Author Archives: Austin Castle

Get to Know Manager of Software Development, Fred Yip

Reading Time: ~ 2 min.

With job growth projected to surge 24% over the next seven years, software engineering is one of the most demanded professional fields in the U.S. Exceptionally competitive pay and the chance to pursue careers across many industries are just a few benefits of being a software engineer.

We explore how software engineers working in cybersecurity face unique challenges and opportunities in our sit down with Fred Yip, Manager of Software Development in Webroot’s San Diego office.

Besides this sunny San Diego weather, what gets you out of bed and into the office?

I’m surrounded everyday by smart people who want to do their best to solve customer problems. There is a lot to do, but the work is very engaging and rewarding. My favorite part of the job is working closely with my team to deliver products to our customers. We work in a startup-like environment. Everyone wears many hats: as software developer, as tester, DevOps engineer, and customer support. 

There are many industries that demand your talent, what drew you to cybersecurity?

Cyberattacks are a rising trend. I used to work for an enterprise serving Fortune 500 companies. Knowing that cyberattacks affect everybody, I saw an opportunity to bring my skillset to Webroot. We extend our product to small and mid-sized businesses as well as consumers, which gives me the satisfaction of building a top-notch technology for anyone who needs it, whether it be a doctor’s office, coffee shop, or someone walking down the street.

What does a week of life at Webroot look like for you? 

A typical week for a manager is not much different than that of a team member. We do software development, testing, and deployment of product features as a team. I help design and implement the cloud infrastructure that supports our software components as microservices. In addition, I look out for the well-being of each team member in terms of technical, personal, and career development. 

What skills and traits do you look when hiring software engineers?

As an engineer, you have to be a team player, not self-focused. I look for a lot of integrity and honesty about what they are doing and what they know and don’t know. An eager attitude toward learning is important because it allows them to solve problems and contribute to the team. When they bring their best character and performance, they help to build a strong team. As long as someone has some relevant experience, they can always learn the technical skills. And an ability to learn new things quickly is another thing I always look for in a potential team member.  

Are there any outside activities that you and your team are involved in?

We attended a coding challenge at UC San Diego earlier this year, where we host students for a friendly competition. It was very high energy and there was a lot of participation. It was a fun challenge beyond just writing code. You could actually see the code working against others and the top winner was recognized after we gave out prizes. I always tell candidates to participate in the event, it’s a way to motivate them to join our team!

Check out Highlights from the UCSD Coding Challenge

The post Get to Know Manager of Software Development, Fred Yip appeared first on Webroot Blog.

Out from the Shadows: The Dark Web

Reading Time: ~ 4 min.

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law & Order: SVU. But as prominent as the dark web may be, few average internet users can properly explain what it is and the cyber threats it provides a haven for. Let’s step back from the pop culture mythos and dive into what makes the dark web so dark.

Open Web, Deep Web, and Dark Web: Know the Difference

The open web, or surface web, is the internet we use every day. This includes all the web content that can be found through search engines and is accessed by traditional web browsers. Though you might find it surprising that the open web accounts for just 5% of the internet. The rest is made up of the deep web. 

The deep web is the section of the internet that is not indexed by search engines and cannot be found through traditional search methods. This means that the only way to access deep web content is through a direct URL. While rumors about the deep web make it seem as if it is exclusively used for nefarious purposes, content on the deep web is often banal. It is largely comprised of school and university intranet systems, email and banking portals, internal sites for businesses and trade organizations, and even things like your Netflix or Hulu queues. Nothing to be afraid of there.

While the dark web is technically a part of the deep web, it takes anonymity a step further by using overlay networks to restrict access, often attracting users engaged in illicit activity. These networks use special anonymized software to grant users access; the largest and most famous of which is Tor. Tor stands for “The Onion Router,” which references its “onion routing” technique of using encapsulated layers of encryption to ensure privacy. Tor websites are most easily recognized by their “.onion” domains, and by the fact that they cannot be accessed through traditional web browsers. You may have heard stories about the NSA trying to shut Tor down, but don’t expect the services to go away soon. It has funding from high places, with a recent FOI request revealing that one of Tor’s largest financial contributors has long been the U.S. State Department—likely to offer encrypted communication options for State Department agents working in the field.

Is the Dark Web Illegal?

The dark web isn’t inherently illegal—the illegality comes from how it can be used. Darknet markets, such as the infamous and now defunct original Silk Road, showcase how thin the line is between legal and illegal dark market activities. As long as what you are purchasing is legal, using a darknet market is as lawful as making a purchase from any other online retailer. But buying illicit drugs or human organs? Yeah, that’s definitely illegal. 

Although not as remarkable as some of the more grotesque items available, one of the most commonly found items for sale on the dark web is data. With a reported 281 data breaches in just the first quarter of 2019, we have already seen 4.53 billion records exposed this year alone. That’s potentially more than 4 billion chances for hackers to profit off the victimization of strangers, and a majority of them will use the dark web to do so. We have seen several high-profile data breaches resurface on the dark web—Equifax, Canva, Under Armor, and Evite all recently had their user data available for sale on darknet markets.

The Dark Web and Malware-as-a-Service

Beyond selling your data, the dark web can be used to harvest it as well. Webroot Security Analyst, Tyler Moffitt, explains this growing threat:

“Anyone can create malware in today’s landscape where the dark web is very accessible,” says Moffit. “There are ransomware services on .onion links that will allow you to input just a few bits of information, like a bitcoin address, desired ransom, late fees, etc., and unique binaries are generated to distribute however they like. The only ‘catch’ is that the portal creator usually takes a cut (around 30%) for any ransom payments made.”

These malware-as-a-service attacks mean that an attacker doesn’t even need to know how to execute one; they just need to know how to navigate to the portal. Therein lies the largest dark web danger for many consumers—anonymized cyberattacks available at the click of a mouse.

Keeping Your Data Off the Dark Web

Like a hydra with its multiple heads, black markets will likely never be wiped out. When you shut one down, two more will pop up. Darknet markets are just their newest evolution. While you can’t expect to see this threat disappear anytime soon, you can take steps to keep your data secure and off the dark web.

Using an up-to-date antivirus solution will help stop malware from scraping your data on the dark web. You can also lock your credit (called freezing) to help prevent new credit lines being open without additional information. Another recommendation is avoiding public WiFi without a VPN, as it leaves you susceptible to a man-in-the-middle attack (MITM). Even with these precautions, a breach may still occur. Keeping your sensitive accounts secured with a trusted password manager can also help prevent cyber attacks from spreading beyond their breach point. 

Follow us on Facebook and Twitter to stay up to date on the latest threats to your online security and privacy.

The post Out from the Shadows: The Dark Web appeared first on Webroot Blog.