Data Integrity Checks & Lunh Algorithm
•
0 likes•368 views
This presentation includes basics of information security and mainly focused on integrity. It also describes Lunh algorithm and how it helps with our day to day penetration testing assignments. Using Luhn algorithm, it simply narrow down the requests while brute-forcing the card numbers / social security numbers / social insurance numbers, IMEI numbers etc. Presented at Null Ahmedabad Meet: https://www.null.co.in/events/477-ahmedabad-null-ahmedabad-meet-19-august-2018-monthly-meet
Report
Share
Report
Share
Recommended
Data encryption.pptx
The document discusses data encryption and how it works. It explains that data encryption scrambles data before transmission to protect it from eavesdroppers. It describes symmetric encryption, where the same key is used to encrypt and decrypt, and asymmetric encryption, where public and private keys are used. Simulations of encryption methods are provided to illustrate how they work. While encryption does not prevent data theft, asymmetric encryption is sufficient to keep data safe since only the private key can decrypt messages.
IT Security Awareness-v1.7.ppt
Cyber Security Awareness training outlines key topics to help employees secure MCB information systems and data from cyber attacks. The training covers password security, email security, safe web browsing, social engineering, and MCB security policies. Case studies of real-world cyber attacks show how hackers have stolen millions from banks by exploiting human and technical vulnerabilities. The training emphasizes that security is everyone's responsibility and all employees must follow security protocols to protect MCB networks and data.
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
Cyber Security Awareness training outlines key topics to help employees secure MCB information systems and data from cyber attacks. The training covers password security, email security, safe web browsing, social engineering, and MCB security policies. It aims to spread awareness among employees about common cyberattack methods like social engineering, computer viruses, and data breaches at financial institutions globally. Case studies of significant cyber attacks like the Bangladesh Bank heist and UK bank data breaches are also presented.
Trends in electronic crimes and its impact on businesses like yours
The USSS discusses its dual mission of presidential protection and investigating financial crimes such as counterfeiting, identity theft, and cyber crimes. It outlines current cyber crime trends like skimming devices, network intrusions, point of sale breaches, targeted malware, and data breaches. It then provides a case study of how a network intrusion investigation may proceed, from initial detection to identifying compromised systems and retrieving stolen data.
The Target Breach – Follow The Money
veryone's heard about the Target breach at the end of last year; some of you may have been affected. One way to understand this breach - to borrow a phrase from Deep Throat talking about the Watergate Scandal in "All The President's Men" - is to follow the money.
This webinar will do that. It will detail what we know about the Target breach and how it happened. But it will place particular emphasis on the money trail - not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, the likelihood of lawsuits, and so on. As such, this webinar represents a powerful opportunity to learn what really goes down as a breach unwinds from a respected professional who has been in the trenches for decades.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
Cyber Awareness 101 - essentials package for kids
This document provides an overview of cyber security essentials and tips for safe internet usage. It begins with an introduction to hacking as a mindset of questioning how software works and trying unexpected inputs. It then discusses vulnerabilities from lack of input validation, such as username enumeration to find valid usernames. Common passwords are listed, and strong passwords using a variety of characters are recommended. Password managers can also be used. Internet safety tips include using password protection, antivirus software, keeping systems updated, and being wary of phishing attacks. Cyberbullying and how to report it are covered, along with tips for stopping a cyberbully like not reacting, blocking them, and saving evidence.
Security for Data Scientists
This document summarizes security threats and defenses for data scientists. It discusses common attacks like brute forcing passwords, phishing, and spear phishing. It also covers threats from password reuse due to data breaches, man-in-the-middle attacks, internet tracking, physical access to hardware, and USB devices. Defenses include using strong unique passwords, two-factor authentication, encryption, blocking tracking, and avoiding unknown USB devices. The document recommends resources for further learning about data security.
Security access and payments methods
This document provides information and recommendations about online and card security from Desjardins, a Canadian financial institution. It recommends implementing basic security measures like keeping PINs and passwords confidential, regularly reviewing statements, and using antivirus software. Desjardins also implements their own security protections like transaction limits and two-factor authentication for online banking. The document advises vigilance and cautions users about common fraud tactics like phishing emails or cloned cards, while assuring that Desjardins takes security seriously to protect users.
Recommended
Data encryption.pptx
The document discusses data encryption and how it works. It explains that data encryption scrambles data before transmission to protect it from eavesdroppers. It describes symmetric encryption, where the same key is used to encrypt and decrypt, and asymmetric encryption, where public and private keys are used. Simulations of encryption methods are provided to illustrate how they work. While encryption does not prevent data theft, asymmetric encryption is sufficient to keep data safe since only the private key can decrypt messages.
IT Security Awareness-v1.7.ppt
Cyber Security Awareness training outlines key topics to help employees secure MCB information systems and data from cyber attacks. The training covers password security, email security, safe web browsing, social engineering, and MCB security policies. Case studies of real-world cyber attacks show how hackers have stolen millions from banks by exploiting human and technical vulnerabilities. The training emphasizes that security is everyone's responsibility and all employees must follow security protocols to protect MCB networks and data.
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
Cyber Security Awareness training outlines key topics to help employees secure MCB information systems and data from cyber attacks. The training covers password security, email security, safe web browsing, social engineering, and MCB security policies. It aims to spread awareness among employees about common cyberattack methods like social engineering, computer viruses, and data breaches at financial institutions globally. Case studies of significant cyber attacks like the Bangladesh Bank heist and UK bank data breaches are also presented.
