A blog about defending the social web against abuse. Brought to you by Impermium.
security
Authentication Security, Redux

Authentication Security, Redux

A few weeks back, we wrote about Impermium appearing at Privacy and Identity Innovation 2013 to talk about authentication security. The team at PII has just uploaded a video of the talk, along with this overview of the discussion: When it comes to securely accessing digital services, the ability to prove you are who you...
Social Spam Implications of the Twitter IPO

Social Spam Implications of the Twitter IPO

On Thursday, October 3rd, Twitter released its S-1 filing prior to its initial public offering. Interestingly, the filing included thirty two pages of risk factors, almost 50% more than Facebook, Groupon, and Google. Among those risk factors, “spam” is mentioned 27 times, and considerable attention is also paid to fraudulent user accounts. On Friday, Impermium...
The Continuum of Risk

The Continuum of Risk

In working with site owners and developers, one of the most common requests is “Can you tell me which users to block”? But while Impermium has been providing real-time account risk ratings for years, we actually try to answer this question “No.” “No? But I just want to kick out the bad users and allow...
Impermium at Privacy Identity Innovation 2013

Impermium at Privacy Identity Innovation 2013

Yesterday, I took the stage along with Philip Dunkelberger—CEO of Nok Nok Labs—and Stina Ehrensvärd—CEO of Yubico—for a panel moderated by Steven Wildstrom at the Privacy Identity Innovation Conference in Seattle. The talk—entitled “Proving Yourself: Authentication Technologies and Trends”—began with a discussion of how the new iPhone fingerprint scanner will bring strong authentication techniques to the masses. While all...
Anatomy of a Hack: How the NY Times Was Hit

Anatomy of a Hack: How the NY Times Was Hit

Impermium CEO Mark Risher appeared on Bloomberg West today discussing how a group alleging itself to be the Syrian Electronic Army was able to take down the New York Times web site yesterday. When users type a web site name—such as “http://nytimes.com”—into their web browsers, these names are mapped to the IP addresse (e.g. 170.149.168.130) which...
Long Distance Management: Impermium in India

Long Distance Management: Impermium in India

With offices in both California and India, Impermium is an international company. Although this makes sense because account compromise doesn’t recognize national boundaries, going international was not our initial intention. However, when family and other obligations compelled two valued team members, including one of our founders, to move to Bangalore, we decided to open an...
How Do You Protect Users Who Hesitate To Protect Themselves?

How Do You Protect Users Who Hesitate To Protect Themselves?

Three years ago, we started Impermium because we saw a gap in the protection provided to users of online services. As more and more people rely increasingly on the web for communication and commerce, this gap has only grown. The bad guys are getting smarter and, as recent incidents have shown, users are more vulnerable...
Recruiting at Impermium: 5 Keys to Building a Great Team

Recruiting at Impermium: 5 Keys to Building a Great Team

The best idea in the world will flounder without the right team behind it. And now, more than ever, getting a great team together is challenging. With all the competition out there, how can you get the best people on board? At Impermium, we have learned through trial and error. We’ve made our share of...
Talking Online Security for Startups at SF New Tech

Talking Online Security for Startups at SF New Tech

Last night, we were excited to participate in a panel on online security hosted by SF New Tech. Along with Impermium CEO Mark Risher, the panel included Joe Sullivan (Chief Security Officer, Facebook), Michael Coates (Director of Security Assurance, Mozilla), Deron McElroy (Department of Homeland Security) and was moderated by Dan Goodin of Ars Technica....
Building a Classification Framework with Hive and Python

Building a Classification Framework with Hive and Python

Impermium aspires to make the web a secure place. To do this, we have developed products that do content analysis and classification. And products that analyze event-streams and pick out anomalous behaviour. The key products we have developed provide real-time feedback on event-streams. As one would expect, the real-time feedback process mostly involves model-evaluations  and...
Recognizing Spam. . .Not As Easy As It Used To Be [Quiz]

Recognizing Spam. . .Not As Easy As It Used To Be [Quiz]

Google, FIDO and the Future of Account Security

Google, FIDO and the Future of Account Security

It seems that not a week goes by without another spate of articles about the mounting threat of account hijacking and cybercrime. Last week, The Onion revealed how the Syrian Electronic Army (SEA) gained access to their social media accounts, and just this past weekend, The New York Times reported that a new wave of...