eFolder Expert Series Webinar — Whiteboard Session: Comparing Replibit, Shado...eFolder
Backup and disaster recovery solutions are complex, with various elements and factors that need to be considered when choosing one that’s best for your clients.
In this eFolder whiteboard session, join Dave Stufflebeam, Director of Sales Engineer at eFolder, and Neeraj Periwal, Product Marketing Manager at eFolder, as they visually break down the key differences between Replibit, ShadowProtect, and Veeam.
Slides for a talk on "PKI: the View from Down Under" given by Ed Bristow at the IWMW 2001 event held at Queen's University Belfast on 25-27 June 2001.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2001/sessions.html#speaker-4
Please join the CASC for a Hangout covering that State of the Web. Topics covered :
The move to 2048-bit certificates
The move to ShA2
TLS 1.2
EV certificates
Revocation checking
Always on SSL
PFS
New gTLDs
Members from Comodo, DigiCert, Entrust, and GoDaddy.
Robin Alden- Comodo
Jeremy Rowley- DigiCert
Bruce Morton- Entrust
Wayne Thayer- Go Daddy
Rick Andrews- Symantec
eFolder Expert Series Webinar — Whiteboard Session: Comparing Replibit, Shado...eFolder
Backup and disaster recovery solutions are complex, with various elements and factors that need to be considered when choosing one that’s best for your clients.
In this eFolder whiteboard session, join Dave Stufflebeam, Director of Sales Engineer at eFolder, and Neeraj Periwal, Product Marketing Manager at eFolder, as they visually break down the key differences between Replibit, ShadowProtect, and Veeam.
Slides for a talk on "PKI: the View from Down Under" given by Ed Bristow at the IWMW 2001 event held at Queen's University Belfast on 25-27 June 2001.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2001/sessions.html#speaker-4
Please join the CASC for a Hangout covering that State of the Web. Topics covered :
The move to 2048-bit certificates
The move to ShA2
TLS 1.2
EV certificates
Revocation checking
Always on SSL
PFS
New gTLDs
Members from Comodo, DigiCert, Entrust, and GoDaddy.
Robin Alden- Comodo
Jeremy Rowley- DigiCert
Bruce Morton- Entrust
Wayne Thayer- Go Daddy
Rick Andrews- Symantec
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
Don't Get Schooled: Performance and Security Tips from a Leading Education Sa...Meghan Weinreich
As the SaaS market continues to swell and become an integral component of business infrastructure, performance and security remains top-of-mind for both SaaS providers and their customers. Underperforming applications and those vulnerable to attacks will inevitably experience a negative impact on revenue, end-user engagement, brand reputation, and customer churn.
View this presentation featuring our customer expert from School Loop, a SaaS portal for K-12 schools to communicate internally within schools and externally with students and parents. You will learn:
-How School Loop accelerates performance of their application used by 3 million students and parents, even during periods of seasonal or spiky traffic
-How to prevent breaches of confidential data and communications via SSL
-The benefits of setting up a branded, user friendly custom domain for your customers
-How you can ensure uptime against DDoS attacks with the help of Cloudflare
Taking Sage 500 to Sage X3: Comparing the SolutionsBlytheco
The next step for many Sage 500 customers is migrating to Sage ERP X3, the enterprise level ERP solution.
Join the experts at Blytheco and RKL eSolutions to learn about your options - join us to see a direct comparison between the Sage 500 and Sage ERP X3, and the pros and cons of moving to X3.
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce SitesDigiCert, Inc.
Presentation by Craig Spiezle at the 2014 DigiCert Security Summit.
Video recording: https://vimeo.com/112416916
About Craig Spiezle
President and Executive Director of the Online Trust Alliance
Mr. Spiezle is a recognized thought leader and pioneer on the convergence of interactive marketing, society, and digital commerce. Leveraging his deep understanding of privacy, security, and data stewardship, Spiezle is a champion of best practices to help protect consumer trust and the importance of promoting the vitality and innovation of the internet. Spiezle frequently briefs members of Congress representing the roles and shared responsibility of members of the ecosystem and the importance of meaningful self-regulation.