Trends in electronic crimes and its impact on businesses like yours
The USSS discusses its dual mission of presidential protection and investigating financial crimes such as counterfeiting, identity theft, and cyber crimes. It outlines current cyber crime trends like skimming devices, network intrusions, point of sale breaches, targeted malware, and data breaches. It then provides a case study of how a network intrusion investigation may proceed, from initial detection to identifying compromised systems and retrieving stolen data.
The Target Breach – Follow The Money
veryone's heard about the Target breach at the end of last year; some of you may have been affected. One way to understand this breach - to borrow a phrase from Deep Throat talking about the Watergate Scandal in "All The President's Men" - is to follow the money.
This webinar will do that. It will detail what we know about the Target breach and how it happened. But it will place particular emphasis on the money trail - not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, the likelihood of lawsuits, and so on. As such, this webinar represents a powerful opportunity to learn what really goes down as a breach unwinds from a respected professional who has been in the trenches for decades.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
Cyber Awareness 101 - essentials package for kids
This document provides an overview of cyber security essentials and tips for safe internet usage. It begins with an introduction to hacking as a mindset of questioning how software works and trying unexpected inputs. It then discusses vulnerabilities from lack of input validation, such as username enumeration to find valid usernames. Common passwords are listed, and strong passwords using a variety of characters are recommended. Password managers can also be used. Internet safety tips include using password protection, antivirus software, keeping systems updated, and being wary of phishing attacks. Cyberbullying and how to report it are covered, along with tips for stopping a cyberbully like not reacting, blocking them, and saving evidence.
Security for Data Scientists
This document summarizes security threats and defenses for data scientists. It discusses common attacks like brute forcing passwords, phishing, and spear phishing. It also covers threats from password reuse due to data breaches, man-in-the-middle attacks, internet tracking, physical access to hardware, and USB devices. Defenses include using strong unique passwords, two-factor authentication, encryption, blocking tracking, and avoiding unknown USB devices. The document recommends resources for further learning about data security.
Security access and payments methods
This document provides information and recommendations about online and card security from Desjardins, a Canadian financial institution. It recommends implementing basic security measures like keeping PINs and passwords confidential, regularly reviewing statements, and using antivirus software. Desjardins also implements their own security protections like transaction limits and two-factor authentication for online banking. The document advises vigilance and cautions users about common fraud tactics like phishing emails or cloned cards, while assuring that Desjardins takes security seriously to protect users.
Security access and payments methods
Desjardins provides security measures and recommendations to protect members from fraud. They implement limits on transaction amounts and require additional authentication for certain transactions. Members should follow basic rules like keeping their PIN and passwords confidential, regularly reviewing statements, and not storing sensitive information on devices. Desjardins also uses encryption and other technologies to secure online and phone transactions. Members should be wary of fraudulent emails and never disclose sensitive details to unsolicited callers.
Security access and payments methods
Desjardins provides security measures and recommendations to protect members from fraud. They implement limits on transaction amounts and require additional authentication for certain transactions. Members should follow basic rules like keeping their PIN and passwords confidential, regularly reviewing statements, and not storing sensitive information on computers. Desjardins also uses encryption and other technologies to secure online and phone transactions. Members should be wary of fraudulent emails and never disclose sensitive details to unsolicited callers.
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
This document discusses cybersecurity threats facing small businesses and recommendations for protecting against them. Small businesses are often targeted by hackers because they have weaker security settings. The top 5 ways small businesses are attacked are through P2P applications, drive-by downloads, active content in attachments, phishing attacks, and social networking. To protect against attacks, the document recommends a multi-layered security approach including firewalls, virus protection, employee training, timely software updates, and the use of encryption and a password manager. It also provides tips on creating strong passwords and enabling two-factor authentication.
Security Breakout Session
The document discusses how Splunk can provide analytics-driven security for higher education through ingesting and analyzing machine data. It outlines how advanced threats have evolved to be more coordinated and evasive. A new approach is needed that fuses technology, human intuition, and processes like collaboration to detect attackers through contextual behavioral analysis of all available data. Examples are provided of security questions that can be answered through Splunk analytics.
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
There are several categories of attackers, including hackers, crackers, script kiddies, spies, employees, and cyberterrorists. Common attacks include password guessing, which attempts to learn a user's password through various means, and denial of service attacks, which flood a server or device with requests to make it unavailable. Malicious software, or malware, consists of computer programs intentionally created to harm systems and includes viruses, worms, logic bombs, Trojan horses, and back doors.
001.itsecurity bcp v1
Session 1 (one) of the course Information Security and business continuity. Concept of Information security , Term , Trends and Impact are discussed .
Presented at Bangladesh Institute of Management on 21 November 2015.
Security fundamentals
The document discusses security fundamentals and classical ciphers. It defines computer and network security, and lists common security problems. It then covers security goals like authentication, access control, confidentiality and integrity. It discusses security services, mechanisms, and attacks. Finally, it provides examples of classical ciphers like the Shift Cipher, Substitution Cipher, Vigenere Cipher, Vernam Cipher, and Transposition Ciphers. It explains how to analyze and break some of these classical ciphers.
Security Fundamentals
Short overview of the fundamentals of computer security. Cryptography, symmetric and asymentric cryptography, digital signatures, PKI.
