“Hold on there, critics!” Photo Credit: Warner Brothers Focus on the Good Things
There are already too many blogs focusing on the bad things that happened this year. Focusing on the bad things in life makes you miss the good things. For example, reading through the reviews of all 61 “ worst movies of 2018 ”took us would take you 96 minutes (hint: the worst is not Rampage ; that movie was awesome, and so true to the game’s aesthetic). And you don’t have to read “The Worst Rappers of 2018,” because you already know XXXTentacion and Post Malone are going to be on it. (Post, if you read this, we’re just kidding; call us! We left a Glock in your car, we think .) Or, the worst cryptocurrency of 2018
(answer: all of them).
Warning: Check out the hilarious “safety” levels (below), which range from “useless” to “wildly -unsafe.” Come to think of it, those adjectives describe some of us at Shape marketing!
Installation:npm install -g unminify
CLI Usage:uniminify /path/to/file.js --safety may be given to enable/disable transformations based on the user’s required safety guarantees. Refer to the safety levels documentation for more details. The value of --safety may be one of useless safe mostly-safe unsafe wildly-unsafe --additional-transform may be given zero or more times, each followed by a path to a module providing an AST transform; the function signals that the transformation was not applied by returning its input
You can also use the unminify API. Lovely ! Merry Christmas!February: GitHub Earrings Try to Steal Blackfish’s Launch Thunder
To celebrate the launch of our “bad-credential validator” product, Blackfish , Shape’s dashing, brilliant co-founder, Sumit Agarwal (also our boss at the moment), moderated a panel of esteemed security leaders discussing physical versus online security in modern society. Sarah Squire , co-author of the tasty 2017 NIST Digital Identity Guidelines, tells a secret about her earrings:
Who should own the burden of security?
Now, if your users aren’t as sophisticated as Sarah, they might be reusing their favorite password (“monkey”) at your organization. Blackfish will warn you about that, without even collecting the password. You can try it for free. YES, WE SAID FOR FREE !May: How Starbucks Combats Account Takeover
“When you don’t know what to give someone for Christmas, you give them a Starbucks gift card, right?” ― Mike Hughes, Starbucks. LOL, guilty as charged right here. One Christmas we gave out only Starbucks gift cards. The sheer global ubiquity of the green mermaid logo ensures that its gift card program will remain one of the largest, if not the largest, in the world. In 2013 and 2014, Starbucks was one of the most targeted online portals for gift card fraud. They turned to Shape Security, and they were blown away! Don’t believe us?
Starbucks: Why traditional security methods don’t work for ATO
In this sobering webinar, our co-founder and CEO, Derek Smith, draws the story out of Mike Hughes, Starbucks Director of Information Security.
This was the first time we ever got “official” with a customer―you know, like Facebook Official. If you’re looking for the SparkNotes on the video, read this blog we wrote earlier (in a Starbucks!).July: 2018 Credential Spill Report
In July we released our marquee communique, the second annual Credential Spill Report . Shape has a unique perspective on credential spills and credential stuffing, because we see more re-used credentials than any other company on the planet.
Credential Stuffing Attacks on a Top 5 US Bank
The report is full of titillating details about 2018’s automated attackers. For example, the chart above shows five different attack groups hitting a Top 5 US bank at the same time. We actually split and track each group and give them cute names. The “Smooth Criminals” had the best and most unique credential list. Smooth Criminals, if you’re reading this, we want you to know that we’ve put you on Santa’s naughty list.August: Blackfish Inner Workings, Explained!
In August, we answered the questions “What is Blackfish?” and “How does it work?” in our blog entry, “ Look, Ma, No Passwords! ” Spoilers: Blackfish is a distributed bloom filter of all the most common leaked credentials, managed in such a way that we don’t actually expose all those credentials again. Wait, what?The celebrated 2017 NIST Digital Identity Guidelines suggest that everyone check incoming credentials against a corpus of known already-leaked credentials. Sounds sensible, right? You’re nodding your head. Except, where is this known