Podcast appearances and mentions of zane lackey

  • 29PODCASTS
  • 50EPISODES
  • 1h 2mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jan 26, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about zane lackey

Latest podcast episodes about zane lackey

That Was The Week
Civility and Civilization

That Was The Week

Play Episode Listen Later Jan 26, 2024 40:11


A reminder for new readers. That Was The Week collects the best writing on critical issues in tech, startups, and venture capital. I selected the articles because they are of interest. The selections often include things I entirely disagree with. But they express common opinions, or they provoke me to think. The articles are only snippets. Click on the headline to go to the original. I express my point of view in the editorial and the weekly video below.Thanks To This Week's Contributors: @TEDchris, @LilyWhitsitt, @RocketToLulu, @saeedtaji, @geneteare, @EricNewcomer, @jeffbeckervc, @jasonlk, @elonmusk, @benshapiro, @StevenLevy, @apple, @bheater, @bmw, @Growcoot, @illscience, @venturetwins, @omooretweets, @conniechanContents* Editorial: Civility and Civilization* Essays of the Week* US Seed Investment Actually Held Up Pretty Well For The Past 2 Years. Here's What That Means For 2024* Lower Valuations, Higher Bar: What It's Like To Raise A Seed Round In 2024 * Unicorns & Inevitabilities* Sequoia, Founders Fund, USV, Elad Gil & Benchmark Top Venture Manager Survey* Why 2024 May Be Tougher on Venture Capital Than 2023* Video of the Week* The Mac at 40* AI of the Week* BMW will deploy Figure's humanoid robot at South Carolina plant* Google's New AI Video Generator Looks Incredible* OpenAI's Sam Altman seeks funds for AI chip factories as demands surge* The Future of Prosumer: The Rise of “AI Native” Workflows* Andreessen Horowitz's Connie Chan to Leave as Consumer Focus Shifts to AI* OpenAI Is a (Relative) Steal* News Of the Week* Ted fellows resign from organisation after Bill Ackman named as speaker* Tesla's Slowdown Disqualifies It From ‘Magnificent Seven' Group* TikTok's Testing 30 Minute Uploads as It Looks To Expand Its Content Options* Instagram to scan under-18s' messages to protect against ‘inappropriate images'* Tiger Global Investor Relations Staff Depart After Fundraising Challenges* Worldcoin hints at new Orb for a friendlier iris-scanning experience* Startup of the Week* Loyalty Startup Bilt Rewards Hits $3.1B Valuation After $200M Round* X of the Week* Elon Musk visits Auschwitz with Ben ShapiroEditorialThere is a lot to digest in this week's newsletter. Gené Teare's two essays on Seed investing head up the Essays of the Week, along with Jeff Becker talking about unicorns and inevitabilities, Eric Newcomer on who are the top investors and Jason Lemkin on the reasons 2024 might be harder for Venture Capital than 2023.But my attention was distracted from venture capital by a Guardian article announcing (triumphantly, I might add) that several TED fellows had resigned from the organization due to an invite to Bill Ackman to speak at this year's TED event in Vancouver.“Lucianne Walkowicz and Saeed Taji Farouky accuse Ted of taking anti-Palestinian stand over controversial billionaire's inclusion”It seems Ackman is not alone. They also object to Bari Weiss being invited. The leavers are also not alone; up to 30 others have signed a “solidarity” letter.The accusations echo much of the discussion around the medieval assassination of Jews on 7 October and Israel's efforts to defeat Hamas in the aftermath. Because these speakers are against anti-Semitism and so supportive of Israel's war against Hamas, they are accused of the ridiculous claim of supporting “Genocide” against Palestinians.“We refuse for our work and identities to be exploited to promote the Ted brand while the organisation and its speakers generate income and advance their careers through dehumanising Palestinians and justifying their genocide,” the pair said.It probably will not surprise readers of this newsletter that I applaud TED curators Chris Anderson and Lily James Olds for not backing down on the invitations. Whatever one believes about the current conflict in Israel, it is clear that banning opponents of anti-Semitism because of their stance is not a solution to anything. I believe the cause of fighting anti-Semitism should be close to the heart of any progressive person. It is not anti-Palestinian to support Jews against being slaughtered in the street, to oppose anti-Semitism, or to condemn Hamas as anti-Jewish murderers. Supporting Jews against slaughter by Hamas is not incompatible with supporting Palestinians. The Guardian reported that Ackman responded to the resignations with a statement:“I stand unapologetically with Israel and against antisemitism and terrorism, while strongly supporting the Palestinian people. Attempts to cancel speech and eliminate the free and respectful exchange of ideas among people with differing views are driving much of the divisiveness that plagues our nation. Truth, wisdom and ultimately peace are the result of the free exchange of ideas and debate, precisely what Ted is all about. It is sad that this is not more widely understood,”Unsurprisingly, one of the resigners, Farouky, told the Guardian he did not regard the issue as freedom of speech. It clearly IS about freedom of speech. Speech only needs protecting when opinions are wide apart and strongly held.For example, here are my views on the actual issues:These are trying times. Over 25,000 deaths in Gaza are hard to comprehend. And I certainly cannot. But I can understand that Jews have to defend themselves. And I can understand that progressive thinkers MUST stand up to anti-Semitism, whatever form it takes.In case there is doubt about my support for Muslim victims of racism, my book Under Seige is about the attacks on Muslims in the UK between 1961 and 1981. It starts with recognizing that racism targets differences and that Jews and Muslims are both targets. Indeed, the very ghettoes that Pakistani and Bengali immigrants were being attacked in had earlier, in the 1930s, been inhabited by Jewish settlers fleeing pogroms. I am not Jewish, and I am not Muslim. But I will always be on both of their sides when they are attacked for their ethnic and racial origin.In Israel, Jews were killed for being Jews. Palestinians are being killed because Hamas is hiding in their cities and buildings. I do not consider Israel's response to be racist against Palestinians. I consider it reasonable in the context of 7 October. I consider that Hamas has done this to Palestinians and probably wanted that outcome. I am sad that Hamas has done this for the Palestinian victims. But I do not doubt that Hamas is to blame.My views may anger you. But do you want me banned or silenced?My title this week is Civility and Civilization. The TED events bring both to the fore. Like those I write here, opinions are there to be disagreed with, debated, and interrogated. Civilized behavior requires dialogue and civility within the dialogue. I certainly understand opinions I disagree with, and far from banning them or walking away so that I do not have to hear them, I want to hear them. We all should.This is a different editorial than usual. I hope the humanity of refusing to forget 7 October and the determination to preserve the view that fighting anti-Semitism is a non-negotiable minimum requirement of civilization are grasped. By the same token, Islamaphobia must be fought. But in Israel, there is no Islamophobia at work. Jews are simply reacting to an atrocity. They are right to blame Hamas.Essays of the WeekUS Seed Investment Actually Held Up Pretty Well For The Past 2 Years. Here's What That Means For 2024Gené Teare, January 24, 2024, @geneteareEditor's note: This is the first in a two-part series on the state of seed startup investing at the start of 2024. Check back tomorrow for Part 2.Despite a broad pullback in global startup investment over the past two years, investors say the U.S. seed funding environment was the most vibrant compared to other funding stages during the downturn.In fact, U.S. seed funding in 2022 grew by close to 10% in terms of dollars invested, in contrast to a downturn at all other funding stages. In 2023, U.S. seed funding fell 31% — a significant proportion — but still less than other funding stages year over year, an analysis of Crunchbase data shows. (It's also worth noting that those other stages had already experienced year-over-year declines in 2022.)In the current startup funding market, “we're seeing a lot more great talent excited about starting things,” said Renata Quintini, co-founder of Renegade Partners, a Bay Area-based investment firm that focuses on Series A companies and is therefore close to the seed ecosystem.Other investors share that enthusiasm. “Valuations are coming down, more talent is available in the market,” said Michael Cardamone of New York-based seed investor Forum Ventures. “A lot of these companies at seed and Series A are going to scale into what will likely be the next bull market.”Seed trends over the decadeSeed as an asset class, not surprisingly, has grown in the U.S. over the past decade. In 2014 less than $5 billion was invested at seed. At the market peak in 2022, seed investment was more than $16 billion, although it fell to $11.5 billion in 2023.Despite the downturn, seed funding in 2023 was still $2 billion to $3 billion higher in the U.S. than in the pre-pandemic years of 2019 and 2020.Higher bar, pricier rounds, better valuedBut in a tougher market, seed investors are being more selective about which companies they fund.“We're being far more disciplined and patient knowing how hard it is for these companies to get to Series A and beyond,” said Jenny Lefcourt, a general partner at Bay Area-based seed investor Freestyle Capital. “Our bar for conviction is higher than it had been in the heyday where everything was getting funded.”In the slower funding environment, the firm has been investing later at the seed stage, “gravitating toward ‘seed plus' or ‘A minus' — pick your favorite term for it — because I feel like I get to see more risk mitigated. I get to see more data,” she said.Freestyle seeks to have ownership of around 12% to 15% in the companies it backs. “The reason is because of our model,” Lefcourt said. “We are low-volume, high-conviction investors.”And because the firm invests in companies that are pre-Series A, “our reality has been that our valuations have actually been higher in this market, which is not what we would have predicted.“But the data we've seen is, we're not alone in that,” she said.…MoreLower Valuations, Higher Bar: What It's Like To Raise A Seed Round In 2024 Gené Teare, January 25, 2024, @geneteareEditor's note: This is the second in a two-part series on the state of seed startup investing at the start of 2024. Read Part 1, which looked at seed funding trends over the past decade and the median time period between seed and Series A funding, here.Seed funding to startups has grown into its own asset class over the past decade, with round sizes trending larger, and a bigger pool of investors backing these nascent startups. But in the aftermath of 2021's venture funding heyday and subsequent pullback, investors say that while seed funding has held up better than other startup investment stages, these very young startups will see lower valuations and must now clear a much higher bar to get backing.More companies raised seed funding above $1 million in 2021. Those companies — which raised during a record-smashing year for venture funding — are saddled with valuations that could be too high for this current market — even at seed. Many of those startups have been forced to cut costs to extend their runways, and face a tougher sales environment.“You could then be sacrificing growth, which is one of the main levers that Series A investors are looking for,” said Michael Cardamone of New York-based seed investor Forum Ventures.2021 after effectsIn 2021 it was “grow, grow, grow, grow,” said Jenny Lefcourt, a general partner at Bay Area-based seed investor Freestyle Capital. “It's embarrassing to look back on, but that was the game being played.”Investors got sloppy during the boom times, she said. “I think a lot of VCs were thrilled to back you, and then say, ‘we'll figure it out.' ”“The reality is that almost anything that was done then — call it 2021 — was the wrong price,” she said.This led to down rounds, even at seed, though those are generally not viewed negatively like they were in the past, she said.In fact, “when our companies get their down rounds done, it's a sign of it's a good business. It just had the wrong price on it,” she said.While the bar is higher to raise funding these days, “I think it's so much better for a company who gets to start in this environment,” Lefcourt said.Down rounds can actually be a sign of conviction, she said. “None of us would do all the heavy lifting to not only give the company more capital, but recap it, which takes a lot. It's a heavy lift — none of us would do that if we weren't super jazzed about the company. The lazier approach, the easier approach, is to just put it on the note, keep it flat, and be done,” she said.Renata Quintini, co-founder of Renegade Partners, a Bay Area-based investment firm that focuses on Series A companies, is hearing of “more ‘pay-to-play' these days and it's starting to get ugly.” This happens when new investors wipe out the prior investors, and anyone seeking equity needs to pony up into the new funding round.Median and averages climbNonetheless, “seed round valuations haven't dropped a ton from even the peak,” according to Forum Ventures' Cardamone. But, “the bar to raise a seed [round] is a lot higher.”“Most first-time founders especially, and the vast majority of founders generally — they have to get significant traction to be able to raise that same round they used to be able to raise. And a lot fewer of those rounds are happening,” he said.“A priced seed round of $3 million at $15 million [pre-money] is still happening, but you might have to be at $500,000 ARR, to raise that round now. Whereas in 2021, it was the norm to raise that round pre-revenue,” he said.Series A fundings have gotten harder as “companies are going out and raising three seed rounds,” said Cardamone.Based on an analysis of Crunchbase data, median and average seed round sizes in the U.S. have climbed through the past decade.In 2023, median and average raises are not far from the peak of 2022, Crunchbase data shows, and were well above pre-pandemic levels. (However, this will shift downward somewhat as the long tail of seed fundings are retroactively added to the Crunchbase database.)Seed rounds got larger“If I have conviction, we may need them to have more money, cause we know it's going to take them longer to reach the milestones that are now higher,” said Lefcourt.Per an analysis of Crunchbase data, larger seed rounds — those $1 million and above — have increased through the decade.The amount of funding to seed-stage companies below $1 million hasn't budged much, and is a fraction of what it was earlier in the decade.Seed below $1 million in 2014 represented around 25% of all seed funding.That has come down as a proportion every year since then.And as of 2021 that proportion has dipped below 10% for the first time, ranging from 5% to 7% of all seed dollars invested in the U.S. since then.Earlier in the past decade, the number of seed deals in rounds below $1 million outpaced those rounds at $1 million and above significantly.But 2021 was once again a pivotal year. That's when $1 million and above seed rounds outpaced smaller seed for the first time.In 2023, they are neck and neck in count. (That might shift as the long tail of seed rounds are added to the Crunchbase database long after they close.)What this all shows is that seed has become an increasingly significant and elongated phase in a company's early life cycle, where companies are raising multiple million-dollar seed rounds. And as of late, more companies than ever before are wading in the seed pool.What does this mean for the seed funding market in 2024?…MoreUnicorns & InevitabilitiesUp and to the right, or not so much?JEFF BECKER, JAN 22, 2024TLDR: Go read Aileen Lee's update to the Unicorn Club… and a few inevitabilities.Did anyone catch Aileen Lee & Allegra Simon's Welcome Back to the Unicorn Club, 10 Years Later?If not, go read it. That's your MMM.If you did read it, you can't help but wonder if the tech sector isn't going to resemble the public markets over time. Ups and downs, but consistently up and to the right over a long enough period.After all, we are creating leverage in ways we've never seen before.And for unicorns, that meant 14X growth over a 10-year period.Could you imagine another 14 or even 10X from here? That would be stratospheric, from ~500 to ~5,000 unicorns? What if the exit sizes did too? $5B, $10B, $50B?Crazy to think, but hardly impossible. After all, we've already seen near-centicorns like Uber's IPO at $75B in 2019.The interesting part about that thought exercise though is not the crazy zero interest rate IPO's, but the fact that entry valuations didn't and don't move nearly as fast as top end outcomes because of the time horizon to realizing them.For example, Airbnb raised $20K from Y Combinator for 6%, then they took another $600K for 20% in their seed.That was 2009. The idea of an IPO for $47B just 11 years later in 2020 probably wasn't even a consideration. Paul Graham and the YC team would've had to believe Airbnb's IPO could compete with AT&T, General Motors, and Visa.Insane.Fast forward, that $333,333 valuation at YC has moved to $1.78m (125K for 7%), and they'll stack another 2.6% ownership on average from their $375K MFN with the average YC company raising seed at a $14.4m cap instead of Airbnb's $3m.That's a ~5X increase in valuation at pre-seed & seed for a 47X increase in IPO size if you were modeling $1B outcomes into your VC fund model in 2009.I'm not saying that will continue. There are counterforces of course.* Margins are way too high. The fact that software margins have persisted at 80% or more is just craziness. Companies will start to use price more aggressively to compete for market share as cheap AI tools enter the market and try to unseat them. This compression will change the value of discounted cash flow models.* Pricing models need to change. One way to reduce sticker price and maintain some semblance of healthy long-term margins is to pay a smaller implementation fee, but incur ongoing services & upgrade costs. This is a more traditional pricing model, and creative economics that leverage this kind of thinking run rampant in the titans of tech. It's a game of deeper roots, higher switching costs, and long-term contracts. With API calls and data usage more prevalent, we'll also see more pay-per-use models, the same way we buy copiers. We'll also see more pay-for-performance models with attributable ROI, akin to Amazon's ACoS model or Rakuten's affiliate marketing model. Customers will prefer it too, placing a higher emphasis customer value. This will also drive margins to condense.* AI, AI, AI. AI will cut OpEx costs dramatically. SDR teams, gone. Copywriters at agencies, you don't need as many. Data scientists? Just run a query against your data lakes. The list goes on. Costs of running these companies is going to get shellacked. Good for margins for sure, but also a compelling opportunity for newcomers to undercut and unseat incumbents too.* More hardware. With software margins condensing, hardware margins will start to feel more attractive too, the maintenance and upgrade fees will resemble what we see in SaaS, and the software that powers these machines will be incredible. Skynet for autonomous off-road vehicles, absolutely.* Less dilution, earlier exits, and stratification. We already see it in the S&P 500 with the top end accounting for an outsized share of total value. With that kind of cash on balance sheets, bigger companies will just buy the smaller ones. Think about how Broadcom rolls up companies. If you've built the business more efficiently, you've also raised less, incurred less dilution, and that $100m exit when you still own 50% is looking pretty prett-ty good compared to the same outcome 5-10 grueling years later to own 5% of $1B.