Iaetsd vulnerabilities in credit card security
The document discusses vulnerabilities in how e-commerce websites store and protect customer credit card and personal information. It outlines how hackers can exploit these vulnerabilities to steal customer data by scanning websites for vulnerabilities, extracting data from vulnerable databases, and impersonating customers to make fraudulent purchases. It suggests methods for protecting customer information, such as encrypting stored data, avoiding storage of sensitive details like CVV numbers, and implementing stronger authentication of customers and IP addresses to prevent fraudulent orders.
Cyber Security - Moving Past "Best Practices"
Laura Whitt-Winyard is the Director of Cyber Security at Billtrust. She has over 16 years of experience in cyber security and has received several awards. The presentation discusses cyber security statistics, best practices, and the measures Billtrust takes to ensure security, including artificial intelligence, containment strategies, authentication, automation, and orchestration. It provides tips individuals can take such as managing user accounts securely, using strong and unique passwords, and being wary of phishing attempts.
Automatski - The Internet of Things - Privacy in IoT
This document contains contact information for two individuals at Automatski Corp, an Internet of Things company. It then discusses 18 types of personal identifiers that should be removed from data to de-identify individuals. Next, it explains how re-identification can still occur even after de-identification based on combinations of data like zip code, birthdate and sex. Finally, it lists some methods for de-identification and anonymization including access control, statistical disclosure control, and computational disclosure control.
Privacy Preservation Issues in Association Rule Mining in Horizontally Partit...
This document discusses two algorithms for mining association rules from horizontally partitioned databases while preserving privacy. The first algorithm is a two-phased approach that uses encryption for mining large itemsets in the first phase and then introduces random numbers to preserve privacy in the second phase. The second algorithm uses a technique called CK Secure Sum that breaks each site's data into segments and changes neighbors between sites in each round to limit information leakage. Both algorithms aim to allow association rule mining across distributed datasets without revealing private information from individual sites.
Unit-5.pptx
Intruders can be classified into three categories: masqueraders who penetrate access controls to exploit legitimate user accounts, misfeasors who access unauthorized data as legitimate users, and clandestine users who seize control to evade security systems. Secure Electronic Transaction (SET) uses digital certificates and signatures to securely conduct credit card transactions over the internet between a customer, merchant, and bank. Web traffic security can be provided at the transport layer using protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) which provide encryption and authentication between applications like browsers and servers.
Basic_computerHygiene
This document provides an overview of basic computer security practices and a top 10 list of good security habits. It explains that computer security protects systems and data from threats. While technology provides some protections, users are responsible for 90% of security through good practices. The top 10 list includes recommendations like backing up data, using strong passwords, keeping systems updated, practicing safe email and internet usage, and physically securing devices and data. The document emphasizes that everyone must understand and follow security practices to protect their devices, information and institutions from risks like data loss, identity theft and costly security incidents.
Meletis Belsis - Introduction to information security
Security is a major concern for organizations and individuals as information has become more valuable. The need for security has existed since information first became important. While firewalls and antivirus software provide some protection, they do not make an organization fully secure. Security involves processes for prevention, detection, reaction, and forensics. It is difficult to implement security perfectly due to costs, user resistance, evolving threats, and time/budget constraints for security teams. Hackers use various techniques like information gathering, password cracking, viruses, denial of service attacks, sniffing, and system exploits to compromise targets. Organizations implement defenses like firewalls, intrusion detection, honeypots, anti-sniffing measures, antivirus software, security awareness
Simplitfy - Guarding your Data
This document provides tips and advice for small businesses on how to guard their data and systems from various threats and disruptions. It discusses how many businesses experience disruptions each year and may not survive if offline for more than 5 days. It recommends providing regular cybersecurity training to employees and using simple, integrated solutions to protect data and systems from viruses, ransomware, lost or stolen devices. Specific tips include enabling encryption, remote wiping, VPNs, strong passwords, testing backups, and monitoring for identity theft. The overall message is that end-to-end protection is needed across networks, email, wireless systems, endpoints, servers and data to fully secure the business.
Cyber security
This document discusses cyber security and cyber crimes related to banking. It defines cyber security as the protection of internet-connected systems, including hardware, software and data, from cyber attacks. It then discusses examples of major cyber security threats to the banking sector like unencrypted data, unprotected third party services, and an constantly changing threat landscape. The document also defines different types of cyber crimes like hacking, phishing, and ransomware and explains how hackers managed to steal over Rs. 94 crore from an attack on Pune-based Cosmos Bank's server in 2018.
Security.ppt
1. The document discusses the topics of security and cryptography. It covers authentication, encryption algorithms like RSA public-key encryption, and digital signatures.
2. RSA public-key cryptography is described as the most widely used system, where users have public and private keys to encrypt and decrypt messages. It relies on the assumption that factoring large numbers is computationally difficult.
3. Digital signatures are explained as a way for a user to sign a message using their private key so that others can verify it came from that user by decrypting it with the public key.
Security For The People: End-User Authentication Security on the Internet by ...
Mark Stanislav conducted research on authentication security across various online services. He developed a scoring system called MASSACRE to evaluate two-factor authentication usage, browser security features, SSL/TLS implementation, and other security practices. The analysis found that technology companies like GitHub and financial services like Kraken had the highest MASSACRE scores, while domains and gaming services tended to score lower. Implementing features like content security policies and strict transport security helped increase scores. Breaches sometimes prompted services to enable two-factor authentication within a year.
