security

Voltage Security acquired by HP

Today it was announced that HP intends to acquire Voltage Security. Assuming it closes as planned, it will be a great exit that I am very proud of. Voltage over the past 12 years (it was founded in 2002) has risen from its humble beginnings when we founded it at Stanford has risen to becoming the market leader in innovative encryption technology and is used by over a thousand enterprise customers around the world.

Closing Dinner, Voltage Security.

If there is anything I learned from Voltage, it is that start-ups in the end are all about people. At Voltage, I was lucky to have a great set of co-founders with Matt, Rishi and Dan. The combination of high-energy and integrity made for a team that even in looks-like-we-are-dead situations always kept unity and focus. We complemented the team with a great set of executives including Terence, Wasim, Lisa, John, Tammy and Mark and I am very grateful to all of them. Voltage was my first job out of grad school. Terence taught me how to be a CTO and more generally most what I learned about companies and enterprise customers I learned from that executive team. Tim and Lucas were the best early employees we could ask for. We also had a terrific set of investors. Anne and Ken specifically helped us a lot in the early days to get the company off the ground.

My second lesson is the importance of the target market. Voltage was started on the hypothesis that PKI would become a critical part of the enterprise and IBE could offer a better alternative. That never happened and PKI functionality became absorbed into vertical apps instead of becoming a horizontal platform. Thanks to the great team, we repositioned around email and data at rest encryption. But for my next start-up (Big Switch) part of the attraction was a larger and more easily accessible market.

If there is one person who more credit than us founders for it’s success it is Sathvik, our CEO. He joined when the company was only a few months old as “parental supervision” (none of us founders had had a real job before starting Voltage) and has been leading the company since. I am pretty sure he had no idea what kind of marathon he was getting into, but he was a great CEO and had the drive and endurance to see it through until today. Thank you Sath!

AskSundayLLC/Ask-Sunday/MakeSunday Scam

I recently posted about my experiences with AskSunday, a virtual assistant service. While AskSunday wasn’t a good fit for me, it is a legitimate company and I know people that are using it and that seem to be happy with it. However it turns out that a scammer is using the name of the legitimate company as well as variations of it (Ask-Sunday, MakeSunday, AskSunday LLC) in order to defraud job seekers. The scam was reported by a number of people in the comments of my original post (thanks!!) and was still ongoing as of December 15th.

The scammer who uses a variety of names including “Brian Clark”, “Brian Moore” and “Thomas Moore” basically promises employment for AskSunday LLC and as part of it tries to get complete bank account information from applicants. It them seems like he then he  transfers money into the account, ask the applicant to spend it on a project and then withdraws it. The result is the applicant being out of pocket.

More details below. I also highly recommend reading the many great comments below the original post. Please post any new comments there.

(more…)

Are banks training their customers to be Phished?

When booking travel for our second trip to Europe this year,  the badly tuned Falcon Fraud Manager triggered for both of our payment cards again. It blocked Isabelle’s card and sent out an alert for mine. This itself is bad enough, but how they both banks are then verifying the transaction seems like a recipe for setting up their customers to be phished via the phone.

About 12 hours or so after booking travel I received a voice mail saying they had detected a potentially fraudulent transaction on my credit card, and it asked me to call back the number 1-888-918-7313.

(more…)

RFC 5408 on IBE Architecture Published

RFC 5408 which describes a Security Architecture for Identity-Based Encryption. It includes protocols for key requests and public parameter requests as well as some basic building blocks for federation. The system described is similar to what Voltage uses for their IBE based encryption solutions. If you are interested in how Identity-Based Encrpytion systems scale in practice and don’t mind reading RFCs, it is a worthwhile read.

Thanks to my co-authors Mark Schertler and Luther Martin. Specifically Luther deserves the majority of the credit for moving this through the process over the past two (or more?) years. Also thanks to Terence Spies at Voltage, as well as Eric Rescorla, Tim Polk and Blake Ramsdell at the IETF for their support.