* Massive founder salaries, less emphasis on growth. If you've built a company that's profitable from day one, and you have complete control of your board, what's your incentive to keep the pedal down on growth, or stay on the VC treadmill? World domination? Why not pay yourself 10X, stop fundraising, and continue to tighten the core business until someone acquires you? It's better for the founding team and employees for sure, and it's probably better for customers in most instances too.These are just some of things I think we'll see over the next five years until we approach ZIRPy-dirpy times again and massive growth becomes irresistible.But there are also a whole slew of things I think are inevitabilities that will benefit from these dynamics because we will not only have new technologies, with more attractive pricing, but we will be tackling new opportunities that were created by the prior evolutions across adjacent industries.For example…* Cost of energy is going to zero with nuclear fusion* Longevity is starting to work; check out Loyal for Dogs* Batteries & cameras continue to improve; medical devices, for one, will be more personal & affordable* Disintermediation of big ad networks with new global distribution channels; check out Benjamin* Massive cost reductions driven by AI* Software will be built by software* An aging population is retiring (10,000 per day); wealth transfer & SMB's with no exit paths* Climate change* …and so on and so on and so onThe list is long. Much longer than this. If you want the rest, just reply or comment so that I know, and I'll go deeper next week.Net of all of it, I think we're going to see a tale of two cities. Stronger, more profitable businesses, with smaller, but better founder founder exits in the near term, and a continued growth both in number of total unicorns, and what that top-end outcomes look like in the longer-term.And like I said, go read Aileen's post.Sequoia, Founders Fund, USV, Elad Gil & Benchmark Top Venture Manager SurveyI got my hands on a VC scorecard circulating among top founders & VCsERIC NEWCOMERJAN 25, 2024Before we get started, I want to be clear — this isn't the end-all, be-all list of the top venture capital firms or the most promising startups.But I got my hands on a survey of 91 people at 69 different venture capital firms conducted by a well-respected investor in venture capital firms.The survey results are spreading hand-to-hand in Silicon Valley. The results of the survey rank the most desirable venture capital firms and companies, according to VCs themselves. When I was out in San Francisco last week for The Information's 10th anniversary gala, sources kept bringing it up.My sources tell me that the survey was conducted by Ed Hutchinson, managing partner at Golden Bell Partners. Hutchinson is ignoring my emails.Which firms and companies would top VCs themselves put their money into? It's a question everyone wants to know the answer to.I've got my hands on their list of favorites:Firms* (1) Sequoia* (2) Founders Fund* (3) Union Square* (4) Elad Gil* (5) Benchmark…Much More (but only for subscribers)Why 2024 May Be Tougher on Venture Capital Than 2023by Jason Lemkin | Blog Posts, Fundraising, ScaleSo I thought the toughest times for venture would be behind us now.  In 2022, we were in free fall, with public market caps falling like a knife, and the IPO markets frozen.  And 2023 was the year of the Work Out in venture.  Bridge rounds slowed down, and VCs acknowledged a lot of portfolio companies just weren't going to make it.  It got real in 2023, and that realness got normalized.  The drama mostly was behind us.  And public SaaS stocks in many cases did really, really well in 2023.  So shouldn't 2024 at least be better for venture?So I thought.But the reality is I'm a bit more worried the venture drama in 2024 will be bigger than 2023.  Why?  Four core reasons:#1:  Now We Have to Deal With the Reality of the Stumbling Unicorns.The ones that are doing $100m+ ARR, still growing, but there just isn't going to be any more money coming.  This is going to burn up a ton of energy in VC funds.  Even tougher, the reality is while many VC funds marked down their unicorns to lower valuations in 2023, they often didn't mark them down enough.#2.  The Chase for AI Unicorns and Decacorns is All-consuming.  It's Still 2021 There.The one place where paper money seems easy to come by is Hot AI Startups.   And that's probably not you.  It's just consuming all the oxygen in venture, trying to get into the next Imaging AI startup worth $1B in 10 months.  In AI, 2021 never went away.  In AI, it's still 2021.#3.  A Lot of Seasoned VCs are Discouraged. This Doesn't Help Founders.A lot of VCs who have been around for a while are quietly discouraged.  They just don't see a great path to making a ton of money in venture these days.  We're in Year 3 of a venture downturn, and that weighs of most of us.  At a practical level, for founders, it makes it harder to lean it.#4.  More Valuation Markdowns Are Still to ComeRelated to the first point, but more markdowns are like mutliple rounds of layoffs.  They're just tough.  LPs lose confidence.  Coworkers lose confidence.  We should have gotten through a lot of this in 2023, but we didn't.  Personally, I've got several investments for example that I marked down. 70%-80% or more — that my co-investors didn't mark down at all.#5.  VCs Have Run out of ReservesVCs used what extra “reserve” capital they had for bridge rounds in 2022 and 2023.  Now it's gone.  That's adds to the stress as companies struggle.  You don't have a play anymore.The bottom line is there likely is at least another full year of working through the excesses of 2021.  That will weigh across venture.  No matter what some AI headlines suggest.Video of the WeekThe Mac at 40Apple Shares the Secret of Why the 40-Year-Old Mac Still RulesThe pioneering PC revolutionized how people interact with computers. As the Mac enters its fifth decade, Apple says it will continue to evolve.STEVEN LEVY, Jan 19, 2024 10:00 AMON JANUARY 24, Apple's Macintosh computer turns 40. Normally that number is an inexorable milestone of middle age. Indeed, in the last reported sales year, Macintosh sales dipped below $30 billion, more than a 25 percent drop from the previous year's $40 billion. But unlike an aging person, Macs now are slimmer, faster, and last much longer before having to recharge.My own relationship with the computer dates back to its beginnings, when I got a prelaunch peek some weeks before its January 1984 launch. I even wrote a book about the Mac—Insanely Great—in which I described it as “the computer that changed everything.” Unlike every other nonfiction subtitle, the hyperbole was justified. The Mac introduced the way all computers would one day work, and the break from controlling a machine with typed commands ushered us into an era that extends to our mobile interactions. It also heralded a focus on design that transformed our devices.That legacy has been long-lasting. For the first half of its existence, the Mac occupied only a slice of the market, even as it inspired so many rivals; now it's a substantial chunk of PC sales. Even within the Apple juggernaut, $30 billion isn't chicken feed! What's more, when people think of PCs these days, many will envision a Macintosh. More often than not, the open laptops populating coffee shops and tech company workstations beam out glowing Apples from their covers. Apple claims that its Macbook Air is the world's best-selling computer model. One 2019 survey reported that more than two-thirds of all college students prefer a Mac. And Apple has relentlessly improved the product, whether with the increasingly slim profile of the iMac or the 22-hour battery life of the Macbook Pro. Moreover, the Mac is still a thing. Chromebooks and Surface PCs come and go, but Apple's creation remains the pinnacle of PC-dom. “It's not a story of nostalgia, or history passing us by,” says Greg “Joz” Joswiak, Apple's senior vice president of worldwide marketing, in a rare on-the-record interview with five Apple executives involved in its Macintosh operation. “The fact we did this for 40 years is unbelievable.”…Much MoreAI of the WeekBMW will deploy Figure's humanoid robot at South Carolina plantBrian Heater @bheater / 3:00 AM PST•January 18, 2024Image Credits: FigureFigure today announced a “commercial agreement” that will bring its first humanoid robot to a BMW manufacturing facility in South Carolina. The Spartanburg plant is BMW's only in the United States. As of 2019, the 8 million-square-foot campus boasted the highest yield among the German manufacturer's factories anywhere in the world.BMW has not disclosed how many Figure 01 models it will deploy initially. Nor do we know precisely what jobs the robot will be tasked with when it starts work. Figure did, however, confirm with TechCrunch that it is beginning with an initial five tasks, which will be rolled out one at a time.While folks in the space have been cavalierly tossing out the term “general purpose” to describe these sorts of systems, it's important to temper expectations and point out that they will all arrive as single- or multi-purpose systems, growing their skillset over time. Figure CEO Brett Adcock likens the approach to an app store — something that Boston Dynamics currently offers with its Spot robot via SDK.Likely initial applications include standard manufacturing tasks such as box moving, pick and place and pallet unloading and loading — basically the sort of repetitive tasks for which factory owners claim to have difficulty retaining human workers. Adcock says that Figure expects to ship its first commercial robot within a year, an ambitious timeline even for a company that prides itself on quick turnaround times.The initial batch of applications will be largely determined by Figure's early partners like BMW. The system will, for instance, likely be working with sheet metal to start. Adcock adds that the company has signed up additional clients, but declined to disclose their names. It seems likely Figure will instead opt to announce each individually to keep the news cycle spinning in the intervening 12 months.Unlike some other humanoid designers (including Agility), Figure is focused on creating a dexterous, human like hand for manipulation. The thinking behind such an end effector is the same that's driving many toward the humanoid form factor in the first place: Namely, we've designed our workspaces with us in mind. Adcock alludes to Figure 01 being tasked with an initial set of jobs that require high dexterity.As for the importance of legs, the executive suggests that their importance for maneuvering during certain tasks is as — or more — important than things like walking up stairs and over uneven terrain, which tend to get most of the love during these conversations.…MoreGoogle's New AI Video Generator Looks IncredibleJAN 25, 2024MATT GROWCOOTGoogle has announced Lumiere: an AI video generator that looks to be one of the most advanced text-to-video models yet.The name Lumiere is seemingly a nod to the Lumiere brothers who are credited with putting on the first ever cinema showing in 1895. Just as motion picture was cutting-edge technology at the end of the 19th century, the Lumiere name is once more being associated with something new and original.The demo of Lumiere that Google put out focuses firmly on animals. The model can generate a scene using just text; much the same way AI image generators work, the user can dream up any scenario they would like to see a short video clip of.However, the user can also use an image as a prompt. Google provided multiple examples: including some that are real photos such as Joe Rosenthal's iconic Raising the Flag photo; “Soldiers raising the united states flag on a windy day” saw one of the 20th-centuries most recognizable photos suddently come to life as the soliders struggle with the flag that's being affected by gusts.Also in Lumiere is a “Video Stylization” setting which allows users to upload a source video and then ask the generative AI model for various element changes. For example, a person running may be suddenly turned into a toy made of colorful bricks.Another feature Google showed off is “Cinemagraphs”, where just a section of an image is animated while the rest stays still. “Video Inpainting” is included too which involves masking part of the image so that section can be changed to the user's desire.Space-Time Diffusion ModelLumiere is powered by “Space-Time U-Net architecture that generates the entire temporal duration of the video at once, through a single pass in the model.”This difficult-to-understand concept is apparently in contrast to existing video models which “synthesize distant keyframes followed by temporal super-resolution — an approach that inherently makes global temporal consistency difficult to achieve.”…Much MoreOpenAI's Sam Altman seeks funds for AI chip factories as demands surgeOpenAI CEO Sam Altman has opened discussions with global investors over the possibility of funding a network of artificial intelligence (AI) chip factories to keep pace with soaring demand.Altman is seeking around $8 billion to $10 billion worth of funds to set up several AI chip fabrication plants around the globe, an endeavor that will require synergy between leading chip manufacturers backed by investment giants.Altman is reportedly in talks with Japanese-based financial giant SoftBank Group (NASDAQ: SFTBF) and Abu Dhabi's G42 over funding plans, but details remain sparse. The discussions with G42 have been underway since 2023, with Altman describing a potential chip partnership as laying the foundation “for equitable advancements in generative AI across the globe.”Aside from SoftBank and G42, insiders say that Altman is still pursuing collaborations with other industry players to set up a network of chip fabrication plants. Although exact entities were not namechecked, industry experts are noting Intel Corporation (NASDAQ: INTC), Samsung Electronics, and Taiwan Semiconductor Manufacturing Co. (NASDAQ: TSM) as potential partners.Altman's approach to raising funds hinges on concerns that the chip supply will not be able to meet global demands for AI offerings by 2030. The OpenAI's CEO argues that the ideal solution will be a collaborative effort to set up chip manufacturing plants rather than build in silos.OpenAI has had its fair share of chip scarcity, rolling back a number of its offerings over a steady chip supply. To meet the rising demand, the company is reportedly mulling several options, including the prospect of building its chips from scratch and joining ranks with Google (NASDAQ: GOOGL) and Amazon (NASDAQ: AMZN) to explore an in-house solution.Given the costs associated with an in-house approach, OpenAI may pursue the acquisition of a chip manufacturer as a short-term solution or expand its collaboration with existing partners. However, a potential acquisition opens its own can of worms, including an inquiry by antitrust regulators.Governments are also involvedIn 2023, Altman urged the South Korean government to double their investments in AI chip manufacturing as a veritable strategy to play a leading role in the nascent ecosystem. Currently, South Korea ranks behind the U.S., China, and Japan in chip manufacturing, but a concerted government involvement could see the country climb up the charts.The OpenAI boss disclosed during his visit to South Korea that his firm will back local entities building chips for AI and other emerging technologies, with Samsung rumored to be in top position.“We are exploring how to increase our investment in Korean startups,” said Altman. “We are excited to meet as many as we can here today. I think this type of collaboration is essential to our work.”..MoreThe Future of Prosumer: The Rise of “AI Native” WorkflowsAnish Acharya, Justine Moore, and Olivia MoorePosted January 25, 2024Few people love the software they use to get things done. And it's no surprise why. Whether it's a slide deck builder, a video editor, or a photo enhancer, today's work tools were conceived decades ago — and it shows! Even best-in-class products often feel either too inflexible and unsophisticated to do real work, or have steep, inaccessible learning curves (we're looking at you, Adobe InDesign). Generative AI offers founders an opportunity to completely reinvent workflows — and will spawn a new cohort of companies that are not just AI-augmented, but fully AI-native. These companies will start from scratch with the technology we have now, and build new products around the generation, editing, and composition capabilities that are uniquely possible due to AI. On the most surface level, we believe AI will help users do their existing work more efficiently. AI-native platforms will “up level” user interactions with software, allowing them to delegate lower skill tasks to an AI assistant and spend their time on higher-level thinking. This applies not only to traditional office workers, but to small business owners, freelancers, creators, and artists — who arguably have even more complex demands on their time. But AI will also help users unlock completely new skill sets, on both a technical and an aesthetic level. We've already seen this with products like Midjourney and ChatGPT's Code Interpreter. Everyone can now be a programmer, a producer, a designer, or a musician, shrinking the gap between creativity and craft. With access to professional-grade yet consumer-friendly products with AI-powered workflows, everyone can be a part of a new generation of “prosumers.”In this piece, we aim to highlight the features of today's — and tomorrow's — most successful Gen AI-native workflows, as well as hypothesize about how we see these products evolving.What Will GenAI Native Prosumer Products Look Like?All products with Gen AI-native workflows will share one crucial trait: translating cutting-edge models into an accessible, effective UI.Users of workflow tools typically don't care what infrastructure is behind a product; they care about how it helps them! While the technological leaps we've made with Generative AI are amazing, successful products will importantly still start from a deep understanding of the user and their pain points. What can be abstracted away with AI? Where are the key “decision points” that need approval, if any? And where are the highest points of leverage? There are a few key features we believe products in this category will have: * Generation tools that kill the “blank page” problem. The earliest and most obvious consumer AI use cases have come from translating a natural language prompt into a media output — e.g., image, video, and text generators. The same will be true in prosumer. These tools might help transform true “blank pages” (e.g., a text prompt to slide deck), or take incremental assets (e.g., a sketch or an outline) and turn them into a more fleshed-out product.Some companies will do this via a proprietary model, while others may mix or stitch together multiple models (open source, proprietary, or via API) behind the scenes. One example here is Vizcom's rendering tool. Users can input a text prompt, sketch, or 3D model, and instantly get a photorealistic rendering to further iterate on.Another example is Durable's website builder product, which the company says has been used to generate more than 6 million sites so far. Users input their company name, segment, and location, and Durable will spit out a site for them to customize. As LLMs get more powerful, we expect to see products like Durable pull real information about your business from elsewhere on the internet and social media — the history, team, reviews, logos, etc. — and generate an even more sophisticated output from just one generation. * Multimodal (and multimedia!) combinations. Many creative projects require more than one type of content. For example, you may want to combine an image with text, music with video, or an animation with a voiceover. As of now, there isn't one model that can generate all of these asset types. This creates an opportunity for workflow products which allow users to generate, refine, and stitch different content types in one place.…MoreAndreessen Horowitz's Connie Chan to Leave as Consumer Focus Shifts to AIBy Kate Clark, Erin Woo and Cory WeinbergJan 23, 2024, 7:22am PSTFor years, partners at Andreessen Horowitz proclaimed they would scour the startup world for the next big consumer marketplace like Airbnb or the next hit consumer app out of China, areas in which the firm had unique expertise. Now, it's shifting toward an area more en vogue across venture capital: consumer apps powered by artificial intelligence.Those changes are happening amid an overhaul of its consumer team. Connie Chan, a general partner at Andreessen Horowitz who formerly led a team of consumer investors and was known for spotting internet trends coming from China, said she is leaving the firm.  She may raise her own fund, a person familiar with the matter said. Anish Acharya, a general partner at the firm who invested in enterprise-focused and financial technology businesses, now leads the consumer team, said people familiar with the change.Chan's move also follows a distancing by U.S. VC firms from investments in China tech, once a hotbed for U.S.  investors. In recent months, Chan has privately said it's becoming more difficult for her to work at Andreessen Horowitz because the partners have been increasingly disinterested in anything China related, another person said.The Takeaway• Fintech-focused GP Anish Acharya leading consumer deals• Consumer GP Connie Chan is leaving the firm• Consumer partner Anne Lee Skates left to start own fundThe changes are part of a broader personnel shakeup, including the decision by senior consumer investor and Airbnb board member Jeff Jordan to step back from making new investments last year. Of the four general partners that led the firm through a consumer deal blitz, none remain on the consumer team.Meanwhile, Anne Lee Skates, a consumer partner who worked on the firm's investment in live shopping app WhatNot, left in the fall to raise her own fund, according to two people familiar with the matter. Axios first reported that Chan was leaving the firm.The Andreessen Horowitz changes are emblematic of a broader VC industry gravitation toward AI and away from once-hot sectors like consumer marketplaces and financial technology, as a spike in interest rates undercut the growth aspirations of startups trying to elbow out incumbent social platforms and banking institutions.