The Ashley Madison hack revealed major security issues that compromised millions of users' personal data. Hackers were able to access Ashley Madison's entire network over several years, collecting database, email, code, and other files. They were ultimately able to crack passwords due to the site storing an MD5 hash of usernames and unhashed passwords. The hack demonstrated the importance of securely storing and handling sensitive user data, using strong password hashing, encrypting data at rest and in motion, and carefully monitoring networks for intrusions.
The authors utilize a fable about a penguin colony in Antarctica that has lived on the same iceberg for many years. When one curious bird discovers quandary signs in the iceberg, few penguins want to heedfully auricularly discern him. They are fine the way things are and don't optate to transmute. The story is analogous to the prevalent situation where people don't optate to face up to conundrums at home or at work.
Once a diminutive group of penguins came to understand that their iceberg authentically was melting, they 1) engendered a sense of exigency in the colony to deal with the arduous problem, 2) put a punctiliously culled group in charge of guiding the vicissitude, 3) found the sensible vision of a better future, 4) communicated that vision so others would understand and accept it, 5) abstracted as many obstacles to action as was practical, 6) created some remotely prosperity expeditiously, 7) never let up until the incipient way of life was firmly established, and, 8) conclusively, ascertained that the vicissitudes would not be overcome by adamant, hard-to-die traditions.
The 3 Secrets Behind Zoom’s Triple-Digit GrowthDrift
If you work in the tech world, chances are you’ve heard of — or more likely, you’ve used — the video conferencing application Zoom.
At Drift, Zoom has become our go-to tool for running company meetings and hosting webinars.
And based on Zoom’s 700,000 business customers, which include half of the companies in the Fortune 50, it’s clear that a lot of other teams are seeing its value, too.
But it’s not just businesses using Zoom.
Zoom’s customer base also boasts 6,900 educational institutions, which includes 90 percent of the top 200 U.S. universities.
All customers considered, Zoom’s revenue grew nearly 300% in 2016, which marked the company’s fourth consecutive year of triple-digit growth.
To support that growth, Zoom has built offices in San Jose, Santa Barbara, Denver, Kansas City, Sydney, and London. Overall, the company now employs 600+ people.
By all measures, Zoom has become a hypergrowth company, joining the likes of Slack and MailChimp.
And following a $100 million series D led by Sequoia, Zoom has also become a “unicorn,” as their valuation has now stretched beyond $1 billion. (Although here’s a fun fact: Zoom’s founder and CEO Eric Yuan hates the term “unicorn,” and tells Zoom employees not to use it.)
After reviewing all of these stats, and remembering the ridiculous timeframe in which all of this happened, it begs the question:
How the heck did Zoom do it?
Aiming for the top: A guide for aspiring COOs and their organisationsEY
Our latest report on COO's titled 'Aiming for the top: A guide for aspiring COOs and their organisations'. The report provides insight on the skills and experiences needed to become a COO, it explains how companies can develop a robust pipeline of well-rounded talent for the succession to an existing COO position, or how to find a strong candidate for a new COO role. Read it to know how companies, and especially COOs currently in the role, can support the operations talent within their teams with the aim of eventually developing a strong successor.
For further information, please visit: http://www.ey.com/GL/en/Services/Advisory/coo-program
London Business School has written the case study on growth mindset by Satya Nadella and how he revolutionized the Microsoft and turned around the culture of organization is expressed in case study. We have tried to convert this case study in small power point presentation to share gist of it.
The authors utilize a fable about a penguin colony in Antarctica that has lived on the same iceberg for many years. When one curious bird discovers quandary signs in the iceberg, few penguins want to heedfully auricularly discern him. They are fine the way things are and don't optate to transmute. The story is analogous to the prevalent situation where people don't optate to face up to conundrums at home or at work.
