Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netflix Just Announced a User Focused Security Application (netflix.com)

Posted by msmash on from the how-about-that dept.

Moving beyond movies and TV shows (and their DVDs), Netflix announced on Tuesday Stethoscope, its "first project following a User Focused Security approach." From a company's blog post: The notion of "User Focused Security" acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it's one of the core principles driving our approach to corporate information security. [...] Stethoscope is a web application that collects information for a given user's devices and gives them clear and specific recommendations for securing their systems. If we provide employees with focused, actionable information and low-friction tools, we believe they can get their devices into a more secure state without heavy-handed policy enforcement. The company says Stethoscope tracks disk encryption, firewall, automatic updates, up-to-date OS/software, screen lock, jailbroken/rooted status, security software stack configurations of the device.

25 of 43 comments (clear)

  1. In next weeks news get your nails done at Autozone by pecosdave · · Score: 2

    Wow - this is some pretty cool stuff and I commend Netflix for doing it, but really? Netflix?

    --
    The preceding post was not a Slashvertisement.
  2. SCAP by bsDaemon · · Score: 1

    How is this fundamentally different than using SCAP or OVAL content to do a STIG check against a host and then apply remediations against findings? Other than it will hopefully allow "normal" users to understand what the problem is and what to do about it. But normal users probably aren't going to grab an open source security scanner and then follow the recommendations. They would then be abnormal users, by definition.

  3. Need to tune what's being approved by Bruce+Perens · · Score: 1

    I see three things that are properly called "press releases" in the headlines of Slashdot this morning. It's a typical beginner mistake. Please stop.

    --
    Bruce Perens.
  4. Re:In next weeks news get your nails done at Autoz by Gilgaron · · Score: 1

    I guess it might give your employer a reason to remove Netflix from the blacklist?

  5. Re:In next weeks news get your nails done at Autoz by EvilSS · · Score: 3, Interesting

    Looks like something they developed internally for their own use and decided to open source.

    --
    I browse on +1 so AC's need not respond, I won't see it.
  6. Re:In next weeks news get your nails done at Autoz by chispito · · Score: 3, Informative

    Check out their GitHub: https://netflix.github.io/

    They open source a lot of their in-house software.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  7. Re:I already cover malware/firewall/phishing via by DontBeAMoran · · Score: 2

    Maybe, but I have to say that your movies library is quite limited and not worth the monthly fee.

    --
    #DeleteFacebook
  8. Very glad it's open source. by DdJ · · Score: 1

    Upon seeing that it's open source, I'm already starting to brainstorm how to help local schools and libraries set this thing up. Neat!

  9. Re:In next weeks news get your nails done at Autoz by r1348 · · Score: 1

    I was about to say the same. That's pretty much how Amazon became the biggest cloud computing operator out there: by renting out what they developed internally.

  10. Conflict between up to date and not rooted by tepples · · Score: 1

    I couldn't find a public "check my phone" link, or I'd've tried it.

    But two of the "practices" listed in Netflix's blog post appear to conflict. One is "Up-to-date OS/software", an the other is "Not jailbroken/rooted". What does it say when the latest official system software image for a particular device is no longer supported? Does it recommend that the user trade off the "not rooted" practice to obtain "up-to-date OS" by flashing the LineageOS distribution of Android?

    1. Re:Conflict between up to date and not rooted by skids · · Score: 2

      I couldn't find a public "check my phone" link, or I'd've tried it.

      I believe that would be because your phone is not enrolled in an MDM manager.

      From the article: "Stethoscope is a web application that collects information for a given user's devices"

      This implies it is a web app that, by itself, checks your device and maybe even enumerates/discovers
      your devices. That would make it a scary security hole rather than a security tool since web apps really
      should not be able to access any state of health information on a device (though some is quite leakable these days.)

      Fortunately it appears not to be. It seems to be just a way to put a pretty front-end on devices that are using other
      installable agents to assess their security. It goes to the backend databases of those agents, assuming you have an
      account on them which is available through an SSO system or other authenticator, and pulls information
      they have previously collected. Unless you have those backend egents installed and a database set up
      for them to report to, this tool isn't for you. Basically it's for the enterprise.

      Kudos to them for releasing their internal tools to github, though, I'm sure they will get some valuable
      additions from the community.

      --
      Someone had to do it.
    2. Re:Conflict between up to date and not rooted by tepples · · Score: 1

      I believe that would be because your phone is not enrolled in an MDM manager.

