How I accidentally gatecrashed a startup’s morning meeting - TechCrunch

How I accidentally gatecrashed a startup’s morning meeting - TechCrunch

How I accidentally gatecrashed a startup’s morning meeting - TechCrunch

Posted: 08 Aug 2020 09:34 AM PDT

There's a certain kind of panic that at some point gets us all.

You just got to work but did you leave the oven on at home? The gut-punch "call me ASAP" message from your boss but now they're not answering their phone. Or that moment you unexpectedly see your camera light flash on your computer and you're suddenly in a video call with a ton of people you don't know.

Yes, that last one was me. In my defense it was only slightly my fault.

I got a tip about a new security startup, with fresh funding and an idea that caught my interest. I didn't have much to go on, so I did what any curious reporter would do and started digging around. The startup's website was splashy but largely word salad. I couldn't find basic answers to my simple questions. But the company's idea still seemed smart. I just wanted to know how the company actually worked.

So I poked the website a little harder.

Reporters use a ton of tools to collect information, monitor changes in websites, check if someone opened their email for comment, and navigate vast pools of public data. These tools aren't special, reserved only for card-carrying members of the press, but rather are open to anyone who wants to find and report information. One tool I use frequently on the security beat lists all the subdomains on a company's website. These subdomains are public but deliberately hidden from view, yet you can often find things that you wouldn't from the website itself.

Bingo! I immediately found the company's pitch deck. Another subdomain had a ton of documentation on how its product works. A bunch of subdomains didn't load, and a couple were blocked off for employees only. (It's also a line in the legal sand. If it's not public and you're not allowed in, you're not allowed to knock down the door.)

I clicked on another subdomain. A page flashed open, an icon in my Mac dock briefly bounced, and the camera light flashed on. Before I could register what was happening, I had joined what appeared to be the company's morning meeting.

The only saving grace was my webcam cover, a proprietary home-made double layer of masking tape that blocked what looked like half a dozen people from staring back at me and my unkempt, pandemic-driven appearance.

I didn't stick around to explain myself, but quickly emailed the company to warn of the security lapse. The company had hardcoded their Zoom meeting rooms to a number of subdomains on their company's website. Anyone who knew the easy-to-guess subdomain — trust me, you could guess it — would immediately launch into one of the company's standing Zoom meetings. No password required.

By the end of the day, the company had pulled the subdomains offline.

Zoom has seen its share of security issues and forced to change default settings to prevent abuse, largely driven by greater scrutiny of the platform as its usage rocketed since the start of the coronavirus pandemic.

But this wasn't on Zoom, not this time. This was a company that connected an entirely unprotected Zoom meeting room to a conveniently memorable web address, likely for convenience, but one that could have left lurkers and eavesdroppers in the company's meetings.

It's not much to ask to password-protect your Zoom meetings, because next time it probably won't be me.

Xbox Series X System Architecture to Be Discussed This Month at Hot Chips 2020 - Best gaming pro

Posted: 08 Aug 2020 08:34 AM PDT

The media panorama is altering quickly. Even earlier than COVID, media corporations have been new income fashions past your customary banner advert, all of the whereas making an attempt to navigate the oft-changing world of social media and search, the place a minor algorithm change can increase or tank visitors.

Anytime an trade is within the midst of a change is a superb time for startups to capitalize. That's why we're amped to have Lerer Hippeau's managing companion Eric Hippeau be a part of us for an episode of Additional Crunch Stay.

The episode will air at 2 p.m. ET/11 a.m. PT on August 13. Of us within the viewers can ask their very own questions, however you have to be an Additional Crunch member to entry the chat. In case you nonetheless haven't signed up, now's your probability!

Eric Hippeau served as CEO for the Huffington Submit earlier than co-founding Lerer Hippeau. He additionally served as chairman and CEO at Ziff-Davis, a former prime writer of laptop magazines. He sits on the boards of BuzzFeed and Marriott Worldwide.

Lerer Hippeau portfolio corporations embrace Axios, BuzzFeed, Genius, Chartbeat and Giphy. And whereas the agency has expertise in media, that doesn't imply the portfolio is squarely targeted on it. Different portfolio corporations embrace Casper, WayUp, Warby Parker, Mirror, HungryRoot, Glossier, Everlane, Brit + Co. and AllBirds, to call just some.

As an early-stage investor, Hippeau is aware of what it takes for corporations to get the eye of VCs and take the deal throughout the end line. We'll chat with Hippeau about a few of the dos and don'ts of fundraising, his expectation for the next-generation of startups born on this pandemic world and which sectors he's most excited to spend money on.

As beforehand talked about, Additional Crunch members are inspired to convey their very own inquiries to this dialogue. Come ready!

Hippeau joins an all-star forged of company on Additional Crunch Stay, together with Mark Cuban, Roelof Botha, Kirsten Inexperienced, Aileen Lee and Charles Hudson. You may take a look at the total slate of episodes right here.

You could find the total particulars of the dialog beneath.


Popular posts from this blog

10 Best New Age Business Ideas - CT Post

Florida unemployment system set up to discourage benefit-seekers: governor - Business Insider - Business Insider

COVID-19: New business ideas emerge as people work from home - The Jakarta Post - Jakarta Post