Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet Hardware

Netflix Just Announced a User Focused Security Application (netflix.com) 43

Moving beyond movies and TV shows (and their DVDs), Netflix announced on Tuesday Stethoscope, its "first project following a User Focused Security approach." From a company's blog post: The notion of "User Focused Security" acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it's one of the core principles driving our approach to corporate information security. [...] Stethoscope is a web application that collects information for a given user's devices and gives them clear and specific recommendations for securing their systems. If we provide employees with focused, actionable information and low-friction tools, we believe they can get their devices into a more secure state without heavy-handed policy enforcement. The company says Stethoscope tracks disk encryption, firewall, automatic updates, up-to-date OS/software, screen lock, jailbroken/rooted status, security software stack configurations of the device.
This discussion has been archived. No new comments can be posted.

Netflix Just Announced a User Focused Security Application

Comments Filter:
  • Wow - this is some pretty cool stuff and I commend Netflix for doing it, but really? Netflix?

    • I guess it might give your employer a reason to remove Netflix from the blacklist?
      • I guess it might give your employer a reason to remove Netflix from the blacklist?

        Corporate whitelisting of Netflix services.

        Thank you for helping identify the Netflix Ulterior Motive.

    • by EvilSS ( 557649 ) on Tuesday February 21, 2017 @02:17PM (#53906939)
      Looks like something they developed internally for their own use and decided to open source.
      • by r1348 ( 2567295 )

        I was about to say the same. That's pretty much how Amazon became the biggest cloud computing operator out there: by renting out what they developed internally.

    • by chispito ( 1870390 ) on Tuesday February 21, 2017 @02:22PM (#53906957)
      Check out their GitHub: https://netflix.github.io/ [github.io]

      They open source a lot of their in-house software.
      • That's interesting, wish I was a better coder, I would consider seeing if I could use some of that interface code to make a Kodi compatible Netflix plugin.

    • It make some sense, I suppose. People back in the day probably were weirded out calling Toyota for business management consulting.
    • by orient ( 535927 )
      There is a Chrysler dealership in Calgary that offers just that: having their nails done while their car is being serviced.
      • I think it's a great idea.

        I always thought businesses that have customers in waiting should have secondary services to soak a few extra bucks off of them and to make their time less wasted. When I was in League City they built a Carwash and Grill. The idea was to eat steak and drink while you were getting a car wash, what I considered genius, but they never actually opened the grill while I still lived there, just the bar. So drive there, get drunk drive home. I had an issue with this, but went there an

    • It's bullshit. What it boils down to is yet another business spying on you, rather than offering a new way to mitigate the problem. Same shit that *every* antivirus player offers. None of this will prevent a well-directed phishing attack - one of the things they claim it will help against - so it's just more "security theatre." Let's face it, unless you actually pre-screen mail for threats (and this doesn't) it won't do sweet f*ck all.
    • Wow - this is some pretty cool stuff and I commend Netflix for doing it, but really? Netflix?

      It's a tool developed for internal, corporate users, to make Netflix's own operations more secure. They've decided to open source it, probably in hope that others will have good ideas to make it better.

  • How is this fundamentally different than using SCAP or OVAL content to do a STIG check against a host and then apply remediations against findings? Other than it will hopefully allow "normal" users to understand what the problem is and what to do about it. But normal users probably aren't going to grab an open source security scanner and then follow the recommendations. They would then be abnormal users, by definition.

  • I see three things that are properly called "press releases" in the headlines of Slashdot this morning. It's a typical beginner mistake. Please stop.

  • Upon seeing that it's open source, I'm already starting to brainstorm how to help local schools and libraries set this thing up. Neat!

  • I couldn't find a public "check my phone" link, or I'd've tried it.

    But two of the "practices" listed in Netflix's blog post [netflix.com] appear to conflict. One is "Up-to-date OS/software", an the other is "Not jailbroken/rooted". What does it say when the latest official system software image for a particular device is no longer supported? Does it recommend that the user trade off the "not rooted" practice to obtain "up-to-date OS" by flashing the LineageOS distribution of Android?

    • by skids ( 119237 )

      I couldn't find a public "check my phone" link, or I'd've tried it.

      I believe that would be because your phone is not enrolled in an MDM manager.

      From the article: "Stethoscope is a web application that collects information for a given user's devices"

      This implies it is a web app that, by itself, checks your device and maybe even enumerates/discovers
      your devices. That would make it a scary security hole rather than a security tool since web apps really
      should not be able to access any state of health information on a device (though some is quite leakable these days.)

      Fortunat

      • by tepples ( 727027 )

        I believe that would be because your phone is not enrolled in an MDM manager.

        That'd be fine if there were a "Send me to Google Play Store to temporarily enroll my phone in Netflix's MDM for the duration of the test" button.

  • I guess nobody else noticed that Netflix recently started supporting downloadable video.

    I'd guess that they had to pinky-swear to content providers that they would make some effort to educate users on security, help them secure their computers and devices and networks, etc. etc. etc.

  • " The company says Stethoscope tracks disk encryption, firewall, automatic updates, up-to-date OS/software, screen lock, jailbroken/rooted status, security software stack configurations of the device."

    Fantastic! Which one of those stops the user clicking on the nice shiny link in the email claiming to be from the helpdesk and telling them they need to reset their password instantly or lose their account, then filling in their account details for the nice phisher?

    Oh yeah, none of them. Good luck with that.

  • jailbroken/rooted status,

    Which makes it automatically a user-hostile approach.

Avoid strange women and temporary variables.

Working...