Fraud Meetup
Next Jump is a company that provides an online marketplace and rewards program called WOWPoints to help employees save money on purchases from various retailers. The document discusses lessons learned from $1 million in fraud over the past 5 years. Key lessons include that fraudsters will exploit authorization systems, may target holidays when monitoring is reduced, and that a balanced approach of limiting high-risk users and products provides a better user experience than complete disabling of features. The company addresses fraud by focusing on preventing transactional fraud first through an inline risk scoring system optimized for speed, agility, and scalability using decision trees generated from historical fraud data.
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
How GenAI Can Improve Supplier Performance Management.pdf
Data Collection and Analysis with GenAI enables organizations to gather, analyze, and visualize vast amounts of supplier data, identifying key performance indicators and trends. Predictive analytics forecast future supplier performance, mitigating risks and seizing opportunities. Supplier segmentation allows for tailored management strategies, optimizing resource allocation. Automated scorecards and reporting provide real-time insights, enhancing transparency and tracking progress. Collaboration is fostered through GenAI-powered platforms, driving continuous improvement. NLP analyzes unstructured feedback, uncovering deeper insights into supplier relationships. Simulation and scenario planning tools anticipate supply chain disruptions, supporting informed decision-making. Integration with existing systems enhances data accuracy and consistency. McKinsey estimates GenAI could deliver $2.6 trillion to $4.4 trillion in economic benefits annually across industries, revolutionizing procurement processes and delivering significant ROI.
More Related Content
Similar to Data Integrity Checks & Lunh Algorithm
Security access and payments methods
Desjardins provides security measures and recommendations to protect members from fraud. They implement limits on transaction amounts and require additional authentication for certain transactions. Members should follow basic rules like keeping their PIN and passwords confidential, regularly reviewing statements, and not storing sensitive information on devices. Desjardins also uses encryption and other technologies to secure online and phone transactions. Members should be wary of fraudulent emails and never disclose sensitive details to unsolicited callers.
Security access and payments methods
Desjardins provides security measures and recommendations to protect members from fraud. They implement limits on transaction amounts and require additional authentication for certain transactions. Members should follow basic rules like keeping their PIN and passwords confidential, regularly reviewing statements, and not storing sensitive information on computers. Desjardins also uses encryption and other technologies to secure online and phone transactions. Members should be wary of fraudulent emails and never disclose sensitive details to unsolicited callers.
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
This document discusses cybersecurity threats facing small businesses and recommendations for protecting against them. Small businesses are often targeted by hackers because they have weaker security settings. The top 5 ways small businesses are attacked are through P2P applications, drive-by downloads, active content in attachments, phishing attacks, and social networking. To protect against attacks, the document recommends a multi-layered security approach including firewalls, virus protection, employee training, timely software updates, and the use of encryption and a password manager. It also provides tips on creating strong passwords and enabling two-factor authentication.
Security Breakout Session
The document discusses how Splunk can provide analytics-driven security for higher education through ingesting and analyzing machine data. It outlines how advanced threats have evolved to be more coordinated and evasive. A new approach is needed that fuses technology, human intuition, and processes like collaboration to detect attackers through contextual behavioral analysis of all available data. Examples are provided of security questions that can be answered through Splunk analytics.
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
There are several categories of attackers, including hackers, crackers, script kiddies, spies, employees, and cyberterrorists. Common attacks include password guessing, which attempts to learn a user's password through various means, and denial of service attacks, which flood a server or device with requests to make it unavailable. Malicious software, or malware, consists of computer programs intentionally created to harm systems and includes viruses, worms, logic bombs, Trojan horses, and back doors.
001.itsecurity bcp v1
Session 1 (one) of the course Information Security and business continuity. Concept of Information security , Term , Trends and Impact are discussed .
Presented at Bangladesh Institute of Management on 21 November 2015.
Security fundamentals
The document discusses security fundamentals and classical ciphers. It defines computer and network security, and lists common security problems. It then covers security goals like authentication, access control, confidentiality and integrity. It discusses security services, mechanisms, and attacks. Finally, it provides examples of classical ciphers like the Shift Cipher, Substitution Cipher, Vigenere Cipher, Vernam Cipher, and Transposition Ciphers. It explains how to analyze and break some of these classical ciphers.
Security Fundamentals
Short overview of the fundamentals of computer security. Cryptography, symmetric and asymentric cryptography, digital signatures, PKI.
Iaetsd vulnerabilities in credit card security
The document discusses vulnerabilities in how e-commerce websites store and protect customer credit card and personal information. It outlines how hackers can exploit these vulnerabilities to steal customer data by scanning websites for vulnerabilities, extracting data from vulnerable databases, and impersonating customers to make fraudulent purchases. It suggests methods for protecting customer information, such as encrypting stored data, avoiding storage of sensitive details like CVV numbers, and implementing stronger authentication of customers and IP addresses to prevent fraudulent orders.
Cyber Security - Moving Past "Best Practices"
Laura Whitt-Winyard is the Director of Cyber Security at Billtrust. She has over 16 years of experience in cyber security and has received several awards. The presentation discusses cyber security statistics, best practices, and the measures Billtrust takes to ensure security, including artificial intelligence, containment strategies, authentication, automation, and orchestration. It provides tips individuals can take such as managing user accounts securely, using strong and unique passwords, and being wary of phishing attempts.
