In the following slide I am going to demonstrate the difference between Cookies and Session and how to use each and why. Also, I am going to talk a bit about session hijacking
Talk given in Tecnocampus Mataró.
In recent years, the mobile and web software industry has advanced fast. Each year new tools and frameworks emerge, fueled by the open source community. This presentation was prepared by Geemba in order to introduce students to this new landscape and modern tecnologies.
Back to Basics Webinar 3 - Thinking in DocumentsJoe Drumgoole
Working with a document database requires that you "rewire" your brain. In this talk we discuss denormalisation, object embedding and the use of multiple collections.
In the following slide I am going to demonstrate the difference between Cookies and Session and how to use each and why. Also, I am going to talk a bit about session hijacking
Talk given in Tecnocampus Mataró.
In recent years, the mobile and web software industry has advanced fast. Each year new tools and frameworks emerge, fueled by the open source community. This presentation was prepared by Geemba in order to introduce students to this new landscape and modern tecnologies.
Back to Basics Webinar 3 - Thinking in DocumentsJoe Drumgoole
Working with a document database requires that you "rewire" your brain. In this talk we discuss denormalisation, object embedding and the use of multiple collections.
HTTP cookie hijacking in the wild: security and privacy implicationsPriyanka Aash
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access over encrypted connections, while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. In this work, we conduct an in-depth assessment of a diverse set of major websites and explore what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies. We identify a recurring pattern across websites with partially deployed HTTPS; service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-session cookies. Our cookie hijacking study reveals a number of severe flaws; attackers can obtain the user's home and work address and visited websites from Google, Bing and Baidu expose the user's complete search history, and Yahoo allows attackers to extract the contact list and send emails from the user's account. Furthermore, e-commerce vendors such as Amazon and Ebay expose the user's purchase history (partial and full respectively), and almost every website exposes the user's name and email address. Ad networks like Doubleclick can also reveal pages the user has visited. To fully evaluate the practicality and extent of cookie hijacking, we explore multiple aspects of the online ecosystem, including mobile apps, browser security mechanisms, extensions and search bars. To estimate the extent of the threat, we run IRB-approved measurements on a subset of our university's public wireless network for 30 days, and detect over 282K accounts exposing the cookies required for our hijacking attacks. We also explore how users can protect themselves and find that, while mechanisms such as the EFF's HTTPS Everywhere extension can reduce the attack surface, HTTP cookies are still regularly exposed. The privacy implications of these attacks become even more alarming when considering how they can be used to deanonymize Tor users. Our measurements suggest that a significant portion of Tor users may currently be vulnerable to cookie hijacking.
(Source: Black Hat USA 2016, Las Vegas)
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...Abdulrazak Zakieh
في هذا العرض أتكلم عن كيفية جعل برنامج المحادثة قادراً على إرسال ملفات لأشخاص آخرين. تكلمت بشكل مقتضب عن البرمجة، لكن يمكنك إيجاد شرح وتطبيق كامل عبر الفيديو التالي:
https://www.youtube.com/watch?v=hJ4gtES2ohQ
Come hear about the highly available and massively scalable cloud storage service that is provided by Windows Azure. Learn how to create and access the different types of Windows Azure storage available, including blobs, tables, and queues.
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
Además de sus conocidas características de colaboración Microsoft Teams ofrece muchísimas capacidades de integración con otras plataformas. En esta sesión veremos como podemos empezar a extender Teams con nuevas funcionalidades adaptadas a nuestras necesidades.
You understand the basics of jQuery to handle some events and maybe do some animation, but there's a lot more that you could be doing.
Local JavaScript experts Mark Casias and Brian Arnold will walk you through a few examples of using jQuery and JavaScript to tackle a couple of common issues, as well as how to create a simple application that utilizes information from other services.
HTTP cookie hijacking in the wild: security and privacy implicationsPriyanka Aash
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access over encrypted connections, while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. In this work, we conduct an in-depth assessment of a diverse set of major websites and explore what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies. We identify a recurring pattern across websites with partially deployed HTTPS; service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-session cookies. Our cookie hijacking study reveals a number of severe flaws; attackers can obtain the user's home and work address and visited websites from Google, Bing and Baidu expose the user's complete search history, and Yahoo allows attackers to extract the contact list and send emails from the user's account. Furthermore, e-commerce vendors such as Amazon and Ebay expose the user's purchase history (partial and full respectively), and almost every website exposes the user's name and email address. Ad networks like Doubleclick can also reveal pages the user has visited. To fully evaluate the practicality and extent of cookie hijacking, we explore multiple aspects of the online ecosystem, including mobile apps, browser security mechanisms, extensions and search bars. To estimate the extent of the threat, we run IRB-approved measurements on a subset of our university's public wireless network for 30 days, and detect over 282K accounts exposing the cookies required for our hijacking attacks. We also explore how users can protect themselves and find that, while mechanisms such as the EFF's HTTPS Everywhere extension can reduce the attack surface, HTTP cookies are still regularly exposed. The privacy implications of these attacks become even more alarming when considering how they can be used to deanonymize Tor users. Our measurements suggest that a significant portion of Tor users may currently be vulnerable to cookie hijacking.
