Riccardo Tempesta - The right tools for the right job (or: surviving Magento ...Meet Magento Italy
Developing in Magento 2 requires higher and more interdisciplinary skills compared to those required for M1.
Templating is more complex and involved and it is more difficult to exactly tell what piece of code does what; furthermore, in some cases the boilerplate code assumed really remarkable dimensions. However, the customization possibility in M2 are even more extensive than it was in M1.
So how it’s possible for the M2 full stack developer to do the job? With the right tools to have the job done, of course!
Riccardo Tempesta has presented a selection of tools and plugins to help M2 developers disentangle themselves in the forest of M2 codebase: PHP Storm, Magicento 2, Xdebug, GIT, Pestle, CodeMonkey, MSP DevTools; each of these with applied examples and real-life case studies.
Modern software project have external dependencies
This dependencies are organized in packages
Packages can be provided by external developers and platforms e.g. GitHub or https://packagist.org/
Usually the dependencies are up to date during development of a software
After go live dependencies are updated unregular on e.g. feature requests
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...Icinga
Talk by Luke Gripenberg:
Many organizations use dozens of web-based applications that all require local user accounts or AD-connections. Icinga Web 2 is just one more to think about. Using a good SSO solution will help you avoid the pitfalls of local accounts and LDAP.
PyConUK 2014 - PostMortem Debugging and Web Development UpdatedAlessandro Molina
Developers tend to ignore that users can be more creative than them. Use their debugging skills for your own benefit: post-mortem debugging is one of the most important features your web framework can provide.
This talk will cover some of the simplest practices and available tools for debugging on production environments and to immediately improve quality of your web applications.
Learn how Decisiv provides secure access to developers and deals with compliance hurdles. Senior Engineer Hunter Madison will talk about how Decisiv needed to quickly solve the pain of scaling the engineering team, migrating to AWS, maintaining ISO 27002 compliance, and a few of his key learnings from his two-year journey using Teleport.
Riccardo Tempesta - The right tools for the right job (or: surviving Magento ...Meet Magento Italy
Developing in Magento 2 requires higher and more interdisciplinary skills compared to those required for M1.
Templating is more complex and involved and it is more difficult to exactly tell what piece of code does what; furthermore, in some cases the boilerplate code assumed really remarkable dimensions. However, the customization possibility in M2 are even more extensive than it was in M1.
So how it’s possible for the M2 full stack developer to do the job? With the right tools to have the job done, of course!
Riccardo Tempesta has presented a selection of tools and plugins to help M2 developers disentangle themselves in the forest of M2 codebase: PHP Storm, Magicento 2, Xdebug, GIT, Pestle, CodeMonkey, MSP DevTools; each of these with applied examples and real-life case studies.
Modern software project have external dependencies
This dependencies are organized in packages
Packages can be provided by external developers and platforms e.g. GitHub or https://packagist.org/
Usually the dependencies are up to date during development of a software
After go live dependencies are updated unregular on e.g. feature requests
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...Icinga
Talk by Luke Gripenberg:
Many organizations use dozens of web-based applications that all require local user accounts or AD-connections. Icinga Web 2 is just one more to think about. Using a good SSO solution will help you avoid the pitfalls of local accounts and LDAP.
PyConUK 2014 - PostMortem Debugging and Web Development UpdatedAlessandro Molina
Developers tend to ignore that users can be more creative than them. Use their debugging skills for your own benefit: post-mortem debugging is one of the most important features your web framework can provide.
This talk will cover some of the simplest practices and available tools for debugging on production environments and to immediately improve quality of your web applications.
Learn how Decisiv provides secure access to developers and deals with compliance hurdles. Senior Engineer Hunter Madison will talk about how Decisiv needed to quickly solve the pain of scaling the engineering team, migrating to AWS, maintaining ISO 27002 compliance, and a few of his key learnings from his two-year journey using Teleport.