Automatski - The Internet of Things - Privacy in IoT
This document contains contact information for two individuals at Automatski Corp, an Internet of Things company. It then discusses 18 types of personal identifiers that should be removed from data to de-identify individuals. Next, it explains how re-identification can still occur even after de-identification based on combinations of data like zip code, birthdate and sex. Finally, it lists some methods for de-identification and anonymization including access control, statistical disclosure control, and computational disclosure control.
Privacy Preservation Issues in Association Rule Mining in Horizontally Partit...
This document discusses two algorithms for mining association rules from horizontally partitioned databases while preserving privacy. The first algorithm is a two-phased approach that uses encryption for mining large itemsets in the first phase and then introduces random numbers to preserve privacy in the second phase. The second algorithm uses a technique called CK Secure Sum that breaks each site's data into segments and changes neighbors between sites in each round to limit information leakage. Both algorithms aim to allow association rule mining across distributed datasets without revealing private information from individual sites.
Unit-5.pptx
Intruders can be classified into three categories: masqueraders who penetrate access controls to exploit legitimate user accounts, misfeasors who access unauthorized data as legitimate users, and clandestine users who seize control to evade security systems. Secure Electronic Transaction (SET) uses digital certificates and signatures to securely conduct credit card transactions over the internet between a customer, merchant, and bank. Web traffic security can be provided at the transport layer using protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) which provide encryption and authentication between applications like browsers and servers.
Basic_computerHygiene
This document provides an overview of basic computer security practices and a top 10 list of good security habits. It explains that computer security protects systems and data from threats. While technology provides some protections, users are responsible for 90% of security through good practices. The top 10 list includes recommendations like backing up data, using strong passwords, keeping systems updated, practicing safe email and internet usage, and physically securing devices and data. The document emphasizes that everyone must understand and follow security practices to protect their devices, information and institutions from risks like data loss, identity theft and costly security incidents.
Meletis Belsis - Introduction to information security
Security is a major concern for organizations and individuals as information has become more valuable. The need for security has existed since information first became important. While firewalls and antivirus software provide some protection, they do not make an organization fully secure. Security involves processes for prevention, detection, reaction, and forensics. It is difficult to implement security perfectly due to costs, user resistance, evolving threats, and time/budget constraints for security teams. Hackers use various techniques like information gathering, password cracking, viruses, denial of service attacks, sniffing, and system exploits to compromise targets. Organizations implement defenses like firewalls, intrusion detection, honeypots, anti-sniffing measures, antivirus software, security awareness
Simplitfy - Guarding your Data
This document provides tips and advice for small businesses on how to guard their data and systems from various threats and disruptions. It discusses how many businesses experience disruptions each year and may not survive if offline for more than 5 days. It recommends providing regular cybersecurity training to employees and using simple, integrated solutions to protect data and systems from viruses, ransomware, lost or stolen devices. Specific tips include enabling encryption, remote wiping, VPNs, strong passwords, testing backups, and monitoring for identity theft. The overall message is that end-to-end protection is needed across networks, email, wireless systems, endpoints, servers and data to fully secure the business.
Cyber security
This document discusses cyber security and cyber crimes related to banking. It defines cyber security as the protection of internet-connected systems, including hardware, software and data, from cyber attacks. It then discusses examples of major cyber security threats to the banking sector like unencrypted data, unprotected third party services, and an constantly changing threat landscape. The document also defines different types of cyber crimes like hacking, phishing, and ransomware and explains how hackers managed to steal over Rs. 94 crore from an attack on Pune-based Cosmos Bank's server in 2018.
Security.ppt
1. The document discusses the topics of security and cryptography. It covers authentication, encryption algorithms like RSA public-key encryption, and digital signatures.
2. RSA public-key cryptography is described as the most widely used system, where users have public and private keys to encrypt and decrypt messages. It relies on the assumption that factoring large numbers is computationally difficult.
3. Digital signatures are explained as a way for a user to sign a message using their private key so that others can verify it came from that user by decrypting it with the public key.
Security For The People: End-User Authentication Security on the Internet by ...
Mark Stanislav conducted research on authentication security across various online services. He developed a scoring system called MASSACRE to evaluate two-factor authentication usage, browser security features, SSL/TLS implementation, and other security practices. The analysis found that technology companies like GitHub and financial services like Kraken had the highest MASSACRE scores, while domains and gaming services tended to score lower. Implementing features like content security policies and strict transport security helped increase scores. Breaches sometimes prompted services to enable two-factor authentication within a year.
Fraud Meetup
Next Jump is a company that provides an online marketplace and rewards program called WOWPoints to help employees save money on purchases from various retailers. The document discusses lessons learned from $1 million in fraud over the past 5 years. Key lessons include that fraudsters will exploit authorization systems, may target holidays when monitoring is reduced, and that a balanced approach of limiting high-risk users and products provides a better user experience than complete disabling of features. The company addresses fraud by focusing on preventing transactional fraud first through an inline risk scoring system optimized for speed, agility, and scalability using decision trees generated from historical fraud data.
Similar to Data Integrity Checks & Lunh Algorithm (20)
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
Privacy Preservation Issues in Association Rule Mining in Horizontally Partit...
Privacy Preservation Issues in Association Rule Mining in Horizontally Partit...
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...