Once a diminutive group of penguins came to understand that their iceberg authentically was melting, they 1) engendered a sense of exigency in the colony to deal with the arduous problem, 2) put a punctiliously culled group in charge of guiding the vicissitude, 3) found the sensible vision of a better future, 4) communicated that vision so others would understand and accept it, 5) abstracted as many obstacles to action as was practical, 6) created some remotely prosperity expeditiously, 7) never let up until the incipient way of life was firmly established, and, 8) conclusively, ascertained that the vicissitudes would not be overcome by adamant, hard-to-die traditions.
The 3 Secrets Behind Zoom’s Triple-Digit GrowthDrift
If you work in the tech world, chances are you’ve heard of — or more likely, you’ve used — the video conferencing application Zoom.
At Drift, Zoom has become our go-to tool for running company meetings and hosting webinars.
And based on Zoom’s 700,000 business customers, which include half of the companies in the Fortune 50, it’s clear that a lot of other teams are seeing its value, too.
But it’s not just businesses using Zoom.
Zoom’s customer base also boasts 6,900 educational institutions, which includes 90 percent of the top 200 U.S. universities.
All customers considered, Zoom’s revenue grew nearly 300% in 2016, which marked the company’s fourth consecutive year of triple-digit growth.
To support that growth, Zoom has built offices in San Jose, Santa Barbara, Denver, Kansas City, Sydney, and London. Overall, the company now employs 600+ people.
By all measures, Zoom has become a hypergrowth company, joining the likes of Slack and MailChimp.
And following a $100 million series D led by Sequoia, Zoom has also become a “unicorn,” as their valuation has now stretched beyond $1 billion. (Although here’s a fun fact: Zoom’s founder and CEO Eric Yuan hates the term “unicorn,” and tells Zoom employees not to use it.)
After reviewing all of these stats, and remembering the ridiculous timeframe in which all of this happened, it begs the question:
How the heck did Zoom do it?
Aiming for the top: A guide for aspiring COOs and their organisationsEY
Our latest report on COO's titled 'Aiming for the top: A guide for aspiring COOs and their organisations'. The report provides insight on the skills and experiences needed to become a COO, it explains how companies can develop a robust pipeline of well-rounded talent for the succession to an existing COO position, or how to find a strong candidate for a new COO role. Read it to know how companies, and especially COOs currently in the role, can support the operations talent within their teams with the aim of eventually developing a strong successor.
For further information, please visit: http://www.ey.com/GL/en/Services/Advisory/coo-program
London Business School has written the case study on growth mindset by Satya Nadella and how he revolutionized the Microsoft and turned around the culture of organization is expressed in case study. We have tried to convert this case study in small power point presentation to share gist of it.
Content Extracted from “Strategic Brand Management” 3rd Edition
Authors: Kevin Lane Keller
M.G. Parameswaran
Issac Jacob
Presentation developed from SLIM Diploma In Brand Management Students
Presentation developed by Leroy J. Ebert
This two-day workshop helped participants craft a high-potential business growth strategy that capitalizes on marketplace opportunities while leveraging organizational competencies and competitive advantages. Day 2 of the workshop consists of four modules: 1) utilizing research and analytical methodologies to inform and achieve strategic business goals, 2) implementing business growth strategy for creating high-impact value propositions, 3) assessing organizational readiness and implementation for effective execution of growth strategies, and 4) measuring and monitoring the progress of business development and growth.
Content Extracted from “Strategic Brand Management” 3rd Edition
Authors: Kevin Lane Keller
M.G. Parameswaran
Issac Jacob
Presentation developed from SLIM Diploma In Brand Management Students
Presentation developed by Leroy J. Ebert
This two-day workshop helped participants craft a high-potential business growth strategy that capitalizes on marketplace opportunities while leveraging organizational competencies and competitive advantages. Day 2 of the workshop consists of four modules: 1) utilizing research and analytical methodologies to inform and achieve strategic business goals, 2) implementing business growth strategy for creating high-impact value propositions, 3) assessing organizational readiness and implementation for effective execution of growth strategies, and 4) measuring and monitoring the progress of business development and growth.