(Source: Black Hat USA 2016, Las Vegas)
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...Abdulrazak Zakieh
في هذا العرض أتكلم عن كيفية جعل برنامج المحادثة قادراً على إرسال ملفات لأشخاص آخرين. تكلمت بشكل مقتضب عن البرمجة، لكن يمكنك إيجاد شرح وتطبيق كامل عبر الفيديو التالي:
https://www.youtube.com/watch?v=hJ4gtES2ohQ
Come hear about the highly available and massively scalable cloud storage service that is provided by Windows Azure. Learn how to create and access the different types of Windows Azure storage available, including blobs, tables, and queues.
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
Además de sus conocidas características de colaboración Microsoft Teams ofrece muchísimas capacidades de integración con otras plataformas. En esta sesión veremos como podemos empezar a extender Teams con nuevas funcionalidades adaptadas a nuestras necesidades.
You understand the basics of jQuery to handle some events and maybe do some animation, but there's a lot more that you could be doing.
Local JavaScript experts Mark Casias and Brian Arnold will walk you through a few examples of using jQuery and JavaScript to tackle a couple of common issues, as well as how to create a simple application that utilizes information from other services.
Jaoo - Open Social A Standard For The Social WebPatrick Chanezon
see http://jaoo.dk/presentation/OpenSocial%2C+a+Standard+for+the+Social+Web
OpenSocial is a standard for the social web managed by the OpenSocial foundation. Introduced by 18 social sites in november 2007, after 8 months OpenSocial is available to 275 million users, 2000 applications have been developed and 10 million users are using them daily.
The session will start with a status of OpenSocial after a year: the ecosystem that formed around the API: social sites, developers, advertisers, tool vendors, IT consulting firms, enterprise software vendors.
For developers of social application, the OpenSocial API JavaScript and REST APIs will be described, with demos of how to build a social application using each API.
For developers of social sites, or sites that want to become OpenSocial containers, the OpenSocial reference implementation is developed as an open source project, Apache Shindig, with a Java and PHP flavors. The stated goal of Shindig is to enable a social site developer to implement OpenSocial support on her site in 2 weeks. The Shindig Java architecture will be explained, followed by a demo of how to connect Shindig to a MySql backend.
Various related projects will also be demoed:
- Friend Connect, a Google offering enabling web sites to add social capabilities with a few lines of javascript.
- Socialsite, a Sun open source project based on Shindig, enabling web sites to become social sites with their own community, using gadgets to provide a user interface to manage the network.
- OpenSocket, a hosted service that allows OpenSocial applications to be deployed on Facebook.
Slides about "How we build Vox" in Six Apart, presented by Benjamin Trott, the CTO and co-founder of the company in <a href="http://tokyo2007.yapcasia.org/">YAPC::Asia 2007 in Tokyo</a>. The talk was done in English and interpreted by Tatsuhiko Miyagawa into Japanese.
Konsep pembangunan tapak web & laman webAhmad Faizar
Untuk mengetahui konsep-konsep asas pembanguan sesebuah tapak & laman web
Menyediakan satu tapak & laman web dengan menggunakan aplikasi web page editor
Menghantar web page yang telah siap ke laman web percuma
Back to Basics, webinar 2: La tua prima applicazione MongoDBMongoDB
Questo è il secondo webinar della serie Back to Basics che ti offrirà un'introduzione al database MongoDB. In questo webinar ti dimostreremo come creare un'applicazione base per il blogging in MongoDB.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
2. Learn Mongo (.com that is) Twitter: @LearnMongo MongoDB resources aimed at not scaring off the beginner.
3. Saddleback Church 21,000+ per weekend @ 10 locations.4,000 online. 4,300 “small groups” 20k – 32k people ~1 million user records 3.2 million e-mails a week Service trips to ~180 countries Food bank serving Orange County
5. Project Goals Provide a private way for groups to interact and share online. Tie into other social networks but keep group data private. Provide groups with video & audio resources for growth. Create a simple & fast user experience.