Recently uploaded
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
How GenAI Can Improve Supplier Performance Management.pdf
Data Collection and Analysis with GenAI enables organizations to gather, analyze, and visualize vast amounts of supplier data, identifying key performance indicators and trends. Predictive analytics forecast future supplier performance, mitigating risks and seizing opportunities. Supplier segmentation allows for tailored management strategies, optimizing resource allocation. Automated scorecards and reporting provide real-time insights, enhancing transparency and tracking progress. Collaboration is fostered through GenAI-powered platforms, driving continuous improvement. NLP analyzes unstructured feedback, uncovering deeper insights into supplier relationships. Simulation and scenario planning tools anticipate supply chain disruptions, supporting informed decision-making. Integration with existing systems enhances data accuracy and consistency. McKinsey estimates GenAI could deliver $2.6 trillion to $4.4 trillion in economic benefits annually across industries, revolutionizing procurement processes and delivering significant ROI.
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
Ensuring the optimal performance of your audio-visual (AV) equipment is crucial for delivering exceptional experiences. AV performance validation is a critical process that verifies the quality and functionality of your AV setup. Whether you're a content creator, a business conducting webinars, or a homeowner creating a home theater, validating your AV performance is essential.
Mobile App Development Company In Noida | Drona Infotech
React.js, a JavaScript library developed by Facebook, has gained immense popularity for building user interfaces, especially for single-page applications. Over the years, React has evolved and expanded its capabilities, becoming a preferred choice for mobile app development. This article will explore why React.js is an excellent choice for the Best Mobile App development company in Noida.
Visit Us For Information: https://www.linkedin.com/pulse/what-makes-reactjs-stand-out-mobile-app-development-rajesh-rai-pihvf/
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
原版定制【微信:bwp0011】《(hull学位证书)英国赫尔大学毕业证硕士文凭》【微信:bwp0011】成绩单 、雅思、外壳、留信学历认证永久存档查询,采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信bwp0011】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信bwp0011】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Presented at NLJUG's J-Spring 2024.
ppt on the brain chip neuralink.pptx
A neural network is a machine learning program, or model, that makes decisions in a manner similar to the human brain, by using processes that mimic the way biological neurons work together to identify phenomena, weigh options and arrive at conclusions.
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
Visual testing plays a vital role in ensuring that software products meet the aesthetic requirements specified by clients in functional and non-functional specifications. In today's highly competitive digital landscape, users expect a seamless and visually appealing online experience. Visual testing, also known as automated UI testing or visual regression testing, verifies the accuracy of the visual elements that users interact with.
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
原版一模一样【微信:741003700 】【(sdsu毕业证书)圣地亚哥州立大学毕业证成绩单】【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
办理(sdsu毕业证书)圣地亚哥州立大学毕业证【微信:741003700 】外观非常简单,由纸质材料制成,上面印有校徽、校名、毕业生姓名、专业等信息。
办理(sdsu毕业证书)圣地亚哥州立大学毕业证【微信:741003700 】格式相对统一,各专业都有相应的模板。通常包括以下部分:
校徽:象征着学校的荣誉和传承。
校名:学校英文全称
授予学位:本部分将注明获得的具体学位名称。
毕业生姓名:这是最重要的信息之一,标志着该证书是由特定人员获得的。
颁发日期:这是毕业正式生效的时间,也代表着毕业生学业的结束。
其他信息:根据不同的专业和学位,可能会有一些特定的信息或章节。
办理(sdsu毕业证书)圣地亚哥州立大学毕业证【微信:741003700 】价值很高,需要妥善保管。一般来说,应放置在安全、干燥、防潮的地方,避免长时间暴露在阳光下。如需使用,最好使用复印件而不是原件,以免丢失。
综上所述,办理(sdsu毕业证书)圣地亚哥州立大学毕业证【微信:741003700 】是证明身份和学历的高价值文件。外观简单庄重,格式统一,包括重要的个人信息和发布日期。对持有人来说,妥善保管是非常重要的。
Building API data products on top of your real-time data infrastructure
This talk and live demonstration will examine how Confluent and Gravitee.io integrate to unlock value from streaming data through API products.
You will learn how data owners and API providers can document, secure data products on top of Confluent brokers, including schema validation, topic routing and message filtering.
You will also see how data and API consumers can discover and subscribe to products in a developer portal, as well as how they can integrate with Confluent topics through protocols like REST, Websockets, Server-sent Events and Webhooks.
Whether you want to monetize your real-time data, enable new integrations with partners, or provide self-service access to topics through various protocols, this webinar is for you!