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
This presentation was given in Las Vegas at BlogWorld 2010 by Brian Layman. It describes techniques that can be used to keep your WordPress website safe.
This is ppt was prepared by referring more than 4 ppts
It includes all the details about the hacking and most you cant get from internet
Because i get something threw doing things on my system
All the information are said here is absolutely true
the viewers are consent to use this ppt
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go. Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
Christopher Grayson discusses authentication, passwords, how to break password-based authentication schemes, and lastly introduces LavaPasswordFactory.
LavaPasswordFactory is a password list generation tool that also contains functionality for cleaning password lists based on password policies.
This presentation will cover the basics of attacking iOS applications (and their back ends) using a web proxy to intercept, modify, and repeat HTTP/HTTPS requests. From setting up the proxy to pulling data from the backend systems, this talk will be a great primer for anyone interested in testing iOS applications at the HTTP protocol level. There will be a short (2 minute) primer on setting up the intercepting proxy, followed by three practical examples showing how to intercept data headed to the phone, how to modify data heading to the application server, and how to pull extra data from application servers to further an attack. All of these examples will focus on native iOS apps (Game Center and Passbook) and/or functionality (Passbook Passes).
Video Link - http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2013/attacking-ios-applications-karl-fosaaen
It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
Web Application Security - DevFest + GDay George Town 2016Gareth Davies
An introduction to Web Application Security for web application developers (although most principles also apply to mobile and native or embedded apps) at DevFest + GDay George Town 2016. This talk covers the basic principles of infosec (CIA), do's and don't and the top 5 from the OWASP Top 10.
Today is the age of computer and internet. More and more people are creating their own websites to market their products and earn more profit from it. Having our own website will definitely help us in getting more customers purchasing our products but at the same time we can also attract hackers to play around with our website. If we have not taken enough care to protect our website from hackers then our business can even come to an end because of these hackers. If we own a website, then we might know the importance of ensuring that our website is safe from viruses and hackers.
After going online most of the website designers think that their work is over. They have delivered what they were paid for and now they will be available for the maintenance of the site only. But sometimes the main problem starts after publishing the website. What if the website they have built suddenly start showing different stuff from what was already present there? What if weird things start appearing on the pages of our website? And most horribly what if the password of our login panel has changed and we are not able to login into our website. This is called hacking, a website hacking. We have to figure out how this happened so we can prevent it from happening again. In this seminar we are going to discuss some of major website hacking techniques and we are also going to discuss how to prevent website from getting vulnerable to different attacks currently use by various hackers.
Talk at TYPO3 Conference 2016 in Bologna/Italy. Basic insights into hacking websites with SqlMap and BeEF XSS and considerations to prevent that. Screencasts of SQLi and XSS at https://www.youtube.com/watch?v=VIGVlmaKqxY & https://www.youtube.com/watch?v=WBDWWv5zdUQ
From http://dc612.org/index.php/2013/11/02/november-14th-meeting-6pm-elsies/:
Karl Fosaaen will be presenting on Attacking iOS Apps with Proxies at the November 14th DC612. This presentation will cover the basics of attacking iOS applications (and their back ends) using a web proxy to intercept, modify, and repeat HTTP/HTTPS requests. From setting up the proxy to pulling data from the backend systems, this talk will be a great primer for anyone interested in testing iOS applications at the HTTP protocol level. There will be a short primer on setting up the intercepting proxy, followed by three practical examples; showing how to intercept data headed to the phone, how to modify data heading to the application server, and how to pull extra data from application servers to further an attack. All of these examples will focus on native iOS apps (Game Center and Passbook) and/or functionality (Passbook Passes).
