Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netflix Open Sources Internal Threat Monitoring Tools

Posted by timothy on from the how-they-watch-you-watching-them dept.

alphadogg (971356) writes Netflix has released three internal tools it uses to catch hints on the Web that hackers might target its services. "Many security teams need to stay on the lookout for Internet-based discussions, posts and other bits that may be of impact to the organizations they are protecting," wrote Andy Hoernecke and Scott Behrens of Netflix's Cloud Security Team. One of the tools, called Scumblr, can be used to create custom searches of Google sites, Twitter and Facebook for users or keywords.

20 comments

  1. We should all do this by Anonymous Coward · · Score: 0

    I am the NSA

    1. Re:We should all do this by davester666 · · Score: 1

      Unfortunately, the NSA is the threat, and there is nobody monitoring them.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. I wonder why they released these. by haruchai · · Score: 1

    Does Netflix have a tradition of free / open source software contribs?

    --
    Pain is merely failure leaving the body
    1. Re: I wonder why they released these. by bsDaemon · · Score: 5, Interesting

      Their github account has 3 pages worth of stuff and they put a lot back into FreeBSD, too.

    2. Re: I wonder why they released these. by haruchai · · Score: 1

      Good to know; nice to see more companies giving back to the opensource community.

      --
      Pain is merely failure leaving the body
    3. Re:I wonder why they released these. by CrankyFool · · Score: 5, Informative

      I work at Netflix (and manage a software development group).

      The general approach to OSS can generally be summarized as "if it's not core product (algorithms, recommendations, etc), why haven't you open-sourced it yet?"

      It's one of the (very many) nice parts of the job.

    4. Re:I wonder why they released these. by haruchai · · Score: 1

      That's great to hear; wish my own company thought that way. We have talented developers but limit them to writing mostly reporting, integration & user interface code and spend megabucks buying commercial software when solid, stable free / open alternatives already exist.

      --
      Pain is merely failure leaving the body
    5. Re:I wonder why they released these. by Anonymous Coward · · Score: 0

      It's indeed sad that in-house skills are often overlooked and not utilized to their full potential. It's also very de-motivating for the coders.

  3. I wonder why they released these. by Anonymous Coward · · Score: 4, Informative

    Yes. They just keep releasing one neat tool after the other as open source:
    https://github.com/Netflix/

  4. The biggest risk to Netflix by gelfling · · Score: 1

    Is Netflix, Amazon AWS and Xbox. Taken together any fucking thing you can imagine will or won't happen.

  5. Netflix in news by Comen · · Score: 1, Interesting

    Why is it this is the only article I can really find online about Netflix petitioning the FCC to now allow the Comcast TWC merger?

    http://www.engadget.com/2014/08/26/netflix-fcc-petition-time-warner-cable-comcast/

    1. Re:Netflix in news by Guspaz · · Score: 1

      Huh? You've linked to an article of Netflix asking for the merger to be blocked.

  6. The three tools (because TFA article is, well...) by xxxJonBoyxxx · · Score: 4, Informative

    #1: Scumblr: Ruby-based, web-configured application that allows searching the Internet for sites and content of interest. Includes libraries for sites like Google, Facebook, and Twitter.
    #2: Workflowable: Ruby gem that routes different kinds of detections from Scumblr to specific processes.
    #3: Sketchy: takes screenshots of web finds for Scumblr.

    (I might be a little off, but the Karma gods will surely reward me.)

  7. Linux User Agent by Anonymous Coward · · Score: 0

    Please, please, please: can you tell me what UA string I should use to Chromium with HTML5 under Linux working reliably with Netflix?

    I was using one and it was working beautifully, then Netflix must have chaned the UA detection because it stopped one evening. So I found another one which worked. Then that stopped working last night :-(

    I don't really want to go back to the rigmarole of Firefox with Pipelight ...

    1. Re:Linux User Agent by laffer1 · · Score: 2

      For all you know, he's on the team that's trying to stop you from using chromium on netflix.

      --
      MidnightBSD: The BSD for Everyone
    2. Re:Linux User Agent by Anonymous Coward · · Score: 0

      The bastard ... I'll work out how to do it to spite him ...

  8. Only problem is the name by mattr · · Score: 0

    Honestly they couldn't change the name before open sourcing it?
    I cannot see any company saying oh yeah let's use scumblr. And it might even be a good tool, who knows.
    I wouldn't even want to propose it, and my customer actually uses similar systems.

    1. Re:Only problem is the name by ShaunC · · Score: 1

      So fork it and rename it to CorporateGoodwillProtector, then suggest that to your customer.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    2. Re:Only problem is the name by CrankyFool · · Score: 3, Informative

      It's an artifact of how Netflix does OSS: If you're the engineer who open-sources a product, you're the person who names the product. Sometimes that works better than others :)

    3. Re:Only problem is the name by omems · · Score: 1

      As an end-user and not a marketing weasel, I value non-marketing speak. I especially roll my eyes when companies trademark stupid names and then insist on including the symbol in every instance. (thankfully you won't see that here because I am unable to get this commenting system to reproduce it)