Authentic8 Blog Category: Anonymity

Ideas That Become Obvious In Hindsight

Interview: Authentic8 Co-founder and CEO Scott Petry on Leo Laporte's TWiT.tv

Were you excited when Apple presented the Newton mobile device to the world, a glimpse into a future starring the iPhone? Or perhaps relieved when the email Spam Wars were won by Postini, a Silicon Valley startup later bought by Google, where it became the core of Gmail?

The ideas and concepts that drove both breakthrough innovations initially faced ridicule (in the case of Newton) and skepticism. What they have in common is that today, they are obvious in hindsight.

What they also share is a name: Scott Petry. His career took him from Apple's Newton team to founding and later selling Postini - which solved the email spam problem - to Google and from there to his current role as Co-founder and CEO of Authentic8, which pioneered remote browser isolation in the cloud.

Do we have a theme here? Leo Laporte thinks so. The award-winning tech journalist and founder

How to Detect Browser Extensions

Working on new methods and tools to identify browser exploits, I recently came across a common question again in a forum: "Is it possible to detect what browser extensions I have installed?"

That information would be of value to various people for several reasons. Online attackers and snoops stand to gain most from it. Examples:

  • Browser extension details can help fingerprint the client from others, as in: "This client uses a Google Translate browser extension. This other client does not."
  • Plugin information can also aid in targeted client exploitation, as in: "This this client has version 2.0.6 of the [bleep] password manager installed, with working exploits A, B, and C."
  • Addon identification can also be leveraged to hijack the local browser, as in: "This developer's Gmail account has been pwned; let's use it to push a malicious update."


Sounds far-fetched? I wish it were. Check out our blog posts with real-life examples: JavaScript Template Attacks, Password Manager Extension Exploit, and

How to REALLY Browse Anonymously

When anonymous web access becomes business-critical, the web's favorite home remedies won't help. Worse, they can harm you and our organization.

*

A few weeks ago, I was speaking with a regional bank in the Southwestern United States, where the lack of anonymity online had jeopardized a recent investigation. The bank was doing online research necessary for them to comply with Bank Secrecy Act and Anti Money Laundering (BSA/AML) regulations.

A financial fraud analyst found incriminating evidence on the web page of a business she was investigating. Imagine her frustration when she went back the next day to collect that evidence, only to find it had been removed in the meantime. What happened?

The bank suspects that the subject of its investigation was tipped off to the analyst's research because web traffic from the bank was hitting the website of the investigated business.

This happens more often than one would think, as I've learned in conversations with other financial services firms before.