Data Engineer's Lunch #37: Pipedream: Serverless Integration and Compute Plat...Anant Corporation
In Data Engineer's Lunch #37, we discussed Pipedream, a serverless integration and compute platform that is free for individual developers to use.
https://github.com/pipedreamhq/pipedream/
Accompanying Blog: https://blog.anant.us/data-engineers-lunch-37-pipedream-serverless-integration-and-compute-platform
Accompanying YouTube: https://youtu.be/I9pGvCeDNJs
Sign Up For Our Newsletter: http://eepurl.com/grdMkn
Join Data Engineer’s Lunch Weekly at 12 PM EST Every Monday:
https://www.meetup.com/Data-Wranglers-DC/events/
Cassandra.Link:
https://cassandra.link/
Follow Us and Reach Us At:
Anant:
https://www.anant.us/
Awesome Cassandra:
https://github.com/Anant/awesome-cassandra
Email:
solutions@anant.us
LinkedIn:
https://www.linkedin.com/company/anant/
Twitter:
https://twitter.com/anantcorp
Eventbrite:
https://www.eventbrite.com/o/anant-1072927283
Facebook:
https://www.facebook.com/AnantCorp/
Devoxx : being productive with JHipsterJulien Dubois
Slides from the "being productive with JHipster" talk at Devoxx Belgium 2016 by Julien Dubois (JHipster lead) & Deepu K Sasidharan (JHipster co-lead).
Live video is at: https://www.youtube.com/watch?v=dzdjP3CPOCs
Code commited (live!) during the presentation is at:
https://github.com/jhipster/devoxx-2016
Дмитрий Хоревич "Cloud native security with UAA \ Как защитить микросервисы с...Tanya Denisyuk
Вопросы безопасности в больших корпоративных приложениях всегда стоят на первом плане. В монолитной архитектуре эти вопросы решаются достаточно единообразно, так как приложение является единым целым. Но сложности начинаются, когда мы решаем перейти к микросервисной архитектуре. Ведь по сути мы имеем дело с несколькими приложениями, доступ к которым нужно контролировать. В докладе мы обсудим:
· Какие существуют подходы обеспечения безопасности микросервисных приложений
· Их достоинства и недостатки
· Как защитить микросервесы с помощью CloudFoundry User Account and Authentication (UAA) Server
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
Developers tend to ignore that users can be more creative than them. Use their debugging skills for your own benefit: post-mortem debugging is one of the most important features your web framework can provide.
This talk will cover some of the simplest practices and available tools for debugging on production environments and to immediately improve quality of your web applications.
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
Today, with expand of the web portal, many customers are seeking for more secure solutions to access to their web portal outside of their own networks.
For Liferay portal customers, this request has been increased due to the number of portal deployed on Cloud and the increase of deployment of Liferay portal for internet sites (B2C …).
One of the proposed solutions is the use of Multi-factor authentication mechanism.
Google Authenticator is one of the lead open source dual factor authentication systems.
In this presentation, we will explain the integration technical solution of Liferay and Google Authenticator in order to deliver a two-factor authentication system. The presentation will be followed by a live demo.
Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users of mobile applications by Google. The service implements algorithms specified in RFC 6238 and RFC 4226, respectively.
"Shift Lef Security" What the funk does that mean?
In the agile, lean, DevOps communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
More Related Content
Similar to Cost-Effective Two-Factor Authentication
Data Engineer's Lunch #37: Pipedream: Serverless Integration and Compute Plat...Anant Corporation
In Data Engineer's Lunch #37, we discussed Pipedream, a serverless integration and compute platform that is free for individual developers to use.
https://github.com/pipedreamhq/pipedream/
Accompanying Blog: https://blog.anant.us/data-engineers-lunch-37-pipedream-serverless-integration-and-compute-platform
Accompanying YouTube: https://youtu.be/I9pGvCeDNJs
Sign Up For Our Newsletter: http://eepurl.com/grdMkn
Join Data Engineer’s Lunch Weekly at 12 PM EST Every Monday:
https://www.meetup.com/Data-Wranglers-DC/events/
Cassandra.Link:
https://cassandra.link/
Follow Us and Reach Us At:
Anant:
https://www.anant.us/
Awesome Cassandra:
https://github.com/Anant/awesome-cassandra
Email:
solutions@anant.us
LinkedIn:
https://www.linkedin.com/company/anant/
Twitter:
https://twitter.com/anantcorp
Eventbrite:
https://www.eventbrite.com/o/anant-1072927283
Facebook:
https://www.facebook.com/AnantCorp/
Devoxx : being productive with JHipsterJulien Dubois
Slides from the "being productive with JHipster" talk at Devoxx Belgium 2016 by Julien Dubois (JHipster lead) & Deepu K Sasidharan (JHipster co-lead).