“We've gotten into this cycle now where, generally speaking, investors are less interested in consumer,” said Ben Lerer, managing partner at Lerer Hippeau. Known for its consumer investments in Warby Parker and Allbirds, the firm has invested 70% of its latest fund in enterprise companies, he said. “And AI feels like this very hopeful, very exciting, fresh thing.”Founders of some consumer startups have noticed the shift at Andreessen Horowitz. One founder of a consumer startup in the firm's portfolio said they had heard little from investment partners over the last year, a contrast to a steady drumbeat of emails the founder got in prior years from Andreessen staff who support portfolio companies with marketing and operations advice.Andreessen Horowitz's consumer investing team has been perhaps most well known for its focus on backing digital marketplaces, from peer-to-peer self-storage to real estate investment marketplaces, that could turn into the next Airbnb. Every year, it releases a ranking of top marketplace startups. “We are obsessed with marketplaces and have been since our inception,” Chan, who led investments in  social fashion startup Cider for the firm in 2021.But some of those startups backed by the firm, such as self-storage startup Neighbor, have struggled to take off in recent years. And like other venture firms, Andreessen Horowitz has also stepped back from investing in Chinese startups, an area of focus for Chan. She had championed the idea that the next wave of breakout U.S. consumer startups will model themselves after China's internet success stories, like all-in-one app WeChat.With $53 billion in assets under management, Andreessen Horowitz is one of the largest of traditional Silicon Valley firms and closely watched among other VC firms as a trend setter. And its track record of sniffing out hitmakers primed its partners to find the next trendy consumer app.The number of consumer deals Andreessen Horowitz has led dropped to 13 last year from 30 in 2021, a record for the firm, according to PitchBook data. It's possible the firm completed more consumer deals and that those investments haven't been announced. Its investments in AI companies have jumped to 23 from nine over the same years, including leading a $415 million investment in Mistral, the French developer of an open-source large language model.The firm has beefed up this team of investors primarily focused on enterprise, software infrastructure and AI startups. Led by Martin Casado, a close confidante to the firm's founders Horowitz and Marc Andreessen, it is raising its first standalone fund and has brought on two new general partners, Anjney Midha and Zane Lackey, since 2022, as well as a number of junior partners.As the infrastructure team gained power, the consumer team's profile shrank. The firm in 2023 combined its consumer and fintech teams and created a new group, called apps, led by general partner Alex Rampell, who previously co-founded installment lender Affirm, The Information reported last year. Under Rampell's leadership, the newly formed apps team will also soon launch a dedicated apps fund, according to people with direct knowledge of the matter. The consolidated team has been encouraged to pursue AI deals.Within Rampell's apps group, Acharya now leads the consumer sub-group. His portfolio of companies includes payroll company Deel and Silo, a provider of supply chain automation software. He's also an investor in Titan, a consumer investment application.Fueling the firm's shift away from consumer apps are likely disappointing returns. The startups that captivated consumers during the pandemic shutdowns have failed to retain their attention. Growth at companies the consumer team bet on, like Clubhouse, which Andreessen Horowitz backed three times in one year, and photo-sharing app BeReal, which it backed in 2021, has stalled.…MoreOpenAI Is a (Relative) StealBy Stephanie PalazzoloJan 22, 2024, 7:35am PSTOver the past year, we've seen billions in funding thrown at AI startups at eye-popping valuations. More important than the absolute valuation figures, though, is how they stack up to those startups' revenue numbers.In the chart above, we've tracked the valuations of eight AI startups that have recently raised funding, calculated against their projected revenue. On average, these companies raised money at a price that is 83 times their projected sales for the next twelve months. That's a big multiple by any measure, reflecting the rocket ship nature of these startups. But what makes the comparison noteworthy is that OpenAI has one of the lowest multiples, even though its business has the most traction.Venture capitalists tend to value early-stage startups at a premium based on their growth rates. OpenAI's business is far bigger and more mature—if we can use that word for a company growing as fast as OpenAI—than other generative AI companies. So, as fast as its revenue pace is growing—more than 20% in just two months most recently—newer firms are growing even faster.For instance, AI-powered search engine Perplexity AI doubled its annual recurring revenue from $3 million to $6 million from October to January. VCs were likely taking that expected growth into account at the time of investment, as the company would have garnered a much lower 75-times forward revenue multiple if it had raised at the same price just a few months later. Similarly, even though OpenAI rival Anthropic was likely generating around $200 million in annualized revenue at the end of last year (according to its October estimates), its projection that it would reach $850 million in annualized revenue by the end of this year surely made its mind-boggling valuation more palatable to investors.When you see the details of these AI startup funding rounds, it can sometimes feel like investors are throwing darts at nine-figure numbers on a wall. The chart suggests there's a method to the madness. Typically, startups selling to companies are valued based on the sector in which they operate. The lowest valuation multiples are accorded to startups offering industry-specific applications, while those offering more generalized applications draw a premium. The most highly valued firms are often infrastructure startups, which create the tools that developers use to build these apps. This order stems from how big the target market of these startups are, ranging from a specific industry (like healthcare or education) to all developers. We can see that general order reflected in burgeoning AI startups. For instance, Harvey, which sells an AI application for lawyers, has one of the lower multiples, while broader-reaching companies like Glean and VAST Data land higher multiples.It seems like investors aren't quite sure yet where model developers like OpenAI and Anthropic fall on this spectrum. Their costs are very different from a typical software startup due to how much computing power they need, and many investors are still worried that closed-source model developers may be overtaken by their cheaper, open-source counterparts.…MoreNews Of the WeekTed fellows resign from organisation after Bill Ackman named as speakerLucianne Walkowicz and Saeed Taji Farouky accuse Ted of taking anti-Palestinian stand over controversial billionaire's inclusionChris McGrealThe Ted organisation has been hit with resignations and criticisms after naming the controversial activist billionaire Bill Ackman, who was instrumental in forcing out Harvard's president over antisemitism allegations, among its main speakers at this year's conference.Four Ted fellows, led by the astronomer Lucianne Walkowicz and the filmmaker Saeed Taji Farouky, resigned from the group on Wednesday, accusing it of taking an anti-Palestinian stand and aligning itself “with enablers and supporters of genocide” in Gaza.“2024 main stage speaker Bill Ackman has defended Israel's genocide and ethnic cleansing of the Palestinian people and has cynically weaponised antisemitism in his programme to purge American universities of Pro-Palestinian freedom of speech,” the pair wrote to Chris Anderson, who leads Ted, and Lily James Olds, director of the fellows programme.“We've become increasingly concerned about the fundamental values and moral compass of the organisation over the years, but with this year's speaker selection, it is clear Ted has crossed a red line.”The conference will be held in Vancouver, Canada, in April, under the banner The Brave and the Brilliant”. The theme of Ackman's talk has not been revealed but his selection was announced last week after he was accused of using his money and influence to help force Claudine Gay's resignation as Harvard's president following her disastrous appearance before Congress in December when she was questioned about on-campus antisemitism during the Israel-Gaza war.Ackman has taken stridently pro-Israel positions, including justifying the scale of the attacks on Gaza in which more than 25,000 Palestinians have been killed, mostly civilians, and the forced removal of about 2 million Palestinians from their homes. He has described criticism of Israel as antisemitism and called for the blacklisting from employment of American students who signed petitions denouncing the offensive in Gaza in the wake of the 7 October Hamas attack on Israel.Farouky and Walkowicz's resignation letter noted that other speakers announced by Ted include the journalist Bari Weiss, who they describe as having “a long, sordid, and well-documented history of anti-Palestinian speech”, but that there are no Palestinians in the line-up.“We refuse for our work and identities to be exploited to promote the Ted brand while the organisation and its speakers generate income and advance their careers through dehumanising Palestinians and justifying their genocide,” the pair said.After the resignation letter was published, two other fellows – the entrepreneur Ayah Bdeir and cosmologist Renée Hlozek – also quit. Nearly 30 others added their names “in solidarity” without leaving Ted.…MoreTesla's Slowdown Disqualifies It From ‘Magnificent Seven' GroupBy Martin Peers, Jan 24, 2024, 5:00pm PSTStock market pundits may want to come up with a new name for the big tech stocks driving the overall market. The “magnificent seven” descriptor—referring to Apple, Microsoft, Alphabet, Amazon, Meta Platforms, Nvidia and Tesla—no longer seems to make much sense. I'd like to suggest that's because none of the company CEOs look like cowboy gunslingers from the 1960 movie that made the phrase famous. It's hard to imagine Steve McQueen playing Tim Cook or Andy Jassy, for instance (although Yul Brynner admittedly could have filled the role of horseback-riding Jeff Bezos).The real reason the moniker no longer works, however, is that at least one member of the group, Tesla, has had anything but a magnificent 2024 so far, and its fourth-quarter earnings report, released Wednesday, only made things worse. Before Tesla reported earnings tonight, its stock had fallen 16% so far this year, and it tumbled another 3% after hours to around $200 a share. This isn't a reaction to CEO Elon Musk's antics, which include asking for a bunch more stock, although that surely doesn't help. The stock decline reflects the slowdown in sales suffered by Tesla, which observers attribute to increased competition and a loss of government incentives. Automotive revenues, which make up the bulk of Tesla's top line, grew just 1% in the fourth quarter—down from 18% in the first quarter.In its outlook for this year issued today, the company said its growth in the volume of car sales would be lower than in 2023, and noted that its team is working on its “next-generation vehicle.” Meantime, expenses have been skyrocketing, eroding its profit margin. But our less-than-rigorous takedown of the magnificent seven branding isn't just about Tesla. If you look at the year-to-date performance of big tech stocks, or even their 2023 performance, you can see that just two tech stocks have roared this year. One is Nvidia, which is in a class of its own: up 27% since Jan. 1, thanks to its stranglehold on the specialized chips used in artificial intelligence. The other is Meta Platforms, which is up nearly 13%, reflecting confidence in its ad business.  In comparison, Microsoft and Alphabet are each up around 8%, likely thanks to expectations that AI will lift their businesses, while Apple and Amazon lag behind with year-to-date stock price rises of less than 5% each. Instead of the magnificent seven, it might be more appropriate to refer to the group as Nvidia, Meta and the humble five.… MoreTikTok's Testing 30 Minute Uploads as It Looks To Expand Its Content OptionsBy Andrew Hutchinson Content and Social Media ManagerThe next stage of TikTok is coming, with some users now seeing the option to upload 30 minute long videos in the app.As you can see in this example, shared by social media expert Matt Navarra, TikTok's currently testing the new 30 minute upload option in the beta version of the app.Which, if you've been paying attention, is not really any big surprise.TikTok has been steadily increasing its maximum post limit for years, with the platform originally starting at 15 seconds per clip, which was then extended to 60 seconds, then 3 minutes, then 5 minutes, before rising to 10 minutes in 2022.Last October, TikTok began experimenting with 15 minute uploads, so the trend towards longer clips isn't new.Though 30 minutes is likely the upper limit, based on the Chinese version of the app. Douyin, which is TikTok in China, expanded its upload limit to 30 minutes per clip in 2022, and it hasn't gone any further as yet.And presumably, Douyin has also seen good response to this longer time limit, which is why TikTok is now looking to implement the same, though it does seem like a long time to be watching a TikTok clip in-stream.Will users really warm to TV show length clips in the app?…MoreInstagram to scan under-18s' messages to protect against ‘inappropriate images'Feature will work even on encrypted messages, suggesting platform plans to implement client-side scanningAlex Hern and Dan MilmoInstagram will begin scanning messages sent to and from under-18s to protect them from “inappropriate images”, Meta has announced.The feature, being kept under wraps until later this year, would work even on encrypted messages, a spokesperson said, suggesting the company intends to implement a so-called client-side scanning service for the first time.But the update will not meet controversial demands for inappropriate messages to be reported back to Instagram servers.Instead, only a user's personal device will ever know whether or not a message has been filtered out, leading to criticism of the promise as another example of the company “grading its own homework”.“We're planning to launch a new feature designed to help protect teens from seeing unwanted and potentially inappropriate images in their messages from people they're already connected to,” the company said in a blogpost, “and to discourage them from sending these types of images themselves. We'll have more to share on this feature, which will also work in encrypted chats, later this year.”…Much MoreTiger Global Investor Relations Staff Depart After Fundraising ChallengesBy Francesca Friday and Maria HeeterJan 24, 2024, 4:46pm PSTSeveral Tiger Global Management employees focused on raising capital for the New York firm's venture funds have taken buyout offers, according to a person familiar with the matter. The departures of the staff, who worked with prospective investors, come as the firm has struggled to raise money for its latest venture capital fund after a collapse in startup valuations soured its paper returns for earlier funds.As of the second quarter of 2023, a $12.7 billion fund that Tiger started making investments from in October 2021 had a paper loss of 18%, calculated as an annualized return net of management fees, according to internal data distributed to investors in the fund. That's a slight improvement from six months earlier, when the 2021 fund showed a loss of 20%. The fund's performance is in the bottom quartile of funds started that year, the document said, and has also lagged the S&P 500's annualized net return in the same period.The Takeaway• Tiger employee buyouts are the latest example of VC cost-cutting• Tiger's $12.7 billion had lost 18% on paper as of June* Tiger could soon show a $350 million gain from OpenAI stakeAs of June 30, 2023, the $12.7 billion fund hadn't returned any cash to investors, which isn't unusual for such a young fund. But the paper losses are closely guarded secrets that reflect the kind of write-downs other venture firms have been making over the past two years as tech valuations have fallen.It isn't clear how big Tiger's investor relations team is, but the departures are the latest example of belt-tightening across the venture industry. Firms are raising smaller funds and striking fewer deals, reducing the need for sprawling support staff—including those who help firms raise money from pension funds and endowments...MoreWorldcoin hints at new Orb for a friendlier iris-scanning experienceby Vivian NguyenThe next-gen device will feature various colors and shapes to enhance its visual appeal.Worldcoin, an iris biometric crypto project, is set to launch a new Orb that aims to offer a more user-friendly iris-scanning experience, said Alex Blania, CEO and co-founder of Tools for Humanity, the developer behind the project, in an exclusive interview with TechCrunch today.“The next Orb will roll out in the first half of this year and will feature alternative colors and form factors in an effort to look ‘much more friendly,'” Blania explained. “Overall, it is going to look way more tuned down and similar to an Apple product.”Blania acknowledges that the initial design of the Orb predated his time at the company. “The new orb is coming and the next iterations will look quite different,” he remarked during a fireside chat at a recent StrictlyVC event, signaling a departure from the current, more controversial design.The goal of Worldcoin, as described by Blania, is to reach billions of users as fast as possible.“The thesis is very simple. We race toward billions of users as fast as we possibly can,” said Blania.Founded by Blania, Sam Altman, and Max Novendstern, Tools for Humanity has raised around $250 million from prominent investors like a16z and Bain Capital Crypto, among others. The project is famous for its unique Orb device designed to scan people's irises and assign them a “World ID,” granting access to Worldcoin's application and a digital passport. Worldcoin's vision is to authenticate individual identities and prevent the creation of multiple accounts.The current design of the Orb has been a topic of much debate due to its intimidating look, similar to a prop from a sci-fi movie, according to Blania. The company has also faced criticism for its beta testing approaches in developing economies and concerns over privacy and data security.Despite some skepticism, the Orb has seen practical use. At the StrictlyVC event in downtown San Francisco, a Tools for Humanity employee reported that a “couple dozen” attendees scanned their iris to receive a World ID. There has also been “field testing” of the new Orb design.…MoreStartup of the WeekLoyalty Startup Bilt Rewards Hits $3.1B Valuation After $200M RoundChris MetinkoJanuary 24, 2024Bilt Rewards, a loyalty rewards startup, raised a $200 million round led by General Catalyst at a $3.1 billion valuation — more than double the number after its last fundraising in 2022.The round also included participation from Eldridge Industries, Left Lane Capital, Camber Creek and Prosus Ventures.The New York-based startup allows consumers to earn rewards on the rent they pay. Bilt plans to use some of the proceeds to expand its network to include local dining, grocery stores, ridesharing and other retail purchases.“We're not just building a loyalty program; we're creating a community-centric ecosystem that benefits everyone from renters to local businesses,” said founder and CEO Ankur Jain.The company also appointed some big names to roles in the company. Bilt named Ken Chenault, former chairman and CEO of American Express, as its chairman, and Roger Goodell, the commissioner of the NFL, as an independent director.Big moneyThe company reported its annualized member spend is nearing $20 billion. It also became profitable on an earnings before interest, taxes, depreciation and amortization basis last year.Those metrics must have impressed investors, as Bilt has seen its valuation shoot up after raising a $150 million Series B at a pre-money valuation of $1.4 billion in October 2022. Founded in 2021, the company has raised a total of $413 million, per Crunchbase.Last year was a slow go for loyalty startups. Such companies raised only $74 million, per Crunchbase data. However in 2022, loyalty startups raised more than a half-billion dollars thanks to big raises that included Bilt's Series B and Madison, Wisconsin-based Fetch's $240 million Series E.With this fundraise, things are looking up for loyalty startups again.X of the Week This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit thatwastheweek.substack.com/subscribe