6. MongoDB SQL Server Solid, durable Years of use Very easy to query Uh Ohs Not optimized for the web Can be complex to scale Stringent schema Flexible schema Fairly easy to scale Optimized for read / inserts Uh Ohs New, little past use Can be harder to query Different data format
8. Playing nice with SQL Server Keep users accounts in SQL Use the same user id’s in both SQL and MongoDB. Store app specific user data in MongoDB. Keep group data and hierarchy in SQL Extract group data from SQL when any user of the group logs in, compare. Push any changes back to SQL in the background.
10. The Problems MongoDB Solved Flexible schema design Each feed item can have totally different attributes. New features can be added quickly. Reduces impact on production SQL Server Focus server resources on internal staff. BSON to JSON Ideal for a highly AJAX / JavaScript site.
13. The Feed The main feature of the site is “the feed” where the group can interact and share discussions, prayers, videos, etc. We need something very flexible … Discussions Videos Events Meetings Prayers Web Links Pictures
14. Schema Design Flexible Schema Less clutter. Cleaner, leaner storage. Simpler queries. JOINs largely unneeded. BSON Format Converts into JSON with very little effort to make JavaScript / AJAX centric apps happy. Move from the client to the database, back to the client easily.
15. { "_id" : "4d19fb939ac0900274000005", "_t" : "Discussion", "created" : "Tue, 28 Dec 2010 07:00:35 GMT", "GroupID" : 129242, "eIndividualID" : "22872F9", "firstName" : "Bill", "lastName" : "Finch", "discussionBody" : "I've been not feeling well lately, I hope it's nothing major.", "comments": [ { "_id" : "4d19fe329ac090027400000a", "eIndividualID" : "FFE4251", "created" : "2010-12-28T15:11:46.6760000Z", "firstName" : "Robin", "lastName" : "Tally", "commentText" : "I hope that everything is OK, whatever it is!" }, { "_id" : "4d1df3b29ac0900d64000003", ... } ] }
17. using System; using System.Collections.Generic; using System.Linq; using System.Web; using Newtonsoft.Json; using MySmallGroup.Helpers.JsonConverters; namespace MySmallGroup.Models { public abstract class Feed : IFeed, IUserCreatable { [JsonConverter(typeof(MongoOidConverter))] public MongoDB.Oid Id { get; set; } public DateTime created { get; set; } public intGroupID { get; set; } public string eIndividualID { get; set; } public string firstName { get; set; } public string lastName { get; set; } public abstract string shortDescription { get; } public intcommentCount { get; set; } public IList<comment> comments { get; set; } public abstract void ReceivedJsonEncode(); public Feed Get() { return this; } } public interface IFeed : IUserCreatable { MongoDB.Oid Id { get; set; } intGroupID { get; set; } string eIndividualID { get; set; } string firstName { get; set; } string lastName { get; set; } string shortDescription { get; } intcommentCount { get; set; } IList<comment> comments { get; set; } void ReceivedJsonEncode(); Feed Get(); } }
18. using System; using System.Collections.Generic; using System.Linq; using System.Web; using MySmallGroup.Helpers.ExtensionMethods; namespace MySmallGroup.Models { public class Discussion : Feed { public string discussionBody { get; set;} public Discussion() { this.commentCount = new int(); this.comments = new List<comment>(); this.created = DateTime.Now; } public override void ReceivedJsonEncode() { discussionBody = discussionBody.ReceivedJsonEncode(); } public override string shortDescription { get { return discussionBody; } } } }
25. E-mail Tracking (the boring stuff.) Emails Sent 350,000 normal e-mails sent a week. 460,000 daily subscription e-mails sent a day. Tracking Needs Track each e-mail open, per individual. Date User Agent IP If a user opens an e-mail more than once, don’t double count but still track. Deduce how quickly users open an e-mail and how many don’t open the e-mail at all.
26. Email Tracking { "EmailLogID": 14, "EmailLogDocumentID": "4d12a55e00ae2611f8000002", "EIndividualID": “ZZZZZZZ", "Email": "jxxx@zzzzzzzzz.com", "SendDate": "Wed, 22 Dec 2010 17:26:54 GMT", "_id": "4d12a56a18bee80a7c00243d", "Opens": [ { "OpenDate": "2010-12-23T01:59:45", "UserAgent": "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1like Mac OS X; en-us) ...", "IP": "72.111.250.111" }, { "OpenDate": "2010-12-23T16:22:19", "UserAgent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X10_6_5; en-us) ...", "IP": "70.111.66.11" } ] }