Prior to OTA, Spiezle spent over a decade at Microsoft in several management roles. Most recently he was the Director of Security & Privacy Product Management, driving development of anti-spam, anti-phishing, anti-malware, and privacy-enabling technologies. During his tenure, Spiezle championed digital inclusiveness and the societal impact of internet literacy and access. Spiezle holds a Bachelor of Science from the Rochester Institute of Technology and an MBA from Seattle University.
https://www.digicert.com/events/summit-2014/
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 4 of 10
This Webinar focuses on Boundary Defense Mechanisms
• Denying communications with known malicious IP addresses
• Rapidly deployment of filters on internal networks
• Deploying network-based IDS sensors on Internet and extranet DMZ systems
• Seeking unusual attack mechanisms
• Implementing Network-based IPS devices
• Implementing a secure Network Architecture
• Implementing two-factor authentication
• Designing internal network segmentation
• Designing and implementing network perimeter proxy servers
• Denying communications with known malicious IP addresses
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
Enhance your website's security with Reliqus Consulting's simple guide on how to install an SSL certificate. Our step-by-step instructions make it easy for anyone to boost their site's protection. Learn the importance of SSL certificates and follow our user-friendly process to ensure a secure connection for your visitors. Safeguard sensitive data and build trust with your audience by implementing this crucial security measure.
WebRTC(Web Real-Time Communications) is a web technology that allows users to make video/audio communications natively over the web. Join us as we explain WebRTC and show you how to use it in a demo app running on the Force.com Platform.
Automating Deployment Between Orgs Using Git & Continuous IntegrationSebastian Wagner
Updated with the deck from DF14
As a fully certified TA, I offer expert consulting services around continuous integration, practice development and governance to help customers leveraging the advantages of SFDC.
https://uk.linkedin.com/in/se6wagner/
Abstract:
Automating the deployment between environments (dev, test, prod, etc.) gives consistency, visibility, and validation to the process.This greatly speeds up deployment and provides early detection of defects. Join us as we cover the theory and best practices of this approach. You'll discover how to design your own automated processes using Continuous Integration (CI) tools and Git version control.
Overview of SSL: choose the option that's right for youCloudflare
Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer).
SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings.
CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...Amazon Web Services
AWS recently announced root certificate authority (CA) hierarchies for AWS Certificate Manager (ACM) Private CA. CA administrators can now quickly and easily create a complete CA hierarchy, including root and subordinate CAs, with no need for external CAs. In this presentation, we provide an overview of ACM Private CA and discuss some common use cases, such as issuing private certificates in order to identify devices. You learn how to create a two-level CA hierarchy and use it to issue private certificates. You also learn security best practices for creating and managing a CA hierarchy, and you have a chance to ask questions.
Blockchain & Security in Oracle by Emmanuel AbiodunVishwas Manral
Enterprise customer adoption of blockchain technologies and Fabric, in particular, depends on simplifying the deployment and provisioning of all the underlying dependencies, creating a resilient and supportable platform for development and day-to-day operations, rapidly integrating the applications that interact with Fabric smart contracts to run transactions or query the ledger in a secure and compliant manner. This session will describe how Hyperldeger Fabric can be deployed into and leverage modern cloud platform capabilities while keeping governance, compliance, and security in-tact. The technical requirements and integration points will be discussed and specific areas illustrated based on Oracle Cloud Infrastructure.
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017CASCouncil
The web is moving towards a 100% Encrypted Web—but can we get it, right? Understanding the surge in use of https for malware and phishing, the renewed importance of revocation checking, the role of browser UI design in protecting users, the renewed importance of identity in TLS certificates, and the latest industry studies and initiatives for a safer Internet.
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
Don't Get Schooled: Performance and Security Tips from a Leading Education Sa...Meghan Weinreich
As the SaaS market continues to swell and become an integral component of business infrastructure, performance and security remains top-of-mind for both SaaS providers and their customers. Underperforming applications and those vulnerable to attacks will inevitably experience a negative impact on revenue, end-user engagement, brand reputation, and customer churn.
View this presentation featuring our customer expert from School Loop, a SaaS portal for K-12 schools to communicate internally within schools and externally with students and parents. You will learn:
-How School Loop accelerates performance of their application used by 3 million students and parents, even during periods of seasonal or spiky traffic
-How to prevent breaches of confidential data and communications via SSL
-The benefits of setting up a branded, user friendly custom domain for your customers
-How you can ensure uptime against DDoS attacks with the help of Cloudflare
Taking Sage 500 to Sage X3: Comparing the SolutionsBlytheco
The next step for many Sage 500 customers is migrating to Sage ERP X3, the enterprise level ERP solution.
Join the experts at Blytheco and RKL eSolutions to learn about your options - join us to see a direct comparison between the Sage 500 and Sage ERP X3, and the pros and cons of moving to X3.
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce SitesDigiCert, Inc.
Presentation by Craig Spiezle at the 2014 DigiCert Security Summit.
