Netflix treats security ills with Stethoscope: Open-source self-probing tool

Software scrutinizes device defenses, is better than just yelling IT policies at staff


Netflix has released the source code of a web application called Stethoscope for evaluating the security of mobile and desktop computing devices.

The software, covered by the Apache 2.0 license, intended for employees of organizations that use a device management service. Netflix hopes that employees using the toolkit will learn from it and apply the app's recommendations to personal devices that are not under active management.

Stethoscope relies on a Python backend, a React frontend, and a Nginx foundation for serving static files. Ready to run in a Docker container, it's designed to collect security-related information from devices when the user visits the application web page.

Device information is used to query data sources involved in device management, such as Google MDM (for mobile devices), JAMF (for Macs), and LANDESK (for Windows). Support for osquery, an open-source framework for device analytics, is being developed.

In essence, Stethoscope provides a security checkup that spans multiple device management services. After accessing the web app, device users will be presented with specific security-oriented recommendations having to do with disk encryption, firewall configuration, automatic updates, update installation, or other things.

The app can also serve as an interface for presenting and responding to notifications, such as device access warnings designed to alert users to logins from unexpected IP addresses or locations.

Netflix engineers Jesse Kriss and Andrew White suggest the app's advice for managed devices can help employees make better decisions with their personal devices, thereby making Netflix more secure.

"It's important to us that people understand what simple steps they can take to improve the security state of their devices, because personal devices – which we don't control – may very well be the first target of attack for phishing, malware, and other exploits," the pair said in a blog post. "If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix."

Netflix's approach to device security involves working with employees on security rather than against them. Stethoscope thus offers low-key security guidance instead of heavy-handed policies that restrict device usage or require IT department intervention.

The project reflects Netflix's focus on what it calls "User Focused Security." As Kriss explained in a presentation about Stethoscope at ShmooCon in January, "We want our employees to be secure, not just the endpoints." ®

Similar topics


Other stories you might like

  • Amazon warehouse staff granted second chance to vote for unionization

    US labor watchdog tosses previous failed result in the trash

    America's labor watchdog has given workers at Amazon’s warehouse in Bessemer, Alabama, another crack at voting for unionization after their first attempt failed earlier this year.

    “It is ordered that the election that commenced on February 8 is set aside, and a new election shall be conducted,” Lisa Henderson, regional director at the National Labor Relations Board, ruled [PDF] on Tuesday.

    “The National Labor Relations Board will conduct a second secret ballot election among the unit employees. Employees will vote whether they wish to be represented for purposes of collective bargaining by the Retail, Wholesale and Department Store Union.”

    Continue reading
  • It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

    And a bunch of bank-account-raiding trojans also identified

    FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

    The Nordic country's National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that's malicious.

    "The messages are written in Finnish," the NCSC-FI explained. "They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator."

    Continue reading
  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading

Biting the hand that feeds IT © 1998–2021