A blog about defending the social web against abuse. Brought to you by Impermium.
Author Archive
Authentication Security, Redux

Authentication Security, Redux

A few weeks back, we wrote about Impermium appearing at Privacy and Identity Innovation 2013 to talk about authentication security. The team at PII has just uploaded a video of the talk, along with this overview of the discussion: When it comes to securely accessing digital services, the ability to prove you are who you...
Social Spam Implications of the Twitter IPO

Social Spam Implications of the Twitter IPO

On Thursday, October 3rd, Twitter released its S-1 filing prior to its initial public offering. Interestingly, the filing included thirty two pages of risk factors, almost 50% more than Facebook, Groupon, and Google. Among those risk factors, “spam” is mentioned 27 times, and considerable attention is also paid to fraudulent user accounts. On Friday, Impermium...
The Continuum of Risk

The Continuum of Risk

In working with site owners and developers, one of the most common requests is “Can you tell me which users to block”? But while Impermium has been providing real-time account risk ratings for years, we actually try to answer this question “No.” “No? But I just want to kick out the bad users and allow...
Impermium at Privacy Identity Innovation 2013

Impermium at Privacy Identity Innovation 2013

Yesterday, I took the stage along with Philip Dunkelberger—CEO of Nok Nok Labs—and Stina Ehrensvärd—CEO of Yubico—for a panel moderated by Steven Wildstrom at the Privacy Identity Innovation Conference in Seattle. The talk—entitled “Proving Yourself: Authentication Technologies and Trends”—began with a discussion of how the new iPhone fingerprint scanner will bring strong authentication techniques to the masses. While all...
Anatomy of a Hack: How the NY Times Was Hit

Anatomy of a Hack: How the NY Times Was Hit

Impermium CEO Mark Risher appeared on Bloomberg West today discussing how a group alleging itself to be the Syrian Electronic Army was able to take down the New York Times web site yesterday. When users type a web site name—such as “http://nytimes.com”—into their web browsers, these names are mapped to the IP addresse (e.g. 170.149.168.130) which...
How Do You Protect Users Who Hesitate To Protect Themselves?

How Do You Protect Users Who Hesitate To Protect Themselves?

Three years ago, we started Impermium because we saw a gap in the protection provided to users of online services. As more and more people rely increasingly on the web for communication and commerce, this gap has only grown. The bad guys are getting smarter and, as recent incidents have shown, users are more vulnerable...
Google, FIDO and the Future of Account Security

Google, FIDO and the Future of Account Security

It seems that not a week goes by without another spate of articles about the mounting threat of account hijacking and cybercrime. Last week, The Onion revealed how the Syrian Electronic Army (SEA) gained access to their social media accounts, and just this past weekend, The New York Times reported that a new wave of...
Stemming the Account Takeover Tide

Stemming the Account Takeover Tide

This week’s Associated Press Twitter hacking event highlighted the fact that bad guys are successfully targeting diverse websites. The AP is far from alone–Burger King, Jeep, HMV, National Public Radio, and other large companies have had their sites or social media feeds hijacked in recent months. Beyond damaging an individual or brand’s reputation, these hacks...
Fighting 'Mobile Malware'

Fighting ‘Mobile Malware’

Recent months, and recent security industry gatherings, have brought numerous stories raising the specter of “mobile malware,” pernicious botnets running on our smartphones and mobile devices, inflicting damage and burning through our precious data plans in the process. While the technology is certainly possible, and proofs-of-concept have been constructed, at this stage the threat of...