Video recording: https://vimeo.com/112416916
About Craig Spiezle
President and Executive Director of the Online Trust Alliance
Mr. Spiezle is a recognized thought leader and pioneer on the convergence of interactive marketing, society, and digital commerce. Leveraging his deep understanding of privacy, security, and data stewardship, Spiezle is a champion of best practices to help protect consumer trust and the importance of promoting the vitality and innovation of the internet. Spiezle frequently briefs members of Congress representing the roles and shared responsibility of members of the ecosystem and the importance of meaningful self-regulation.
Prior to OTA, Spiezle spent over a decade at Microsoft in several management roles. Most recently he was the Director of Security & Privacy Product Management, driving development of anti-spam, anti-phishing, anti-malware, and privacy-enabling technologies. During his tenure, Spiezle championed digital inclusiveness and the societal impact of internet literacy and access. Spiezle holds a Bachelor of Science from the Rochester Institute of Technology and an MBA from Seattle University.
https://www.digicert.com/events/summit-2014/
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 4 of 10
This Webinar focuses on Boundary Defense Mechanisms
• Denying communications with known malicious IP addresses
• Rapidly deployment of filters on internal networks
• Deploying network-based IDS sensors on Internet and extranet DMZ systems
• Seeking unusual attack mechanisms
• Implementing Network-based IPS devices
• Implementing a secure Network Architecture
• Implementing two-factor authentication
• Designing internal network segmentation
• Designing and implementing network perimeter proxy servers
• Denying communications with known malicious IP addresses
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
Enhance your website's security with Reliqus Consulting's simple guide on how to install an SSL certificate. Our step-by-step instructions make it easy for anyone to boost their site's protection. Learn the importance of SSL certificates and follow our user-friendly process to ensure a secure connection for your visitors. Safeguard sensitive data and build trust with your audience by implementing this crucial security measure.
WebRTC(Web Real-Time Communications) is a web technology that allows users to make video/audio communications natively over the web. Join us as we explain WebRTC and show you how to use it in a demo app running on the Force.com Platform.
Automating Deployment Between Orgs Using Git & Continuous IntegrationSebastian Wagner
Updated with the deck from DF14
As a fully certified TA, I offer expert consulting services around continuous integration, practice development and governance to help customers leveraging the advantages of SFDC.
https://uk.linkedin.com/in/se6wagner/
Abstract:
Automating the deployment between environments (dev, test, prod, etc.) gives consistency, visibility, and validation to the process.This greatly speeds up deployment and provides early detection of defects. Join us as we cover the theory and best practices of this approach. You'll discover how to design your own automated processes using Continuous Integration (CI) tools and Git version control.
Overview of SSL: choose the option that's right for youCloudflare
Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer).
SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings.
CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...Amazon Web Services
AWS recently announced root certificate authority (CA) hierarchies for AWS Certificate Manager (ACM) Private CA. CA administrators can now quickly and easily create a complete CA hierarchy, including root and subordinate CAs, with no need for external CAs. In this presentation, we provide an overview of ACM Private CA and discuss some common use cases, such as issuing private certificates in order to identify devices. You learn how to create a two-level CA hierarchy and use it to issue private certificates. You also learn security best practices for creating and managing a CA hierarchy, and you have a chance to ask questions.
Blockchain & Security in Oracle by Emmanuel AbiodunVishwas Manral
Enterprise customer adoption of blockchain technologies and Fabric, in particular, depends on simplifying the deployment and provisioning of all the underlying dependencies, creating a resilient and supportable platform for development and day-to-day operations, rapidly integrating the applications that interact with Fabric smart contracts to run transactions or query the ledger in a secure and compliant manner. This session will describe how Hyperldeger Fabric can be deployed into and leverage modern cloud platform capabilities while keeping governance, compliance, and security in-tact. The technical requirements and integration points will be discussed and specific areas illustrated based on Oracle Cloud Infrastructure.
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017CASCouncil
The web is moving towards a 100% Encrypted Web—but can we get it, right? Understanding the surge in use of https for malware and phishing, the renewed importance of revocation checking, the role of browser UI design in protecting users, the renewed importance of identity in TLS certificates, and the latest industry studies and initiatives for a safer Internet.
Payments Security – Vital Information all Payment Processors need to knowCASCouncil
CASC Member Dean Coclin, Symantec's Transact conference 2016 presentation on the CA/B Forum, the problem with SHA-1 and future solutions to the problem.
Online commerce requires trust. Certificate Authorities provide that trust through SSL certificates. EV-SSL (the EV stands for Extended Validation) provides the gold standard for SSL certificates. Merchants must undergo a rigorous process to obtain an EV-SSL certificate, and how browsers display the certificate is different than a normal SSL certificate.