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
Intro slides for a tutorial on hacking common vulnerabilities and how to prevent those problems in your own code. This is a PHP based tutorial that's hands on, but the slides can help as reference material for a few common hacks
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
DNS: STRATEGIES FOR REDUCING DATA LEAKAGE & PROTECTING ONLINE PRIVACY
DNS is the foundational protocol used to directly nearly all Internet traffic making the collection and analysis of DNS traffic highly valuable. This talk will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work.
Gain a practical understanding of how to integrate AI capabilities into your PHP projects with examples from the leading sources of hosted AI: OpenAI and Hugging Face. Armed with this knowledge, you can unlock new possibilities for intelligent, dynamic, and user-centric PHP applications that leverage the power of Artificial Intelligence.
So, join us for this transformative journey as we bridge the gap between PHP and AI, opening the door to a world of smarter and more innovative web applications.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
Cryptography is the invisible layer protecting everything around us. As software engineers, we are required to have some understanding of cryptography. Most of us only have a cursory understanding. Let’s dive deep into algorithms and modes for encryption, digital signatures, hashing, and key derivation. To get the most from this presentation, it is expected that you have a basic understanding of cryptography.
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
php[tek] 2108 - Cryptography Advances in PHP 7.2Adam Englander
There were some pretty substantial cryptography advances in PHP 7.2. Most of these changes were made to make advanced cryptography easier to use. That’s a good thing for developers and end users alike. The addition of libsodium is a game changer. It makes synchronous and asynchronous cryptography a no-brainer and adds better hashing than we've ever had. Argon2i for passwords is pretty substantial as well. We’ll go over the changes and have some practical examples of each. Developers need to know about these advances and just how awesome they are.
php[tek] 2018 - Biometrics, fantastic failure point of the futureAdam Englander
This presentation attempts to prepare developers for the coming storm of biometric authentication. It is coming; for many, it is already here. Unfortunately, few of us have been prepared to select tools for utilizing biometric authentication properly. In this presentation, Adam Englander will express the special dangers of biometrics with regards to lifespan and storage. Due to the user's inability to change a biomteric, it is much more valuable to bad actors as the lifespan will undoubtedly exceed the lifespan of the cryptography. Any biometric database stolen today will likely be able to be cracked by the average computer in 20 years. This creates a unique problem many of us have not had to tackle before. We need a different mindset when thinking about biometrics. This presentation will try and give that much-needed perspective.
Biometric identification might be more secure than passwords, but it’s still vulnerable to hacking. Why not hold up a photograph of the phone owner to fool the new facial recognition system? In this presentation, Adam Englander will walk through the risks and dangers of leveraging biometrics for user authentication, and why we all should be thinking twice about it.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
Cryptography for Beginners - Midwest PHP 2018Adam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography . This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureAdam Englander
Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will require you to implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. Learn a few tricks to help safely secure biometrics to protect your users.
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards-based REST API. Let me show you how to ensure the data sent too and received from your API is as safe and secure as is reasonably possible.
Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.
The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this session we'll put a human face on the users of our software. It will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join us in the fight. The Red Team is coming!
Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatAdam Englander
BDD API Development with Symfony and Behat You may have built an API in Symfony before. You may have even written some browser tests in Beta. Did you ever consider using Behat to write integration tests for your API? If not, you definitely should. The portability and reusability of Behat steps make it the perfect platform for API integration tests. The Symfony kernel integration for Behat and absence of JavaScript in an API makes this match made in heaven. Pull up a cloud and let me show you the pure awesomeness that is BDD API Development with Symfony and Behat.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
