In the wake of Heartbleed, make sure your browser checks for revoked certs

Posted by Les Dunston

Apr 14, 2014

Last Monday, Heartbleed, one of the worst security vulnerabilities in the history of the Internet was announced to the public. This isn't hyperbole - ⅔ of the Internet’s websites rely on the underlying OpenSSL libraries are at the center of the exploit. For a while, it looked like an exploit in theory, but Cloudflare announced a challenge to see if the security community was overreacting to the tin foil hat crowd. It turns out that the vulnerability can and has been exploited.



Topics: Network Vulnerabilities, Internet Security, Online Privacy

Authentic8's Response to Heartbleed

Posted by Scott Petry

Apr 9, 2014

The Heartbleed compromise is biblical in its proportions. Vox has a concise description here. Since pretty much everyone uses OpenSSL, including us, it is safe to say that everyone's data is at risk until versions are up to date.

As a user, there isn't much you can do about it, since you're relying on the underlying components that your service provider has integrated. We've spent the last hours digging in to our resources to understand our exposure and to build a remediation plan.


Topics: Insulation, Internet Security, Corporate News, Online Privacy, Product Announcements

Recycling is good for the environment, not your passwords

Posted by Drew Paik

Mar 12, 2014

We all do it. Between the web apps that you want to have (Gmail, Facebook, Twitter) and the ones you need to have (Outlook, online banking, insurance), it's natural to want to keep things simple by having a handful of passwords that are easy for you to remember and use over and over again. In a recent survey, more than 55% of users admitted to recycling passwords (often in combination with the same username).


Topics: Internet Security, Online Privacy, Authentication

Silo just got even better. And now there’s a version for you.

Posted by Ramesh Rajagopal

Feb 18, 2014

Every week we seem to learn of a new online breach or privacy overstep that exposes our information. Typical post-breach advice ends up being a banal and impractical list of things that most users ignore. But a shift seems to be underway. The regularity of malicious exploits coupled with revelations of unreasonable activity tracking has sparked renewed interest for a practical way of securing online accounts and maintaining privacy.


Topics: Corporate News, Product Announcements

Sharing is caring: How marketing teams can share web accounts while increasing security

Posted by Drew Paik

Jan 16, 2014

What’s your company’s Twitter password? If you know the answer to that question (or if it’s written on a Post-It), then your brand is at risk.

In terms of moving to the cloud, marketing is probably the most aggressive function in any organization. Every new communication channel or social network adds risk to your business, whether it’s a hijacked Twitter account or an important file that was downloaded to the wrong computer by mistake.

It used to be that marketing campaigns would take weeks to plan with several more weeks to analyze results. Today, a single tweet or post can go from concept to execution in seconds - sometimes with very negative results. Your company’s brand is in the hands of any employee, contractor, or agency who has one of your passwords.


Topics: Malware, Internet Security, Compliance, Online Privacy

When doing the right thing isn't enough

Posted by Scott Petry

Dec 13, 2013

A few weeks ago, a good friend of mine fell victim to the CryptoLocker exploit. Or more specifically, one of his employees caused his business to fall victim to CryptoLocker. Cryptolocker is nasty, and if you haven’t heard about this type of ransomware, it is worth taking a look.

If you’re still with me, I’ll tell you a bit more about this scenario and how this company - that thought they were doing everything right - still fell victim through a simple web exploit.



Topics: Insulation, Malware, Internet Security, Compliance, Success Stories, BYOD

The Real Security Risks of Running Finance Apps in the Cloud

Posted by Ramesh Rajagopal

Nov 25, 2013

When using sensitive accounting and financial systems in the cloud, worry less about where data lives and more about how users access it.

Finance teams have been relying on web services since before the cloud was the cloud. Tasks such as banking, payroll processing and benefits administration have been online for several years. These days, though, CFOs are embracing web apps more widely, including accounting, budgeting, ERP, bill pay and more. This shift is happening for many reasons, not least of which is the effectiveness of cloud apps to support flexible and decentralized workforces, including outside consultants and temporary workers.


Two CFOs walk into a bar…

Posted by Ramesh Rajagopal

Oct 3, 2013

Who can blame them? Now they’re being asked to deal with data security.



Topics: Compliance, Corporate Finance

Putting Java in its proper place

Posted by Scott Petry

Jul 25, 2013

Java has been the way for developers to write-once, run-anywhere applications. Java was incredibly promising when it emerged on the scene in the mid-90s. It was the ideal abstraction layer - developers write code and any device with a platform-specific JRE (Java Runtime Environment) would be able to execute the app. The leverage was unprecedented, and now, with a reported 10 million users, Java might be the most popular language for client-server web apps.


Topics: Insulation, Malware, Java

Attention CFOs: Don’t expect IT to save your bacon

Posted by Ramesh Rajagopal

Jul 2, 2013

So far, we’ve talked in a general way about the value of Silo and the rationale for containing and controlling web apps. In the coming weeks, we’ll start to explore specific vertical or departmental use cases that have emerged from engaging with customers and understanding where risk lives. In this post, we’ll address an often overlooked function at the heart of every company - the finance team. We recently conducted a survey of CFOs to understand how they use web apps and where they see risk. Here’s what we learned.


Topics: Network Vulnerabilities, Malware, Compliance

The official blog of Authentic8

Blog Home
Sign up for Silo
Contact Us

Subscribe to Email Updates