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
UMN硕士毕业证成绩单【微信95270640】购买(明尼苏达大学毕业证成绩单硕士学历)Q微信95270640代办UMN学历认证留信网伪造明尼苏达大学学位证书精仿明尼苏达大学本科/硕士文凭证书补办明尼苏达大学 diplomaoffer,Transcript购买明尼苏达大学毕业证成绩单购买UMN假毕业证学位证书购买伪造明尼苏达大学文凭证书学位证书,专业办理雅思、托福成绩单,学生ID卡,在读证明,海外各大学offer录取通知书,毕业证书,成绩单,文凭等材料:1:1完美还原毕业证、offer录取通知书、学生卡等各种在读或毕业材料的防伪工艺(包括 烫金、烫银、钢印、底纹、凹凸版、水印、防伪光标、热敏防伪、文字图案浮雕,激光镭射,紫外荧光,温感光标)学校原版上有的工艺我们一样不会少,不论是老版本还是最新版本,都能保证最高程度还原,力争完美以求让所有同学都能享受到完美的品质服务。
#毕业证成绩单 #毕业証 #成绩单 #學生卡 #OFFER录取通知书 #雅思#托福等……
国外大学明尼苏达大学明尼苏达大学毕业证offer制作方法(一对一专业服务)
1客户提供办理信息:姓名生日专业学位毕业时间等(如信息不确定可以咨询顾问:我们有专业老师帮你查询);
2开始安排制作毕业证成绩单电子图;
3毕业证成绩单电子版做好以后发送给您确认;
4毕业证成绩单电子版您确认信息无误之后安排制作成品;
5成品做好拍照或者视频给您确认;
6快递给客户(国内顺丰国外DHLUPS等快读邮寄)
— — 制作工艺 【高仿真】— —
凭借多年的制作经验本公司制作明尼苏达大学明尼苏达大学毕业证offer《激光》《水印》《钢印》《烫金》《紫外线》凹凸版uv版等防伪技术一流高精仿度几乎跟学校100%相同!让您绝对满意。
— — -公司理念 【诚信为主】— — —
我們以質量求生存.以服务求发展有雄厚的实力专业的团队咨询顾问为您细心解答可详谈是真是假眼见为实让您真正放心平凡人生,尽我所能助您一臂之力让我們携手圆您梦想!
此贴长年有效【贴心专线/微-信: 95270640】敬请保留此联系方式以备用!如有不在线请给我们留言!我们将在第一时间给您回复!上散发着一抹抹的光晕而这每处自然形成的细节融合在一起浑然天成的美实在令人心生愉悦小道的周边无秩序的生长着几株艳丽的野花红的粉的紫的虽混乱无章却给这幅美景更增添一份性感夹杂着一份纯洁的妖娆毫无违和感实在给人带来一份悠然幸福的心情如果说现在的审美已经断然拒绝了无声的话那么在树林间飞掠而过的小鸟叽叽咋咋的叫声是否就是这最后的点睛之笔悠然走在林间的小路上宁静与清香一丝丝的盛夏气息吸入身体昔日生活里的繁忙多
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
Superpower Your Apache Kafka Applications Development with Complementary Open...
Kafka Summit talk (Bangalore, India, May 2, 2024, https://events.bizzabo.com/573863/agenda/session/1300469 )
Many Apache Kafka use cases take advantage of Kafka’s ability to integrate multiple heterogeneous systems for stream processing and real-time machine learning scenarios. But Kafka also exists in a rich ecosystem of related but complementary stream processing technologies and tools, particularly from the open-source community. In this talk, we’ll take you on a tour of a selection of complementary tools that can make Kafka even more powerful. We’ll focus on tools for stream processing and querying, streaming machine learning, stream visibility and observation, stream meta-data, stream visualisation, stream development including testing and the use of Generative AI and LLMs, and stream performance and scalability. By the end you will have a good idea of the types of Kafka “superhero” tools that exist, which are my favourites (and what superpowers they have), and how they combine to save your Kafka applications development universe from swamploads of data stagnation monsters!
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Vector databases are transforming how we handle data, allowing us to search through text, images, and audio by converting them into vectors. Today, we'll dive into the basics of this exciting technology and discuss its potential to revolutionize our next-generation AI applications. We'll examine typical uses for these databases and the essential tools
developers need. Plus, we'll zoom in on the advanced capabilities of vector search and semantic caching in Java, showcasing these through a live demo with Redis libraries. Get ready to see how these powerful tools can change the game!
Modelling Up - DDDEurope 2024 - Amsterdam
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Penify - Let AI do the Documentation, you write the Code.
Penify automates the software documentation process for Git repositories. Every time a code modification is merged into "main", Penify uses a Large Language Model to generate documentation for the updated code. This automation covers multiple documentation layers, including InCode Documentation, API Documentation, Architectural Documentation, and PR documentation, each designed to improve different aspects of the development process. By taking over the entire documentation process, Penify tackles the common problem of documentation becoming outdated as the code evolves.
https://www.penify.dev/
Streamlining End-to-End Testing Automation
Streamlining End-to-End Testing Automation with Azure DevOps Build & Release Pipelines
Automating end-to-end (e2e) test for Android and iOS native apps, and web apps, within Azure build and release pipelines, poses several challenges. This session dives into the key challenges and the repeatable solutions implemented across multiple teams at a leading Indian telecom disruptor, renowned for its affordable 4G/5G services, digital platforms, and broadband connectivity.
Challenge #1. Ensuring Test Environment Consistency: Establishing a standardized test execution environment across hundreds of Azure DevOps agents is crucial for achieving dependable testing results. This uniformity must seamlessly span from Build pipelines to various stages of the Release pipeline.
Challenge #2. Coordinated Test Execution Across Environments: Executing distinct subsets of tests using the same automation framework across diverse environments, such as the build pipeline and specific stages of the Release Pipeline, demands flexible and cohesive approaches.
Challenge #3. Testing on Linux-based Azure DevOps Agents: Conducting tests, particularly for web and native apps, on Azure DevOps Linux agents lacking browser or device connectivity presents specific challenges in attaining thorough testing coverage.