united states tv ceo american new york amazon founders canada world tiktok israel google china uk apple nfl ai secret growth japan future french san francisco reality truth video chinese government data german japanese elon musk microsoft cost tools jewish startups wisconsin congress uber 3d harvard generation testing raising jews humanity tesla silicon valley south carolina companies pc muslims ceos massive bridge investors climate speech airbnb seed chatgpt vancouver guardian spot figure mac tiger soldiers customers roi brave clubhouse korean jeff bezos south korea bay area stronger costs neighbor founded led consumer workout pricing saas gaza insane personally samsung vc hamas visa longevity ipo brilliant palestinians freedom of speech bmw flag ups att fundraising freestyle venture users chan api apples venture capital openai deel nvidia alphabet loyal genocide abu dhabi civilization ui auschwitz american express south koreans automotive general motors valuations coworkers fueling pcs 1b pakistani margins vcs hutchinson essays semitism 10x techcrunch agility discouraged tim cook firms roger goodell macbook pro copywriters arr wechat y combinator civility unsurprisingly macs islamophobia steve mcqueen cider skynet lps affirm durable imac smb silo axios altman tale of two cities s p sam altman sequoia 20k 5b be real fetch mmm softbank orb chromebooks macbook air macintosh horowitz warby parker series b sdks bengali median andreessen horowitz sdr boston dynamics israel gaza yc chris anderson 600k rakuten 5x union square spartanburg bari weiss broadcom marc andreessen paul graham civilized acos in israel allbirds opex lumiere bill ackman multimodal acharya mistral anthropic glean founders fund crunchbase andy jassy adcock general catalyst onthe yul brynner 125k samsung electronics douyin series e islamaphobia ackman pitchbook steven levy 50b andreessen bilt usv elad gil adobe indesign jason lemkin eric newcomer lerer hippeau 75b disintermediation jeff jordan jeff becker aileen lee martin casado ken chenault matt navarra connie chan zane lackey cinemagraphs week elon musk joe rosenthal alex rampell
Paul's Security Weekly TV
Defense for Healthcare, Scope Security, Balbix, & DevOps Wizardry - ESW #263