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
The CASC RSA 2014 Presentation- TECH-T09
New Ideas on CAA, CT, and Public Key Pinning for a Safer Internet
Kirk Hall- Operations Director, Trust ServiceTrend Micro
Rick Andrews- Senior Technical Director for Trust Services Symantec
Wayne Thayer- VP and GM, Security Products GoDaddy
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
2. Focus
● What is a Certificate Authority?
● Current situation with gTLD's and internal
names
● Action taken so far
● Recommendations
3. • CA generates “roots” in secure
environment – ceremony, video recorded,
audited, keys on HSMs
• CA undergoes rigorous third party audit
of operations and policy
• CA private keys are held under extreme
protections and used to sign web site
certificates and status information
• CA applies for corresponding root
certificates to be included into trusted
root stores
• CA policy and operations must comply
with Browser root store rules in order to
be trusted by default - distributed by
software updates
What is a Certificate Authority?
4. • When issuing a SSL/TLS cert to a web site, the CA verifies
certain information relating to ownership of the site with the
respective domain and verifies control of keys being used.
– This minimal validation is called Domain Validation or DV
– While DV certificates verify the consent of a domain owner, they
make no attempt to verify who the domain owner really is.
• Stronger verification of site and domain ownership and
controls for the organizations to which certs are issued
allows issuance of higher assurance SSL certificates
– This additional validation is called Organization Validation or OV
– Additional checks include that they are registered and in good standing
with their respective governments etc.
What is a Certificate Authority?
5. • The strongest verification of site and domain ownership
with multiple verification of direct contacts etc., allows
issuance of the highest standard of assurance for SSL
certificates
– This highest tier of verification is called Extended Validation or EV
– EV issued certs are recognized in browser GUI e.g. green bar
What is a Certificate Authority?
6. • CA provides certs (DV or OV or EV) to customers
chaining to trusted roots embedded in Operating
Systems and Browsers
• CA Customers (Site Operators) install certs on their
servers for secure web pages
• Users (clients of CA Customers) go to secure web pages
HTTPS://, User Agent checks for CA’s root inclusion in
browser trusted root store
• If CA’s root is in browser’s trusted store:
encrypted session, favorable padlock
UI (including EV green bar)
What is a Certificate Authority
7. • If CA root not in client trusted root store
for browser – warning displayed
• CAs and browsers have the ability to
revoke roots, sub-CAs, and certificates
for any problems
• CAs publish revocation lists (CRLs) or
provide updated certificate status
information online (OCSP)
• If certificate revoked or expired – warning
displayed
• CAs must complete annual audits and
follow CA/B Forum rules to remain in
browser trusted root stores
• Stronger rules and higher CA standards
are set for green Extended Validations or
“EV” display
What is a Certificate Authority
8. Revocation info
● All browsers perform some level of certificate
revocation checking
● All CA's must provide revocation information
via OCSP
● OCSP cache times vary by browser with the
longest cache time of 7 days
● OCSP stapling provides OCSP response
with the certificate
– Most current server distributions support stapling
9. Background - Internal names
● Prevalent use of internal name certs
● Estimate is ~11,000 certificates issued
against internal names
● Common/recommended practice until 2011
10. Why is this a problem?
● Collisions
– Many servers are configured this way
– Different experience externally
● Security
– Potential for man-in-the-middle attacks
– 5 year attack opportunity on organizations with that
domain
11. Action taken so far
● CA/B Forum's original baseline requirements mandated
that all internal certs expire or are revoked by 2015
– Based on server operator feedback and businesses
● Roadblocks include policy, cost and training
● CA/B Forum approached by ICANN
– CA/B Forum passed a ballot – Feb 20, 2013
– Accelerates the deprecation from 5 years down to 120 days after the
relevant gTLD contract is published.
– 120 days is required for large volumes (Top 10%)
● Mozilla.org has adopted the revised requirements
– July 31st All CA's must comply to remain in the trust store
12. Action taken so far
● CASC – Was formed by CA's to improve
education, marketing and research
– Information on OCSP stapling
– Reconfiguring servers with public FQDN's
● Avoiding Collisions
– Digicert and other CA's are actively working to
migrate customers off internal names
● Communicating with customers
● Only solves training doesn't reduce cost
● Digicert Internal Name Tool
13. Recommendations for ICANN
● Don't approve the names that are most commonly
used in internal certs until 2015
– Digicert Letter (.corp gTLD)
– PayPal letter
● Approve the application but delay the delegation
until 2015
● Remaining 90% can move forward with minimal
impact
● Security issues with certs is effectively resolved