece of security news this weekend was ‘All wifi networks’ are vulnerable to hacking, security expert discovers . It only a Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping , but, well, that’s most Wi-Fi networks. If you want the real details, the website Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse goes into depth about KRACK Attacks. And yes, KRACK is already up on Wikipedia. ...

Yesterday I wrote about getting stuck in an hour long reading loop on the Apple / FBI situation . As much as I didn’t want it to happen again today, it did. More on that in a minute. But first, I want to encourage you to go watch the movie Race which is the story of Jesse Owens and the 1936 Berlin Olympics. It was superb and the double entendre of the title played out for a full two hours as the movie made us think hard about race in America in the 1930s and what was happening in Nazi Germany at the same time. I also thought the acting by the primary characters, including Stephan James (Jesse Owens), Jason Sudeikis (Larry Sanders – Owens coach), and Barnaby Metschurat (Joseph Goebbels – Nazi propaganda minister) was incredible. Metschurat was a special bonus – he brought an extremely uncomfortable feeling of deep menace to every scene he is in. ...

Super Cooper (our new dog – now one year old) woke me up at 4:45 this morning so I got up, let him out, got a cup of coffee, sat down in front of my computer, and spent the next hour going down the rabbit hole of the FBI / Apple phone unlock backdoor encryption security controversy . After an hour of reading, I feel even more certain that Apple is totally in the right and the FBI’s request should be denied. ...

Following is a guest post from my friend Eliot Peper. I met Eliot several years ago when he approached me about his first book. I loved his writing and FG Press went on to publish Eliot’s first two books – Uncommon Stock: Version 1.0 and Uncommon Stock: Power Play. Eliot’s third book, Uncommon Stock: Exit Strategy came out recently and the topic is particularly timely. Enjoy some deeper thoughts of his on why. Oh – and grab Eliot’s books – they are awesome. ...

An increasing number of companies that I work with are using PGP to encrypt certain email. While they are comfortable sending a lot of email unencrypted, there are periodic threads that different people want to have encrypted for a variety of reasons, some rational and some not. Each company is dealing with this a different way. Suddenly I find myself managing a bunch of public keys in different PGP tools on different computers. I started by going with the recommendation of each company and predictably found myself managing multiple solutions that sort of worked some of the time. ...

Raj Bhargava (CEO of JumpCloud ) and I got into a discussion at dinner the other night about the major security hacks this past year including Sony, eBay, Target, and The Home Depot. Raj spend over a decade in the security software business and it was fascinating to realize that a common thread on virtually all of these major compromises was hacked credentials . I felt this pain personally yesterday. A bunch of random charges to Match.com, FTD.com, and a few other sites showed up on Amy’s Amex card. We couldn’t figure out where it got stolen from, but clearly it was from another online site somewhere since it’s a card she uses for a lot of online purchases, so I cancelled it. Due to Amex’s endless security process, it took almost 30 minutes to cancel the card, get a new one, and add someone else to the account so I wouldn’t have to go through the nonsense the next time. ...

When LinkedIn posted LinkedIn Intro: Doing the Impossible on iOS I was intrigued. The post title was provocative (presumably as intended) and drew a lot of attention from various people in the security world. Several of these posts were deeply critical which generated another post from LinkedIn titled The Facts about LinkedIn Intro . By this point I had sent emails to several of my friends who were experts in the email / SMTP / IMAP / security ecosystem and was already getting feedback that generally trended negative. And then I saw this post titled Phishing With Linkedin’s Intro – a clever phishing attack on Intro (since fixed by LinkedIn). ...

Two of the themes we love to invest in are Protocol and Glue . We’ve especially been interested in companies that make software developers and DevOps lives better. Some examples include SendGrid, Urban Airship, VictorOps, Pantheon, MongoLab, and Cloudability. To that end, Raj Bhargava and I created a company called JumpCloud late last year (our eighth venture together). After being involved in hundreds of technology companies, we know that young and fast growing technology companies have little time to devote to the details of managing their server infrastructure. Often, there is a perception that things are fine, until they aren’t. And then much pain ensues. ...