Paul's Security Weekly TV

Play Episode Listen Later Mar 5, 2022 41:17


Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

healthcare security defense scope devops palo alto wizardry siem third party risk management zane lackey enterprise security weekly enterprise security news
Enterprise Security Weekly (Video)
Defense for Healthcare, Scope Security, Balbix, & DevOps Wizardry - ESW #263

Enterprise Security Weekly (Video)

Play Episode Listen Later Mar 4, 2022 41:17


Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

healthcare security defense scope devops palo alto wizardry siem third party risk management zane lackey enterprise security weekly enterprise security news
Enterprise Security Weekly (Audio)
ESW #263 - Chad Skipper, Karen Worstell, & Sharon Goldberg

Enterprise Security Weekly (Audio)

Play Episode Listen Later Mar 4, 2022 112:55


This week, in our first segment, we welcome Chad Skipper, Global Security Technologist at VMware, & Karen Worstell, Sr. Cybersecurity Strategist at VMWare, for an interview on Exposing Malware in Linux-Based Multi-Cloud Environments! Then, Sharon Goldberg, the CEO and Co-Founder at BastionZero Inc, joins us to discuss Putting the Zero Back Into Zero-Trust! Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Segment Resources: https://via.vmw.com/exposingmalware This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw263

ceo co founders putting sr analysis devops palo alto vmware skipper siem third party risk management zane lackey karen worstell sharon goldberg enterprise security weekly segment resources enterprise security news
Paul's Security Weekly
ESW #263 - Chad Skipper, Karen Worstell, & Sharon Goldberg