2. Who Am I?
• Director of Engineering at LaunchKey
• Founder/Co-Organizer of Las Vegas PHP UG
• Co-Organizer of Las Vegas Developer UG
• National Junior Basketball Coach
3. What is LaunchKey
• Security as a Service Provider
• Anonymous distributed password-free multi-
factor authentication and authorization
platform
• PHP SDK
• WordPress Plugin
• Drupal Plugin
4. What is Ashley Madison
• Online Community with over 40 million
members
• Targets married men looking for an affair
• Offers a “paid delete” option to remove all of
a members data for a price
5. What Happened
• The network containing the Ashley Madison
Site was breached
• Hackers claimed to have data they would
release and gave a shutdown or else choice
• Ashley Madison refused saying the hackers
claims were not possible
• Hackers release 30 GB of data
6. What Was Released
• Names, email addresses, personal details, GPS
coordinates and passwords of users
• Executive emails
• Website source code
• Credit card transaction details and limited
credit card numbers
7. How Did It Happen
• Hackers claimed “You could use Pass1234 from
the internet to VPN to root on all servers”
• Once inside, the hackers spent years collecting
data from inside the network
• Collected file, database, email, and chat data
right off of the network
• Had full access to version control software for
website code
8. How Could It Happen?
• Even security conscious companies aren’t very
good at it
• Security is rarely at the forefront of decisions
related policies and procedures
• Most do only what is necessary to comply
with regulation
• Data inside the network itself is rarely secured
9. What About PHP?
• Site used PHP 5.5+ based password hashing
• Most password crackers gave up after trying
common passwords. Common passwords
accounted for approximately 0.1%
• Password scheme was too costly to bother as
passwords would be reset before they were
cracked.
10. But The Passwords Were Cracked
• Site used its own algorithm for a “login key”
that was simply an MD5 of the username and
un-hashed password.
• Code was updated but not the database
• 11.7 million passwords were cracked using this
vulnerability
11. Why Was It Such A Big Deal
• Passwords were cracked after password resets
• 68% of individuals in a LaunchKey password
survey say they share the same password with
multiple sites
• Many users have the same email address
password as other websites
• Once hackers have your email, the rest comes
with it
12. What Did We Learn Not To Do
• Do not store passwords
• Do not assume that the network is
secure
• Do no assume that the database is
secure
• Do not roll your own crypto
13. What Did We Learn To Do
• Protect user data like it was your own
• Hash data that does not need to be read
• Use PHP Password Hashing to hash data
• Encrypt data at rest, especially PII
• Encrypt data in motion
• Use honeypots to detect intruders
14. Further Reading
• The Impact Team Interview:
http://motherboard.vice.com/read/ashley-
madison-hackers-speak-out-nobody-was-
watching
• CynoSure Prime Password Crack Explanation:
http://cynosureprime.blogspot.com/2015/09/
how-we-cracked-millions-of-ashley.html
• LaunchKey Password Survey:
https://blog.launchkey.com/passwords-
survey.html
15. Further Reading
• PHP Password Hashing:
http://php.net/manual/en/book.password.ph
p
• PHP Social Login:
http://hybridauth.sourceforge.net/
• LaunchKey Password Free
Login:https://docs.launchkey.com/developer/
web-desktop/sdk/php.html
• Honeynet: https://www.honeynet.org/
17. Contact Me
• Twitter: @adam_englander
• IRC: #launchkey or #vegastech on freenode.net
• Email: adam@launchkey.com
Editor's Notes
The hackers object to the site's business practices, specifically a "paid delete" option that allows people to pay to remove all their information but, they say, does not actually do that.
Personal information was particularly problematic due to the private nature of the site
Executive emails showed that founding Ashley Madison CTO had hacked a competitor and stolen the user data
Big win for PHP Password Hashing with a string algorithm. Even with the included salt and iterations
The vulnerability was discovered in the VCS dump that showed the change and the date.
There are many options for not storing passwords with services like LaunchKey or social logins
Security is made with layers. Keep your layer secure as it there were not other layers
Event if you are a cryptographer or a security expert, do not roll you own crypto. Use an open source library
If you do not send users email but keep it only for password resets, hash that data. Assume that the user has used the same password for that email address.
PHP Password Hashing was the shining star in this debacle
Encrypt data in the session, in the database, in the file system, in the cache. SSL is not good enough.
SSL all the things: Every step of the way for HTTP, database connections, cache connections, VCS data.