Connect with us

Latest News

Cased announces $2.25M seed round to help developers work in production environments

Published

on

An issue every developer faces is dealing with problems on a live application without messing it up. In fact, in many companies such access is restricted. Cased, an early stage startup, has come up with a solution to provide a way to work safely with the live application.

Today, the company announced a $2.25 million seed round led by Founders Fund along with a group of prestigious technology angel investors. The company also announced that the product is generally available to all developers today for the first time. It’s worth noting that the funding actually closed last April, and they are just announcing it today.

Bryan Byrne, CEO and co-founder at Cased says he and his fellow co-founders, all of whom cut their teeth at GitHub, experienced this problem of working in live production environments firsthand. He says that the typical response by larger companies is to build a tool in-house, but this isn’t an option for many smaller companies.

“We saw firsthand at GitHub how the developer experience gets more difficult over time, and it becomes more difficult for developers to get production work done. So we wanted to provide a developer friendly way to get production work done,” Byrne explained.

He said without proper tooling, it forces CTOs to restrict access to the production code, which in turn makes it difficult to fix problems as they arise in production environments. “Companies are forced to restrict access to production and restrict access to tools that developers need to work in production. A lot of the biggest tech companies invest in millions to deliver great developer experiences, but obviously smaller companies don’t have those resources. So we want to give all companies the building blocks they need to deliver a great developer experience out of the box,” he said.

This involves providing development teams with open access to production command line tools by adding logging and approval workflows to sensitive operations. That enables executives to open up access with specific rules and the ability to audit who has been accessing the production environment.

The company launched at the beginning of last year and the founders have been working with design partners and early customers prior to officially opening the site to the general public today.

They currently have five people including the four founders, but Byrne says that they have had a good initial reaction to the product and are in the process of hiring additional employees. He says that as they do, diversity and inclusion is a big priority for the founders, even as a very early stage company.

“It’s very prominent in our company handbook, so that we make sure we prioritize an inclusive culture from the very beginning because [ … ] we know firsthand that if you don’t invest in that early, it can really hold you back as a company and as a culture. Culture starts from day one, for sure,” he said.

As part of that, the company intends to be remote first even post-pandemic, a move he believes will make it easier to build a diverse company.

“We will definitely be remote first. We believe that also helps with diversity and inclusion as you allow people to work from anywhere, and we have a lot of experience in leading remote-first culture from our time at GitHub, so we began as a remote culture and we will continue to do that,” he said.

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Latest News

Echelon exposed riders’ account data, thanks to a leaky API

Published

on

Image Credits: Echelon (stock image)

Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.

Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a treadmill — as a cheaper alternative for members to exercise at home. Its app also lets members join virtual classes without the need for workout equipment.

But Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday, and workout statistics and history — of any other member in a live or pre-recorded class. The API also disclosed some information about members’ workout equipment, such as its serial number.

Masters, if you recall, found a similar bug with Peloton’s API, which let him make unauthenticated requests and pull private user account data directly from Peloton’s servers without the server ever checking to make sure he (or anyone else) was allowed to request it.

Echelon’s API allows its members’ devices and apps to talk with Echelon’s servers over the internet. The API was supposed to check if the member’s device was authorized to pull user data by checking for an authorization token. But Masters said the token wasn’t needed to request data.

Masters also found another bug that allowed members to pull data on any other member because of weak access controls on the API. Masters said this bug made it easy to enumerate user account IDs and scrape account data from Echelon’s servers. Facebook, LinkedIn, Peloton and Clubhouse have all fallen victim to scraping attacks that abuse access to APIs to pull in data about users on their platforms.

Ken Munro, founder of Pen Test Partners, disclosed the vulnerabilities to Echelon on January 20 in a Twitter direct message, since the company doesn’t have a public-facing vulnerability disclosure process (which it says is now “under review”). But the researchers did not hear back during the 90 days after the report was submitted, the standard amount of time security researchers give companies to fix flaws before their details are made public.

TechCrunch asked Echelon for comment, and was told that the security flaws identified by Masters — which he wrote up in a blog post — were fixed in January.

“We hired an outside service to perform a penetration test of systems and identify vulnerabilities. We have taken appropriate actions to correct these, most of which were implemented by January 21, 2021. However, Echelon’s position is that the User ID is not PII [personally identifiable information,” said Chris Martin, Echelon’s chief information security officer, in an email.

Echelon did not name the outside security company but said while the company said it keeps detailed logs, it did not say if it had found any evidence of malicious exploitation.

But Munro disputed the company’s claim of when it fixed the vulnerabilities, and provided TechCrunch with evidence that one of the vulnerabilities was not fixed until at least mid-April, and another vulnerability could still be exploited as recently as this week.

When asked for clarity, Echelon did not address the discrepancies. “[The security flaws] have been remediated,” Martin reiterated.

Echelon also confirmed it fixed a bug that allowed users under the age of 13 to sign up. Many companies block access to children under the age of 13 to avoid complying with the Children’s Online Privacy Protection Act, or COPPA, a U.S. law that puts strict rules on what data companies can collect on children. TechCrunch was able to create an Echelon account this week with an age less than 13, despite the page saying: “Minimum age of use is 13 years old.”

Continue Reading

Latest News

Casualties Mount As Violence Intensifies Between Hamas, Israel

Published

on

Israel has called up more troops and launched its heaviest assault yet along the Gaza border. Seven people in Israel have been killed. Losses are much higher on the Palestinian side.

Continue Reading

Latest News

Palestinian Perspective: What The Conflict With Israel Looks Like From Gaza

Published

on

NPR’s Steve Inskeep talks to Omar Shaban, founder of a Gaza-based think tank, and Palestinian lawyer Diana Buttu, about how this cycle of Palestinian-Israeli violence plays out in their neighborhoods.

Continue Reading

Trending

Copyright © 2020 Latin America Business News

en_USEnglish