Paul's Security Weekly

Play Episode Listen Later Mar 4, 2022 112:55


This week, in our first segment, we welcome Chad Skipper, Global Security Technologist at VMware, & Karen Worstell, Sr. Cybersecurity Strategist at VMWare, for an interview on Exposing Malware in Linux-Based Multi-Cloud Environments! Then, Sharon Goldberg, the CEO and Co-Founder at BastionZero Inc, joins us to discuss Putting the Zero Back Into Zero-Trust! Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Segment Resources: https://via.vmw.com/exposingmalware This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw263

ceo co founders putting sr analysis devops palo alto vmware skipper siem third party risk management zane lackey karen worstell sharon goldberg enterprise security weekly segment resources enterprise security news
Atolio Conversations
Zane Lackey, Co-founder at Signal Sciences

Atolio Conversations

Play Episode Listen Later Dec 1, 2021 20:53


Zane Lackey is a Co-founder and the Chief Security Officer at Signal Sciences, a web-application security company acquired by Fastly. Zane shares what his career has taught him about security, founding teams, and what the future holds for digital transformations. The time Zane was hacked in 30 seconds (1:07)Moving from @Etsy to founding Signal Sciences (5:57)What to look for in founding teams (8:50)Biggest lessons learned from co-founding (10:28)Zane's advice on learning from others (18:37)

Cloud Security Podcast
CISO Challenges in 2021 - Zane Lackey Signal Sciences, Fastly

Cloud Security Podcast

Play Episode Listen Later Feb 10, 2021 51:38


In this episode of the Virtual Coffee with Ashish edition, we spoke with Zane Lackey, CISO & Co-Founder Signal Sciences, which is now owned by Fastly. Host: Ashish Rajan - Twitter @hashishrajan Guest: Zane Lackey - Linkedin In this episode, Zane & Ashish spoke about What was your path to your current CyberSecurity Role? DevOps movement between East Coast and West Coast in 2010 - Etsy (Biggie) & Netflix (2Pac) Was the change to 30 production deployments a day, good thing for security? What was action plan as a CISO to tackle 30 deployments a day? Has the viewpoint on Security and thing that kept CISO awake at night changed due to Pandemic? Post Pandemic CISOs have 100s of single pane of glass Scale is the problem that is facing every security team. And much more… ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

Hashtag Realtalk with Aaron Bregg
Episode 23 - Let's Talk Web Application Security

Hashtag Realtalk with Aaron Bregg

Play Episode Listen Later Oct 28, 2020 41:15


In this episode I talk with Zane Lackey about Web Application Security. Zane is the Co-Founder and Chief Security Officer for Signal Sciences. Talking Points and Listener Submitted Questions:What kinds of 'Real World' attacks are people dealing with against web applications?How do you detect an attack against a web application?How do you measure the effectiveness of your technical web app security controls (WAF, API, Authentication, Business Logic, etc.)?How do can you ensure that your companies web application API's cannot be abused to access data that the user is unauthorized to access?Do bug bounty programs work?Should all SMBs have a web application vulnerability disclosure program?This episode is sponsored by Signal Sciences. Signal Sciences is a web application security company based out of Culver City, California.

Paul's Security Weekly TV
Affects of COVID-19 on Web Applications - Zane Lackey - PSW #659

Paul's Security Weekly TV

Play Episode Listen Later Jul 25, 2020 51:16


Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences.   Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

Paul's Security Weekly (Podcast-Only)
Gouge My Eyes Out With Forks - PSW #659

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Jul 25, 2020 188:36


This week, we welcome back Zane Lackey, Chief Security Officer at Signal Sciences, to talk about the Affects Of COVID-19 On Web Applications! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to discuss The Power of the Cloud Platform, One Single Agent, One Global View! In the Security News, Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!   Show Notes: https://wiki.securityweekly.com/psw659 Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly
Gouge My Eyes Out With Forks - PSW #659

Paul's Security Weekly

Play Episode Listen Later Jul 25, 2020 188:36


This week, we welcome back Zane Lackey, Chief Security Officer at Signal Sciences, to talk about the Affects Of COVID-19 On Web Applications! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to discuss The Power of the Cloud Platform, One Single Agent, One Global View! In the Security News, Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!   Show Notes: https://wiki.securityweekly.com/psw659 Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly (Video-Only)
Affects of COVID-19 on Web Applications - Zane Lackey - PSW #659

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Jul 24, 2020 51:16


Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences.   Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

The Secure Developer
Ep. #68, DevSecCon London Panel

The Secure Developer

Play Episode Listen Later Jul 2, 2020 70:50


Today's episode of The Secure Developer features some fantastic content from a panel at DevSecCon London. Clint Gibler, Research Director at the NCC Group is joined by Doug DePerry, Director of Defense at Datadog, Tash Norris, Head of Product Security at Moonpig, Jesse Endahl, CSO at Fleetsmith, and Zane Lackey, CSO at Signal Sciences. The discussion begins with a dive into building a good security culture within a company and ways to get other members of an organization interested in security. Some of the strategies explored include cross-departmental relationship building, incentivizing conversations with the security team through swag and food, and embedding security within development teams. We then turn our attention to metrics. There are often competing priorities between developers and security, which can cause tension. The panel shares some of the security metrics that have and have not worked for them, and we also hear different takes on the often-divisive bug count metric. Next up is a dive into working with limited personnel and financial resources, one of the most common constraints security teams face. We hear how the panel approaches prioritization, adding value to the organization as a whole, and the importance of making the security capabilities digestible to the developers. After this, the panel explores risk quantification and subsequent communication. While it's difficult to quantify risk precisely, there are some effective strategies such as risk forecasting. Along with this, techniques on communicating with executives in resonant ways to convey the severity of potential threats are also shared. Other topics covered include policy-driven vs technical-driven security and skilling up less technical teams, how to know when security is ‘done,' and incentives for upholding security protocols!

director head defense panel cso research director datadog moonpig ncc group signal sciences zane lackey fleetsmith
TechCrunch Startups – Spoken Edition
Saas Management startup Intello scores $2.5 million extended seed

TechCrunch Startups – Spoken Edition

Play Episode Listen Later May 13, 2019 3:56


Intello, the New York City-based Saas management platform, announced a $2.5 million extended seed round today, along with some product enhancements. The round was led by Resolute Ventures . Harrison Metal and Magnetico Ventures also participated along with various individual angel investors including Zane Lackey from Signal Sciences, Chris Smoak from Atrium and Zach Sherman from Timber. Today's investment brings the total raised to $4 million, according the company.

new york city management startups seed saas scores timber atrium signal sciences zane lackey intello harrison metal
Security Voices
DevOpSec Conversation with Zane Lackey, CSO Signal Sciences

Security Voices

Play Episode Listen Later Feb 21, 2019 50:28


DevOpSec Conversation with Zane Lackey, CSO Signal Sciences

signal sciences zane lackey
Paul's Security Weekly TV
Zane Lackey, Signal Sciences - Business Security Weekly #114

Paul's Security Weekly TV

Play Episode Listen Later Jan 23, 2019 28:20


Zane Lackey is the Chief Security Officer at Signal Sciences. Zane comes on the show to talk about advising! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

interview advising chief security officer bsw signal sciences zane lackey matt alderman business security weekly
Paul's Security Weekly
Become An Expert - Business Security Weekly #114

Paul's Security Weekly

Play Episode Listen Later Jan 22, 2019 52:11


This week, Matt and Paul interview Zane Lackey, Co-Founder and Chief Security Officer at Signal Sciences! In the Leadership and Communications segment, customer surveys are no substitute for actually talking to customers, CEOs most concerned about Cybersecurity in 2019, the open workspace, doesn't work, and more!   Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114 Visit https://www.securityweekly.com/bsw for all the latest episodes! For more information about Signal Sciences, visit: https://www.signalsciences.com/psw   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

business interview leadership news co founders ceos cybersecurity workspace advising chief security officer bsw security weekly signal sciences paul asadoorian zane lackey matt alderman business security weekly leadershiparticles openworkspace
Business Security Weekly (Audio)
Become An Expert - Business Security Weekly #114

Business Security Weekly (Audio)

Play Episode Listen Later Jan 22, 2019 52:02


This week, Matt and Paul interview Zane Lackey, Co-Founder and Chief Security Officer at Signal Sciences! In the Leadership and Communications segment, customer surveys are no substitute for actually talking to customers, CEOs most concerned about Cybersecurity in 2019, the open workspace, doesn't work, and more!   Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114 Visit https://www.securityweekly.com/bsw for all the latest episodes! For more information about Signal Sciences, visit: https://www.signalsciences.com/psw   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

business interview leadership news co founders ceos cybersecurity workspace advising chief security officer bsw security weekly signal sciences paul asadoorian zane lackey matt alderman business security weekly leadershiparticles openworkspace
Business Security Weekly (Video)
Zane Lackey, Signal Sciences - Business Security Weekly #114

Business Security Weekly (Video)

Play Episode Listen Later Jan 22, 2019 28:20


Zane Lackey is the Chief Security Officer at Signal Sciences. Zane comes on the show to talk about advising! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

interview advising chief security officer bsw signal sciences zane lackey matt alderman business security weekly
AI Australia
Cybersecurity Trends in AI with Zane Lackey

AI Australia

Play Episode Listen Later Dec 17, 2018 55:12


Joining us today is Zane Lackey, Co-Founder and Chief Security Officer at Signal Sciences based in New York.   Zane serves on multiple public and private advisory boards and is an investor in emerging cybersecurity companies. He is incredibly well versed in the various trends and advancements in cybersecurity and defending against attacks.   He is the author of Building a Modern Security Program, a how-to in building and scaling effective security teams.   Prior to co-founding Signal Sciences, Zane led a security team at the forefront of the DevOps/Cloud shift as Chief Security Officer of Etsy.   We also have a guest co-host today is Craig Templeton. Craig is the Chief of Information Security Officer REA group and has spent 20 years working in cybersecurity. Safe to say, this episode is stacked with insight into the state of the security industry and what it means for both citizens and businesses.   Here’s what’s discussed in today’s episode:   Why it’s been a rough year in the tech industry How the concept of defence and depth has been turned into expense and depth. Why security teams are drowning in too much data and need to focus on what is important.   The threat to cybersecurity as a result of automation Privacy risks - how do we eliminate or reduce personal information data? The implications of data corruption Why people may lose trust in machines and avoid using them When the most simple methods in designing defence systems can often be overlooked Should citizens be able to opt out of automated decisions and would they even know? Why legislation needs to catch up with technology How can we better adopt and embrace technology such as DevOps, Cloud, AI, and machine learning?

