‘Silicon Valley’ Fact Check: Can You Hack a Major Tech Conference? Renowned Programmer Weighs In
Monday, 19 June 2017 Warning: “Silicon Valley” spoilers ensue.
In the latest episode of HBO’s “Silicon Valley” (aptly titled “Hooli-Con”), the guys sought to covertly grab attendee data at Hooli’s annual tech convention. Beyond the moral boundaries being crossed — which Jared did not want to step over — Richard, Dinesh and Gilfoyle had a colossal challenge on their hands: setting up rogue wifi “pineapples” around the convention in order to have users login to their system and allow the Pied Piper team to pull information.
It’s an entertaining storyline, though it seems pretty inconceivable a small team of engineers could hack a major tech conference as did the gang in this season’s penultimate episode.
*Also Read:* 'Silicon Valley' Fact Check: Are 'Blood Boys' a Thing?
But it’s not completely out of the question, according to software guru Jeff Atwood — co-founder of Stack Overflow, a programming community with more than seven million members.
“It is partially credible, as people would connect to the local malicious wifi and you could serve them ‘fake’ versions of sites,” said Atwood in an interview with TheWrap. “However! It is almost completely mitigated by HSTS [HTTP Strict Transport Security] which any large site would definitely already be using.”
In layman’s terms: If Apple or Google were lazy enough to use a vulnerable internet connection for its attendees, it would create an opening for hackers to funnel users towards their wifi. Of course, this is rarely the case.
*Also Read:* New 'Silicon Valley' App Tells You if You're Eating a Hot Dog or Not
There is one sticking point for the “Silicon Valley” crew in this scenario, though. To have attendees skip over their hack, it would “require that either the user has visited this URL before, or the URL is already big enough to be on the HSTS browser preload list,” according to Atwood.
Atwood laid out three ways a “small window of attack” could be pulled off like the “Silicon Valley” maneuver:
1. If it is a new HTTPS URL the user has not visited before, and it is not on the HSTS preload list.
*Also Read:* 'Silicon Valley' Fact Check: Could Shazam for Food Really Get Funded?
2. If that URL is not HTTPS (very implausible, because every credible big site uses HTTPS these days).
3. The URL is HTTPS but the app or website is not using HSTS preload. Sort of plausible, but a BIG security oversight for a company of any major size!
Got all that? In reality, a data breach that could enable a “Silicon Valley”-style attack is more likely to come from a small startup rather than a tech giant like Facebook (or the fictional Hooli). It’d also help if the hypothetical company’s security team turned a blind eye to the perpetrators — just as Hooli’s team did in the latest episode of HBO’s comedy series.
*Related stories from TheWrap:*
'Silicon Valley' Fact Check: Is Jack Barker Based on Steve Ballmer? (Video)
'Silicon Valley' Star Zach Woods Talks T.J. Miller's 'Sad' Exit, Jared's Secret Friends
Where Does TJ Miller's 'Silicon Valley' Exit Leave the Show — and HBO?
Haley Joel Osment takes the BUILD stage to discuss his recurring role in HBO's hit tech comedy series, "Silicon Valley." The series follows the struggle of Richard Hendricks, an engineer trying to build his own company. Osment plays a tech whiz who responds to the unconventional M.O. of Erlic. In...
For a little over half a century, Silicon Valley has been the undisputed center of the technology universe, birthplace of the silicon transistor, the graphical... Business Insider - TechnologyAlso reported by •bizjournals
Business Insider reports that MG Siegler, a prominent tech investor with GV, formerly known as Google Ventures, described in a blog post this week what he describes as a disturbing trend among people.. Source: Wochit Tech -
Jennifer Fonstad, co-founder and managing partner as Aspect Ventures, joins The Hive at Vanity Fair's Founder Fair to discuss her optimism for women in the tech space. She talks about how having women.. Source: Cheddar Inc. -
HBO has renewed rookie comedy 'Barry' and veteran comedy 'Silicon Valley.' Starring Bill Hader, 'Barry' launched its eight-episode first season March 25th. He plays a low-rent hitman drawn into the.. Source: Wochit Entertainment -
Stan Lee returned to public appearances at the Silicon Valley Comic Con last weekend. Lee had taken a break from the spotlight due to health issues. Both the signing and photo op events sold out ahead.. Source: Wochit Entertainment -
Silicon Valley may tighten security after a shooting at the YouTube headquarters but don't expect armed guards to take up protective posts around tech companies' campuses. Yahaira Jacquez reports. Source: Reuters Studio -
Several Silicon Valley leaders called for increased gun control after a woman at the headquarters of YouTube shot and wounded three people before taking her own life. Aleksandra Michalska reports. Source: Reuters Studio -