Nicholas Zakas
๐ค SpeakerAppearances Over Time
Podcast Appearances
There needs to be some way to help consumers of credit cards, users of NPM to protect themselves from having their information stolen.
But credit cards don't just stop there.
They're also doing anomaly detection with each transaction that's coming through to figure out, does that look like something you would normally do?
And so if you've ever been traveling or just make a big purchase, you may get a text message that says, hey, we just got this charge for this amount at this location.
Was this you?
And if you say yes, it says great.
You know, go right ahead.
If it says no, then it will block the transaction and they start the fraud investigation process.
And in that way, they know that, hey, nobody's going to be 100% at protecting their information from being stolen for a variety of reasons.
So let's not just rely on that.
Let's also do some analysis and see if we can figure out if something bad is going on before it gets too far down the line.
And that's where I think that NPM has been kind of missing some clear actions that they could be taking to protect us better.
Well, from what I can tell, they have some ability to do this because they said in one of their blog posts that like once they identified the pattern of the credential stealing attack,
then they were preventing new packages from being uploading that had that same kind of signature.
So they do have that capability to do like a real-time analysis of packages as they're being uploaded, but it just doesn't appear that they're doing much else with that capability just because of how frequent the attacks have been.
Like if it was like, oh, like once a year, it's like, well, maybe like during those 11 months, you know, they were kind of tweaking some knobs and twisting some things and trying to figure stuff out.
But it was like every single month, another attack, almost doing the exact same thing.
And then, you know, later them coming in and saying, like, here's what we did to clean up the mess.
And I just feel like the technology is there to prevent the mess before it happens.
And for whatever reason, I'm guessing, probably lack of resourcing, that it's just not getting done.