Application Security Weekly (Video)
Zane Lackey, Signal Sciences - Application Security Weekly #31

Application Security Weekly (Video)

Play Episode Listen Later Sep 12, 2018 43:21


Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

founders applications signal sciences paul asadoorian zane lackey keithhoodlet application security weekly
Paul's Security Weekly TV
Zane Lackey, Signal Sciences - Application Security Weekly #31

Paul's Security Weekly TV

Play Episode Listen Later Sep 12, 2018 43:21


Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

founders applications signal sciences paul asadoorian zane lackey keithhoodlet application security weekly
Paul's Security Weekly
Around the World - Application Security Weekly #31

Paul's Security Weekly

Play Episode Listen Later Sep 12, 2018 76:22


This week, Keith and Paul interview Zane Lackey, Chief Security Officer and Founder of Signal Sciences! In the news, U.S. government releases Post-mortem on Equifax, Microsoft Windows Zero-Day found in Task Scheduler, British Airways breached via XSS, Windows subsystem Linux for Linux Distros, Bug Bounties and mental health, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Application Security Weekly (Audio)
Around the World - Application Security Weekly #31

Application Security Weekly (Audio)

Play Episode Listen Later Sep 12, 2018 76:22


This week, Keith and Paul interview Zane Lackey, Chief Security Officer and Founder of Signal Sciences! In the news, U.S. government releases Post-mortem on Equifax, Microsoft Windows Zero-Day found in Task Scheduler, British Airways breached via XSS, Windows subsystem Linux for Linux Distros, Bug Bounties and mental health, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

CISO-Security Vendor Relationship Podcast
Security Made the Mess. They Should Clean It Up.

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 27, 2018 29:53


Security is suffering from a serious Rodney Dangerfield "I get no respect" problem. What has often been seen as the department of "no" is struggling under that brand image. That's probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it'll be their responsibility to dig themselves out. Here's what you'll hear on the latest episode of the CISO/Security Vendor Relationship Podcast: Nobody thinks security is their friend: How can security rid itself of this highly negative branding? Be problem solvers vs. problem creators. Techniques to integrate AppSec into the DevOps process: It comes down to measurement, respecting an engineer's time, and learning from the success of one process and putting it into another. Read more great insight by Chris Steipp of Lyft. We play "What's Worse?!" In this episode of the game we question the worst scenario of an encrypted or unencrypted laptop, but with qualifications. Uggh, WAFs are NOT magical boxes: In a round of "Please, Enough. No, More." we challenge the way web application firewalls (WAFs) are being sold. WAFs need to be more friendly and flexible. No one believes you if you sell them as magical boxes that stop all attacks. How can you be a great customer? We turn the tables from "Ask a CISO" to "Ask a Vendor" and ask what it takes to be a great customer. Vendors would like you to ttop kicking the tires and talk about solving real problems. Plus a ten-second security tip: It may be cliche, but if security departments want to be more effective, they should be moving away from blocking to enabling. Special thanks to Signal Sciences for sponsoring this episode. If you’re using WAFs, make sure you read “Three Ways Legacy WAFs Fail,” by their head of research, James Wickett. As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Zane Lackey (@zanelackey), co-founder and CSO for Signal Sciences and author of the new book from O'Reilly, "Building a Modern Security Program." Sponsor the Podcast If you'd like to sponsor the podcast, contact David Spark at Spark Media Solutions.

Paul's Security Weekly TV
Zane Lackey, Signal Sciences - Paul's Security Weekly #567

Paul's Security Weekly TV

Play Episode Listen Later Jul 15, 2018 42:08


Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

director interview technology security etsy cso us state department advisory boards security engineering senior security consultant signal sciences zane lackey paul's security weekly
Paul's Security Weekly (Video-Only)
Zane Lackey, Signal Sciences - Paul's Security Weekly #567

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Jul 14, 2018 42:08


Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Paul's Security Weekly
Balls On Fire - Paul's Security Weekly #567

Paul's Security Weekly

Play Episode Listen Later Jul 13, 2018 135:32


This week, Paul interviews Zane Lackey, Founder and CSO of SIgnal Sciences! In our second feature interview, Paul talks with Limor Elbaz, Founder of Peerlyst! In the Security News, Arch Linux PDF reader package poisoned, WPA3, Two news Spectre-class CPU flaws cause $100k bounty, Average cost of a data reach exceeds $3.8 million, ,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode567   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly (Podcast-Only)
Balls On Fire - Paul's Security Weekly #567

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Jul 13, 2018 135:32


This week, Paul interviews Zane Lackey, Founder and CSO of SIgnal Sciences! In our second feature interview, Paul talks with Limor Elbaz, Founder of Peerlyst! In the Security News, Arch Linux PDF reader package poisoned, WPA3, Two news Spectre-class CPU flaws cause $100k bounty, Average cost of a data reach exceeds $3.8 million, ,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode567   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Zero Hour Podcast
Zane Lackey - Risk, Transformation & his parents

Zero Hour Podcast

Play Episode Listen Later May 29, 2018 49:59


Zane Lackey is the co-founder and Chief Security Officer at Signal Sciences and serves on the advisory boards of the Internet Bug Bounty Program and the US State Department backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at ISec Partners. He has been featured by BBC, Forbes and Wired. As well as a frequent speaker at BlackHat, RSA and Microsoft BlueHat. Three takeways: - Cyber Security is a business risk - Security isn't the winner, the business is - Implement security at the heart of every transformation Follow Zane on Twitter: @zanelackey Read Zane's thoughts: https://medium.com/@zanelackey Follow us: Twitter: @zerohour Instagram: @zerohourexperience Website: www.karlsharman.com This podcast is sponsored by: BeecherMadden - www.beechermadden.com Cyber Security Professionals - www.cybersecurity-professionals.com

Security Conversations
Zane Lackey, Chief Security Officer, Signal Sciences

Security Conversations

Play Episode Listen Later Apr 16, 2018 41:40


Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.

Paul's Security Weekly TV
Zane Lackey, Signal Sciences Paul's Security Weekly #547

Paul's Security Weekly TV

Play Episode Listen Later Feb 11, 2018 45:22


Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. He joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

us state department advisory boards signal sciences zane lackey paul's security weekly
Paul's Security Weekly (Video-Only)
Zane Lackey, Signal Sciences Paul's Security Weekly #547

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Feb 10, 2018 45:22


Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. He joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

us state department advisory boards signal sciences zane lackey paul's security weekly
Paul's Security Weekly
Walk The Plank - Paul's Security Weekly #547

Paul's Security Weekly

Play Episode Listen Later Feb 9, 2018 120:44


This week, Zane Lackey of Signal Sciences joins us for an interview! Our very own Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC! In the news, we have updates from Bitcoin, NSA, Facebook, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode547   Visit https://www.securityweekly.com/psw for all the latest episodes!

security bitcoin cyber sciences signal heist nsa lackey pesce walk the plank signal sciences zane lackey asadoorian technicalsegment larry pesce paul's security weekly
Paul's Security Weekly (Podcast-Only)
Walk The Plank - Paul's Security Weekly #547

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Feb 9, 2018 120:44


This week, Zane Lackey of Signal Sciences joins us for an interview! Our very own Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC! In the news, we have updates from Bitcoin, NSA, Facebook, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode547   Visit https://www.securityweekly.com/psw for all the latest episodes!

security bitcoin cyber sciences signal heist nsa lackey pesce walk the plank signal sciences zane lackey asadoorian technicalsegment larry pesce paul's security weekly
Software Engineering Radio - The Podcast for Professional Software Developers
SE-Radio Episode 309: Zane Lackey on Application Security

Software Engineering Radio - The Podcast for Professional Software Developers

Play Episode Listen Later Nov 14, 2017


Founder of Signal Sciences Zane Lackey talks with Kim Carter about Application Security around what our top threats are today, culture, threat modelling, and visibility, and how we can improve our security stature as Software Engineers.   Related Links Web Application Security: Threats, Countermeasures, and Pitfalls Network Security with Haroon Meer Docker Security with Diogo […]

Software Engineering Radio - The Podcast for Professional Software Developers
SE-Radio-Episode-309-Zane-Lackey-on-Application-Security

Software Engineering Radio - The Podcast for Professional Software Developers

Play Episode Listen Later Nov 13, 2017 71:49


Founder of Signal Sciences Zane Lackey talks with Kim Carter about Application Security around what our top threats are today, culture, threat modelling, and visibility, and how we can improve our security stature as Software Engineers.

Security Boulevard Chat
Top Lessons for DevSecOps, Zane Lackey, Signal Sciences

Security Boulevard Chat

Play Episode Listen Later Sep 19, 2017 22:37


Zane Lackey, co-founder of Signal Sciences and formerly of Etsy give us the top lessons for DevSecOps. Great list from Zane. Great discussion

lessons etsy devsecops signal sciences zane lackey
Brakeing Down Security Podcast
2017-033- Zane Lackey, Inserting security into your DevOps environment

Brakeing Down Security Podcast

Play Episode Listen Later Sep 17, 2017 60:36


Zane Lackey (@zanelackey on Twitter) loves discussing how to make the DevOps, and the DevSecOps (or is it 'SecDevOps'... 'DevOpsSec'?) So we talk to him about the best places to get the most bang for your buck getting security into your new DevOps environment. What is the best way to do that? Have a listen... Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-033-Zane_Lackey_inserting_security_into_your_DevOps.mp3 RSS: http://www.brakeingsecurity.com/rss Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw #iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2  #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast     Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ --SHOW NOTES--   Security shifts from being a gatekeeper to enabling teams to be secure by default Require a culture shift Should that be implemented before the shift to CI/CD, or are we talking ‘indiana jones and the rock in the temple’? How? Secure coding? Hardening boxes/Systems?   If it’s just dev -> prod, where does security have the chance to find issues (i.e. test and QA belong there)?   We used to have the ability for a lot of security injection points, but no longer   Lowers the number of people we have to harangue to be secure…?   Security success = baked in to DevOps   Shift from a ‘top down’ to ‘bottom up’ Eliminate FPs, and forward on real issues to devs Concentrate on one or two types of vulnerabilities Triage vulns from most important to least important   Go for ‘quick wins’, or things that don’t take a lot of time for devs to fix. Grepping for ‘system(), or execve()’ Primitives (hashing, encryption, file system operations) How do you stop a build going to production if it’s going out like that? Do we allow insecurity to go to Production? Or would it be too late to ‘stop the presses’? “We’ll fix it in post…” Instead of the ‘guardrail not speedbump’ you are the driving instructor...   But where does security get in to be able to talk to devs about data flow, documentation of processes? 5 Y’s - Why are you doing that?   Setup things like alerting on git repos, especially for sensitive code Changing a sensitive bit of code or file may notify people Will make people think before making changes Put controls in terms of how they enable velocity   You like you some bug bounties, why?   Continuous feedback   Learn to find/detect attackers as early in the attack chain   Refine your vuln triage/response   Use bug reports as IR/DFIR...   https://www.youtube.com/watch?v=ORtYTDSmi4U   https://www.slideshare.net/zanelackey/how-to-adapt-the-sdlc-to-the-era-of-devsecops   http://www.slideshare.net/zanelackey/building-a-modern-security-engineering-organization       In SAST, a modern way to decide what to test is start with a small critical vuln, like OS command injection.  Find those and get people to fix it.  BUT don’t developers or project teams get unhappy [sic] if you keep "moving the goal post" as you add in the next SAST test and the next SAST test.  How do you do that and not piss people off?   [15:16] How do you make development teams self sufficient when it comes to writing a secure application?  Security is a road block during a 3 month release schedule….getting "security approval" in a 3 day release cycle is impossible.   [15:17] But then…what is the job for the security team?  If DevOps with security is done right, do you still need a security team, if so what do they do????  Do they write more code??? I don't think your Dev'ops'ing security out of a job...but where does security see itself in 5 years? Last one if there is time and interest.  If Zane Lackey was a _maintainer_ of an open source project, what dev ops sec lessons would he apply to that dev model…to the OpenSource model? (We've got internal projects managed with the open source model...so im interested in this one) Even with out any of those questions the topics he covered in his black hat talk are FULL of content to talk about.  Heck, even bug bounties are a topic of conversation. The idea of a feedback loop to dev...where an application under attack in a pen test can do fixes live....how that is possible is loads of content.  