      That'd be fine if there were a "Send me to Google Play Store to temporarily enroll my phone in Netflix's MDM for the duration of the test" button.

  11. Re:In next weeks news get your nails done at Autoz by pecosdave · · Score: 1

    That's interesting, wish I was a better coder, I would consider seeing if I could use some of that interface code to make a Kodi compatible Netflix plugin.

    --
    The preceding post was not a Slashvertisement.
  12. Re:In next weeks news get your nails done at Autoz by HideyoshiJP · · Score: 1

    It make some sense, I suppose. People back in the day probably were weirded out calling Toyota for business management consulting.

  13. Re:In next weeks news get your nails done at Autoz by orient · · Score: 1

    There is a Chrysler dealership in Calgary that offers just that: having their nails done while their car is being serviced.

    --
    Laudele lor desigur m-ar mahni peste masura.
  14. Re:Not Interested by thygate · · Score: 1

    mod parent up, this or netflix goes to the bin and it's back to tpb..

  15. Re:In next weeks news get your nails done at Autoz by BarbaraHudson · · Score: 1

    It's bullshit. What it boils down to is yet another business spying on you, rather than offering a new way to mitigate the problem. Same shit that *every* antivirus player offers. None of this will prevent a well-directed phishing attack - one of the things they claim it will help against - so it's just more "security theatre." Let's face it, unless you actually pre-screen mail for threats (and this doesn't) it won't do sweet f*ck all.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  16. Re:In next weeks news get your nails done at Autoz by pecosdave · · Score: 1

    I think it's a great idea.

    I always thought businesses that have customers in waiting should have secondary services to soak a few extra bucks off of them and to make their time less wasted. When I was in League City they built a Carwash and Grill. The idea was to eat steak and drink while you were getting a car wash, what I considered genius, but they never actually opened the grill while I still lived there, just the bar. So drive there, get drunk drive home. I had an issue with this, but went there anyways for one beer and then soda.

    I always thought tire shops and what have you should have at minimum WiFi in the lobby. Most don't and usually have a TV pinned on something horrible. I think mixing up barber shops with lube and tire shops would be a great idea

    If I were opening up a coffee shop (which I've considered) I would absolutely target spaces next door to tire, lube, brake, carwash, and any other place I could think of that would have people pinned in place without their vehicles. I tend to walk somewhere to eat when waiting for anything like that and will pick a place that has something within a reasonable/safe walking distance.

    --
    The preceding post was not a Slashvertisement.
  17. Re:In next weeks news get your nails done at Autoz by pecosdave · · Score: 1

    My Playstation 3, Wii, and BluRay player all have a client that works. I'm trying to consolidate down to one system.

    Literally all it would take to have a "client" that worked would be for them to code their website in such a way that I could navigate with arrow keys.....

    --
    The preceding post was not a Slashvertisement.
  18. Re:In next weeks news get your nails done at Autoz by geekmux · · Score: 1

    I guess it might give your employer a reason to remove Netflix from the blacklist?

    Corporate whitelisting of Netflix services.

    Thank you for helping identify the Netflix Ulterior Motive.

  19. Re:In next weeks news get your nails done at Autoz by swillden · · Score: 1

    Wow - this is some pretty cool stuff and I commend Netflix for doing it, but really? Netflix?

    It's a tool developed for internal, corporate users, to make Netflix's own operations more secure. They've decided to open source it, probably in hope that others will have good ideas to make it better.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  20. Downloadable video by jtara · · Score: 1

    I guess nobody else noticed that Netflix recently started supporting downloadable video.

    I'd guess that they had to pinky-swear to content providers that they would make some effort to educate users on security, help them secure their computers and devices and networks, etc. etc. etc.

  21. Software won't fix the real problem by SteWhite · · Score: 1

    " The company says Stethoscope tracks disk encryption, firewall, automatic updates, up-to-date OS/software, screen lock, jailbroken/rooted status, security software stack configurations of the device."

    Fantastic! Which one of those stops the user clicking on the nice shiny link in the email claiming to be from the helpdesk and telling them they need to reset their password instantly or lose their account, then filling in their account details for the nice phisher?

    Oh yeah, none of them. Good luck with that.

  22. Not really by sethstorm · · Score: 1

    jailbroken/rooted status,

    Which makes it automatically a user-hostile approach.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
    1. Re:Not really by coofercat · · Score: 1

      Maybe, but it'd work well for company owned gear though.