Live video is at: https://www.youtube.com/watch?v=dzdjP3CPOCs
Code commited (live!) during the presentation is at:
https://github.com/jhipster/devoxx-2016
Дмитрий Хоревич "Cloud native security with UAA \ Как защитить микросервисы с...Tanya Denisyuk
Вопросы безопасности в больших корпоративных приложениях всегда стоят на первом плане. В монолитной архитектуре эти вопросы решаются достаточно единообразно, так как приложение является единым целым. Но сложности начинаются, когда мы решаем перейти к микросервисной архитектуре. Ведь по сути мы имеем дело с несколькими приложениями, доступ к которым нужно контролировать. В докладе мы обсудим:
· Какие существуют подходы обеспечения безопасности микросервисных приложений
· Их достоинства и недостатки
· Как защитить микросервесы с помощью CloudFoundry User Account and Authentication (UAA) Server
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
Developers tend to ignore that users can be more creative than them. Use their debugging skills for your own benefit: post-mortem debugging is one of the most important features your web framework can provide.
This talk will cover some of the simplest practices and available tools for debugging on production environments and to immediately improve quality of your web applications.
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
Today, with expand of the web portal, many customers are seeking for more secure solutions to access to their web portal outside of their own networks.
For Liferay portal customers, this request has been increased due to the number of portal deployed on Cloud and the increase of deployment of Liferay portal for internet sites (B2C …).
One of the proposed solutions is the use of Multi-factor authentication mechanism.
Google Authenticator is one of the lead open source dual factor authentication systems.
In this presentation, we will explain the integration technical solution of Liferay and Google Authenticator in order to deliver a two-factor authentication system. The presentation will be followed by a live demo.
Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users of mobile applications by Google. The service implements algorithms specified in RFC 6238 and RFC 4226, respectively.
"Shift Lef Security" What the funk does that mean?
In the agile, lean, DevOps communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
Similar to Cost-Effective Two-Factor Authentication (20)
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
2. ABOUT ME
● Waihon Yew
● Rapid River Software
● Connect with me:
○ GitHub: waihon
○ Twitter: waihon
○ LinkedIn: waihonyew
3. WHAT IS TWO-FACTOR AUTHENTICATION?
● Two-factor authentication (2FA) is a way to add additional
security to your account.
● The first "factor" is your usual password that is standard for
any account.
● A common second "factor" is a verification code retrieved
from an app on a mobile device or computer.
● 2FA is conceptually similar to a security token device that
certain banks in some countries require for online banking.
● Other names for 2FA systems include OTP (one-time
password) and TOTP (Time-based One-time Password
algorithm).
4. ● Business
○ Compatible with Google Authenticator which is
available for free on both Google Play and App Store
● Technical
○ A gem/library that:
■ Makes adding 2FA to a user model simple
■ Is not tightly coupled with any authentication gems
such as Devise
REQUIREMENTS/CONSTRAINTS
5. 2FA GEM: ACTIVEMODEL::OTP
● GitHub
○ https://github.com/heapsource/active_model_otp
● Key dependency
○ ROTP 4.0 or higher
■ A Ruby library for generating and validating one
time passwords according to RFC 4226 (HOTP) and
RFC 6238 (TOTP).
● Installation
○ gem 'active_model_otp'
6. ● Add otp_secret_key to your user model
○ rails g migration AddOtpSecretKeyToUsers
otp_secret_key:string
○ rails db:migrate
● Add has_one_time_password directive to your user model.
○ It provides a few useful methods in order to implement
your 2FA
SETTING UP YOUR MODEL
7. ● The otp_secret_key is saved automatically when an object
is created.
● If you're adding this to an existing user model, you could:
○ Generate otp_secret_key with a migration like:
■ User.find_each { |user|
user.update_attribute(:otp_secret_key,
ROTP::Base32.random_base32) }
○ Generate otp_secret_key when users enable 2FA
OTP SECRET KEY