Enterprise Security Weekly (Audio)
Enterprise Security Weekly #29 - Tell Us How You Really Feel!

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jan 20, 2017 57:09


Zane Lackey of Signal Sciences joins us. In this week’s news, how to choose the right distributed ledger program, Ixia and K2 integrate IoT platforms, SyferLock announces multi-factor authentication integration, and is a new antivirus program really the next generation of security?

Paul's Security Weekly TV
Enterprise Security Weekly #29 - Zane Lackey, Signal Sciences

Paul's Security Weekly TV

Play Episode Listen Later Jan 20, 2017 33:15


Zane Lackey is the Founder and Chief Security Officer of Signal Sciences. Prior to becoming a vendor, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode29#Interview:_Zane_Lackey.2C_Signal_Sciences Visit http://securityweekly.com/esw for all the latest episodes!

director founders security enterprise etsy sciences hacking signal strand bug bounty lackey chief security officer security engineering senior security consultant signal sciences zane lackey asadoorian enterprise security weekly
Paul's Security Weekly
Enterprise Security Weekly #29 - Tell Us How You Really Feel!

Paul's Security Weekly

Play Episode Listen Later Jan 20, 2017 57:09


Zane Lackey of Signal Sciences joins us. In this week’s news, how to choose the right distributed ledger program, Ixia and K2 integrate IoT platforms, SyferLock announces multi-factor authentication integration, and is a new antivirus program really the next generation of security?

Enterprise Security Weekly (Video)
Enterprise Security Weekly #29 - Zane Lackey, Signal Sciences

Enterprise Security Weekly (Video)

Play Episode Listen Later Jan 20, 2017 33:15


Zane Lackey is the Founder and Chief Security Officer of Signal Sciences. Prior to becoming a vendor, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode29#Interview:_Zane_Lackey.2C_Signal_Sciences Visit http://securityweekly.com/esw for all the latest episodes!

director founders security enterprise etsy sciences hacking signal strand bug bounty lackey chief security officer security engineering senior security consultant signal sciences zane lackey asadoorian enterprise security weekly
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Play Episode Listen Later Jun 4, 2006 71:39


The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamentals of "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunately, there is a dark side to this new technology that has not been properly explored. The tighter integration of client and server code, as well as the invention of much richer downstream protocols that are parsed by the web browser has created new attacks as well as made classic web application attacks more difficult to prevent. We will discuss XSS, Cross-Site Request Forgery (XSRF), parameter tampering and object serialization attacks in AJAX applications, and will publicly release an AJAX-based XSRF attack framework. We will also be releasing a security analysis of several popular AJAX frameworks, including Microsoft Atlas, JSON-RPC and SAJAX. The talk will include live demos against vulnerable web applications, and will be appropriate for attendees with a basic understanding of HTML and JavaScript. Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security. He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec. He holds a BSEE from the University of California, Berkeley. Zane Lackey is a Security Consultant with iSEC Partners, LLC, a strategic digital security organization. Zane regularly performs application penetration testing and code review engagements for iSEC, and his research interests include web applications and emerging Win32 vulnerability classes. Prior to iSEC, Zane focused on Honeynet research at the University of California, Davis Computer Security Research Lab under noted security researcher Dr. Matt Bishop. "

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference
Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference

Play Episode Listen Later Jun 4, 2006 71:39


"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamentals of "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunately, there is a dark side to this new technology that has not been properly explored. The tighter integration of client and server code, as well as the invention of much richer downstream protocols that are parsed by the web browser has created new attacks as well as made classic web application attacks more difficult to prevent. We will discuss XSS, Cross-Site Request Forgery (XSRF), parameter tampering and object serialization attacks in AJAX applications, and will publicly release an AJAX-based XSRF attack framework. We will also be releasing a security analysis of several popular AJAX frameworks, including Microsoft Atlas, JSON-RPC and SAJAX. The talk will include live demos against vulnerable web applications, and will be appropriate for attendees with a basic understanding of HTML and JavaScript. Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security. He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec. He holds a BSEE from the University of California, Berkeley. Zane Lackey is a Security Consultant with iSEC Partners, LLC, a strategic digital security organization. Zane regularly performs application penetration testing and code review engagements for iSEC, and his research interests include web applications and emerging Win32 vulnerability classes. Prior to iSEC, Zane focused on Honeynet research at the University of California, Davis Computer Security Research Lab under noted security researcher Dr. Matt Bishop. "

Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference
Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 (English)

Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference

Play Episode Listen Later Jun 4, 2006 92:36


"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamental "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunately, there is a dark side to this new technology that has not been properly explored. The tighter integration of client and server code, as well as the invention of much richer downstream protocols that are parsed by the web browser has created new attacks as well as made classic web application attacks more difficult to prevent. We will discuss XSS, Cross-Site Request Forgery (XSRF), parameter tampering and object serialization attacks in AJAX applications, and will publicly release an AJAX-based XSRF attack framework. We will also be releasing a security analysis of several popular AJAX frameworks, including Microsoft Atlas, JSON-RPC and SAJAX. The talk will include live demos against vulnerable web applications, and will be appropriate for attendees with a basic understanding of HTML and JavaScript."

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (RTP) are handled by two separate protocols, injecting audio into a stream is often the most damaging attack against RTP. RTP is vulnerable to audio injection due to its lack of integrity protection and its wide tolerance of sequence information. The presentation will demonstrate an easy to use GUI VoIP injection attack tool for RTP appropriately named RTPInject. The tool, with zero setup prerequisites, allows an attacker to inject arbitrary audio into an existing conversation involving at least one VoIP endpoint. RTPInject automatically detects RTP streams on the wire, enumerates the codecs in use, and displays this information to the user. The user can then select an audio file they wish to inject into the targeted RTP stream. The presentation will provide a walkthrough of the easy three step process: view, click, and inject.

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

Play Episode Listen Later Jan 9, 2006 55:14


Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks With Nothing But A Lured Web Browser. Part of the design of the web is that browsers are able to collect and render resources across security boundaries. This has a number of issues, but they've historically been mitigated with what's known as the Same Origin Policy, which attempts to restrict scripting and other forms of enhanced access to sites with the same name. But scripts are not acquired from names; they come from addresses. As RSnake of ha.ckers.org and Dan Boneh of Stanford University have pointed out, so-called "DNS Rebinding" attacks can break the link between the names that are trusted, and the addresses that are connected to, allowing an attacker to proxy connectivity from a client. I will demonstrate an extension of RSnake and Boneh's work, that grants full IP connectivity, by design, to any attacker who can lure a web browser to render his page. I will also discuss how the existence of attacks such as Slirpie creates special requirements for anyone intending to design or deploy Web Single Sign On technologies. Slirpie falls to some of them, but slices through the rest handily. p0wf: Passing Fingerprinting of Web Content Frameworks. Traditional OS fingerprinting has looked to identify the OS Kernel that one is communicating with, based on the idea that if one can identify the kernel, one can target daemons that tend to be associated with it. But the web has become almost an entirely separate OS layer of its own, and especially with AJAX and Web 2.0, new forms of RPC and marshalling are showing up faster than anyone can identify. p0wf intends to analyze these streams and determine just which frameworks are being exposed on what sites. LudiVu: A number of web sites have resorted to mechanisms known as CAPTCHAs, which are intended to separate humans from automated submission scripts. For accessibility reasons, these CAPTCHAs need to be both visual and auditory. They are usually combined with a significant amount of noise, so as to make OCR and speech recognition impossible. I was in the process of porting last year's dotplot similarity analysis code to audio streams for non-security related purposes, when Zane Lackey of iSec Partners proposed using this to analyze CAPTCHAs. It turns out that, indeed, Audio CAPTCHAs exhibit significant self-similarity that visualizes well in dotplot form. This will probably be the first Black Hat talk to use WinAMP as an attack tool. A number of other projects are also being worked on -- I've been sending billions of packets for a reason, after all, and they haven't been coming from WinAMP :) There will be some updates on the analysis tools discussed during Black Ops 2006 as well.

Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.

The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (RTP) are handled by two separate protocols, injecting audio into a stream is often the most damaging attack against RTP. RTP is vulnerable to audio injection due to its lack of integrity protection and its wide tolerance of sequence information. The presentation will demonstrate an easy to use GUI VoIP injection attack tool for RTP appropriately named RTPInject. The tool, with zero setup prerequisites, allows an attacker to inject arbitrary audio into an existing conversation involving at least one VoIP endpoint. RTPInject automatically detects RTP streams on the wire, enumerates the codecs in use, and displays this information to the user. The user can then select an audio file they wish to inject into the targeted RTP stream. The presentation will provide a walkthrough of the easy three step process: view, click, and inject.

Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web

Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.

Play Episode Listen Later Jan 9, 2006 55:14


Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks With Nothing But A Lured Web Browser. Part of the design of the web is that browsers are able to collect and render resources across security boundaries. This has a number of issues, but they've historically been mitigated with what's known as the Same Origin Policy, which attempts to restrict scripting and other forms of enhanced access to sites with the same name. But scripts are not acquired from names; they come from addresses. As RSnake of ha.ckers.org and Dan Boneh of Stanford University have pointed out, so-called "DNS Rebinding" attacks can break the link between the names that are trusted, and the addresses that are connected to, allowing an attacker to proxy connectivity from a client. I will demonstrate an extension of RSnake and Boneh's work, that grants full IP connectivity, by design, to any attacker who can lure a web browser to render his page. I will also discuss how the existence of attacks such as Slirpie creates special requirements for anyone intending to design or deploy Web Single Sign On technologies. Slirpie falls to some of them, but slices through the rest handily. p0wf: Passing Fingerprinting of Web Content Frameworks. Traditional OS fingerprinting has looked to identify the OS Kernel that one is communicating with, based on the idea that if one can identify the kernel, one can target daemons that tend to be associated with it. But the web has become almost an entirely separate OS layer of its own, and especially with AJAX and Web 2.0, new forms of RPC and marshalling are showing up faster than anyone can identify. p0wf intends to analyze these streams and determine just which frameworks are being exposed on what sites. LudiVu: A number of web sites have resorted to mechanisms known as CAPTCHAs, which are intended to separate humans from automated submission scripts. For accessibility reasons, these CAPTCHAs need to be both visual and auditory. They are usually combined with a significant amount of noise, so as to make OCR and speech recognition impossible. I was in the process of porting last year's dotplot similarity analysis code to audio streams for non-security related purposes, when Zane Lackey of iSec Partners proposed using this to analyze CAPTCHAs. It turns out that, indeed, Audio CAPTCHAs exhibit significant self-similarity that visualizes well in dotplot form. This will probably be the first Black Hat talk to use WinAMP as an attack tool. A number of other projects are also being worked on -- I've been sending billions of packets for a reason, after all, and they haven't been coming from WinAMP :) There will be some updates on the analysis tools discussed during Black Ops 2006 as well.