
Important Security Update (Netgear Arlo) - chmars
https://community.netgear.com/t5/Arlo-Stories/Important-Security-Update/m-p/1577917
======
mlthoughts2018
I’ve heard some horror stories about data infrastructure and general IT
practices specifically in the Arlo team at Netgear.

I’m curious if this is because Netgear’s management doesn’t invest in it, and
this is why Arlo is being planned for its own IPO later this year. From what
I’ve heard though, the Arlo team sounds very chaotic.

A more pessimistic view (hopefully wrong) is that internally Netgear knows the
Arlo business unit is overvalued, in terms of whatever effect it attributes to
Netgear’s overall growth & stock price.

Then the IPO would be a way for Netgear to externalize the losses that would
come from an inevitable price correction, by selling at an inflated IPO price.

This is effectively the same thing many startups do: use hype to drive the
private valuation way up, leading to a knowingly unrealistic IPO price that
will quickly suffer price correction, but not before the investors sell at the
inflated price, and screw over employees and general stockholders who
unwittingly come to own the stock through their 401(k)’s third party asset
manager.

With startups, the ruse is obvious, but it seems harder to understand coming
from a large public company incubating something for a spin-off IPO.

I hope I’m just overly cynical about it though.

------
mlosapio
I’m available for basic security consultancy.

\- MFA for initial logins \- captcha for repeated attempts \- IP based
heuristics to detect fraud

I feel like these places invest very little in securing their platform.

I have to hope that the URLs for the objects stored in the cloud (s3) are at
least time-bound and signed.

