4645
We are real-life hackers who break stuff, send phones to space, and know how people are trying to compromise you and your data. Ask Duo Labs anything!
Hi reddit!
We are:
- /u/smanzuik_duo: Steve Manzuik
- /u/Loveless_duo: Mark Loveless
- /u/cczub_duo: Chris Czub
- /u/klady_duo: Kyle Lady
- /u/dk_duo: Darren Kemp
- and /u/mdavidov_duo: Mikhail Davidov from Duo Labs.
Duo Labs is the advanced research team at Duo Security. Duo is a cloud-based trusted access provider protecting the world’s largest and fastest-growing companies from account takeover and data breaches.
The Duo Labs team brings wild, unthinkable ideas to life using the boundless magic of software and the internet. Duo Labs provides the deep security knowledge and innovation necessary to protect our customers, but we also have a larger mission of protecting the broader public by identifying and fixing vulnerabilities in large-scale Internet systems.
At any given time, we might be building prototypes of new features or products such as mobile app support for NFC-based U2F, building internal tools for convenience or security, or crunching numbers to support our product, engineering, and marketing teams. Occasionally, we break things; we’re still quite proud of bypassing PayPal’s 2FA a couple years back. Since then, we’ve expanded our team substantially.
Here are some things we’ve done, researched, and written about recently:
- We put a phone into near space for two-factor authentication
- Found serious vulnerabilities in OEM Windows laptops
- Broke EMET
- More OEM Windows stuff
- Played with public wifi
- Measured the impact of Gal Beniamini’s QSEE vulnerabilities
- Facepalmed at bogus ransomware (the “ransom” is the bogus part, but the “ware” is definitely legit)
From time to time we tweet, you can check out our repos on github, watch us on youtube, see what we’re having for lunch on instagram, and come talk with us in the new Duo Community at any time.
Proof: cool proof tweet!
Edit 1 (noon, eastern): More proof
Edit 2 (3 p.m., eastern): We are so blown away by all of your amazing questions and responses. Please stop staring in our window, Doug. We're going to keep going for another hour to try to get to as many questions as possible.
Edit 3 (4 p.m., eastern): Thank you everyone so much for your poems and questions and exceptionally leet hax. We are going to start winding down here, but will try to keep answering a few questions.
Interested in talking more? Please come check out our new Duo Community. Post threads! Post comments! Ask us ... well ... anything.
Looking for a job at our pretty sweet company? Seems like lots of you are! Check out https://duo.com/about/careers.
Want to learn amazing things? Check out our Tech Talk series. The next talk is on lawful hacking.
Thanks again! We love you! Yes, even you, Doug.
Bonus edit: This thumbnail
DylanBoss277 karma
What is a popular misconception about hacking that you'd like to address?
loveless_duo726 karma
That it is sexy and fun and happens in seconds, like on TV and movies. Most of the time it involves spending hours and days staring at a screen, and is mind-numbingly boring as you look for needles in haystacks comprised entirely of other needles that look exactly like the needle you are looking for.
tokepocalypse47 karma
When you're on public WiFi do you have access to all the data going through? Is it illegal to compromise/fiddle with the WiFi network?
Duo_Labs52 karma
We actually did a quick video on this: https://www.youtube.com/watch?v=Kn8wA6iPbkg
Duo_Labs40 karma
Duo's always hiring: https://duo.com/about/careers#jobs There are a few appsec roles open now
Nomaddening18 karma
How do you feel about self-driving cars? Are you worried about people's ability to hack them?
Duo_Labs40 karma
Actually, Chris Valasek and Charlie Miller who did the Jeep hacking are buddies of ours. We may have gotten them drunk in Vegas and filmed this little gem: https://www.youtube.com/watch?v=6v9gGII0IHI
TheChompingofAFetus12 karma
Can you please tell my college to get rid of 2 Factor for my homework sites? I understand the concern for the sites with financial info but I don't know any criminals trying to get their hands on my homework.
Duo_Labs11 karma
Duo first got started back in 2009 when our founders, Dug Song and Jon (Jono) Oberheide decided 2FA was pretty lame and needed a facelift. Duo Push was born and the rest is history.
Fun fact: Dug met Jono when Jono was trying to break into Dug's network at a previous company. He decided he probably wanted to "work with that kid" and they spun up Duo in Ann Arbor's Tech Brewery.
Hemobewbin2 karma
Do you guys do internships? Also, how do you feel about vulnerability databases in the public eye? Obviously it allows for legitimate businesses to better protect against them, but when I used to hack I would target, check the databases for exploits based on the services they were running, and would get in easily. What do you think we could do to prevent this misuse of information?
Duo_Labs1 karma
Yup, this summer we'll be looking for interns again, for sure. We convinced our current intern to quit to grad school and come work for us full-time. Pssshhhhh, academia.
alligator_council481 karma
Can you hack my facebook account?
View HistoryShare Link