Reddit History
She served as Reddit's CISO and VP of Trust from 2/22/2021 to 1/27/23.
Who is Allison Miller?
This kind of attack generally takes the form of a suspicious email, where someone may ask you to click on a compromised link and or open a suspicious attachment.
What is Phishing?
The first antivirus software.
What is Reaper?
This type of attack repeatedly asks a user for permission to login.
What is MFA Fatigue?
Often confused with cryptocurrency, this "crypto" is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents.
What is cryptography?
In this year, the XSS worm infected Reddit allowing users to inject javascript onto the site causing auto re-posting of comments.
What is 2009?
Company tool used to report Phishing.
What is Hoxhunt?
The first computer virus, named after a "Scooby-Doo" character.
What is Creeper?
Also known as CSRF, this type of attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.
What is Cross-Site Request Forgery?
The most common password composition.
What is <Dictionary word> + <numbers> + <special character> ?
[like Autumn2022! which makes bruteforcing passwords real easy. Use a phrase instead, it increases length and is much harder to brute force.]
The most recent year Reddit suffered a public breach.
What is 2018?
Tool used by Snoos to protect their online identity at and beyond work.
What is DeleteMe?
The first email worm know by this name first appeared in 1999.
What/who is Melissa?
You’re playing minesweeper on your awesome Windows system, when you experience this classic total system failure that hackers have famously recreated on ATMs, billboards, and on airplane seat-back TVs.
What is “Blue Screen of Death” ?
This cult classic movie featured rollerblading, techno, and a character named Cereal Killer.
What is Hackers?
The length of Reddit.com sessions.
What is forever and 'stateless'? (OAuth is shorter: 1 year for refresh tokens and 1 hour for access tokens.)
Where code secrets live.
What/where is Vault?
[Reddit uses Vault to store application secrets, which are injected either as flat files or env vars for our apps. We should never put secrets in plaintext with our code.]
The ivy league school where the famous Morris worm or Internet worm of November 2, 1988 was launched.
What is Cornell?
The open source logging package that spurred a huge industry-wide remediation effort last holiday season.
What is Log4j?
This early movie provided an early glimpse into biometric authentication and rogue dating service algorithms, and reminded us that “my voice is my passport, verify me”.
What is Sneakers?
Reddit's most popular vulnerability category, according to its public bug bounty program.
What is Business logic / authorization flaws?
[We have complex and decentralized checking of "can a user see or do X" with mods, public/private subreddits, deleted authors, etc. and it's hard to automate testing for these failures!]
The 'start' of Cybersecurity in the 1970s grew out of this initial endeavor.
What is The Advanced Research Projects Agency Network (or ARPANET)?
Like any good breakfast combo, best practices is to apply this method of encryption to password databases.
What is salted AND hashed?
Peter Norton, of antivirus fame, calls this PNW university his alma matter.
What is Reed College?