This session delves into how these challenges were addressed through:
1. Automate the setup of essential dependencies to ensure a consistent testing environment.
2. Create standardized templates for executing API tests, API workflow tests, and end-to-end tests in the Build pipeline, streamlining the testing process.
3. Implement task groups in Release pipeline stages to facilitate the execution of tests, ensuring consistency and efficiency across deployment phases.
4. Deploy browsers within Docker containers for web application testing, enhancing portability and scalability of testing environments.
5. Leverage diverse device farms dedicated to Android, iOS, and browser testing to cover a wide range of platforms and devices.
6. Integrate AI technology, such as Applitools Visual AI and Ultrafast Grid, to automate test execution and validation, improving accuracy and efficiency.
7. Utilize AI/ML-powered central test automation reporting server through platforms like reportportal.io, providing consolidated and real-time insights into test performance and issues.
These solutions not only facilitate comprehensive testing across platforms but also promote the principles of shift-left testing, enabling early feedback, implementing quality gates, and ensuring repeatability. By adopting these techniques, teams can effectively automate and execute tests, accelerating software delivery while upholding high-quality standards across Android, iOS, and web applications.
Recently uploaded (20)
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
Building API data products on top of your real-time data infrastructure
Building API data products on top of your real-time data infrastructure
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Penify - Let AI do the Documentation, you write the Code.
Penify - Let AI do the Documentation, you write the Code.
Data Integrity Checks & Lunh Algorithm
- 2. #whoami – Savan Gadhiya ■ Senior Security Consultant at NotSoSecure ■ Hacker, Security Researcher, Developer and Bounty Hunter ☺ ■ 7 years of experience in Information Technology ■ Master of Engineering in IT Systems and Network Security ■ LinkedIn: https://in.linkedin.com/in/gadhiyasavan ■ Twitter: https://twitter.com/gadhiyasavan
- 3. Information Security – Key Concepts Integrity Availability Confidentiality
- 4. Information Security – Key Concepts ■ CIA/AIC Triad – Confidentiality – Data should be accessible to authorized persons only – Integrity – Data should be unaltered – Availability – Data should be available when required to authorized entities ■ Others – Authentication – Identify the user – Non-Repudiation – Data ownership disputes – Access Control – Who should be able to access what?
- 5. Data Integrity ■ As a process, data integrity verifies that data has remained unaltered in transit from creation to reception ■ Data must be kept free from corruption, modification, insertion, deletion or replay ■ Assurance of data integrity: – Data encryption, which locks data by cipher – Data backup, which stores a copy of data in an alternate location – Access controls, including assignment of read/write privileges – Input validation, to prevent incorrect data entry – Data validation, to certify uncorrupted transmission
- 6. Checksum ■ A checksum is a small-sized datum derived from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage ■ Checksum is usually applied to an installation file after it is received from the download server. By themselves, checksums are often used to verify data integrity but are not relied upon to verify data authenticity
- 7. Luhn Algorithm – Checksum formula ■ Luhn Algorithm also known as “modulus 10” or “mod 10” algorithm ■ A simple checksum formula used to validate a variety of identification numbers ■ Widely used for: – Credit Card Numbers – International Mobile Equipment Identity(IMEI) Numbers – Social Security Numbers – Social Insurance Numbers
- 8. Luhn Algorithm Checksum Digit • Right most digit Double Second Digit • Double the every other/second digit • Starting from next digit to Checksum • Right to Left (except the checksum) Sum Digits • Sum each digits Identify the Checksum • Method 1: • Take the units digit from Sum – e.g. 67 → 7 • Subtract units digit from 10 – e.g. 10 – 7 = 3 • If sum digit ends with 0 then checksum is 0 – 60 → 0 • Method 2: • Multiply sum with 9 – e.g. 67*9 = 603 • Units digit is checksum – e.g. 603 → 3
- 9. Luhn Algorithm – Validate Checksum ■ Identify the valid number from the list – 79927398710, 79927398711, 79927398712, … , 79927398719 ■ Double the every second number – 7 9 9 2 7 3 9 8 7 1 X – (1*2) = 2, (8*2) = 16, (3*2) = 6, (2*2) = 4, (9*2) = 18 ■ Sum all individual digits – (X) + 2 + 7 + (1 + 6) + 9 + 6 + 7 + 4 + 9 + (1 + 8) + 7 = 67 ■ If the Sum is a multiple of 10, the number is valid – 60, 70, 80, 90 etc. – Hence, 67 + X = 70 – To be a next multiplication of 10 – Checksum is 3, X=3 → Valid number is 79927398713
- 10. Luhn Algorithm – Penetration Testing ■ Luhn Algorithm/mod 10 will produce only ONE valid number from 10 sequential numbers ■ Most of the banking/payment websites prevent from brute-force attack and uses rate limit – Brute force the card numbers from 4242 4242 4242 0000 to 4242 4242 4242 9999 – 10,000 possibilities - Ah rate-limit is only 1,000 ■ Unique numbers will be only 1,000 then why do we need to brute-force all? ■ How can we brute force effectively using Lunn Number? – Burp Payload Processing ■ Extension: Burp Luhn Payload Processor
- 11. Demo – Burp Luhn Payload Processor ■ How can we brute force effectively using Lunn Number? – Burp Payload Processing ■ Extension: Burp Luhn Payload Processor – Figure shows list of valid numbers
- 12. References ■ https://en.wikipedia.org/wiki/Information_security ■ https://en.wikipedia.org/wiki/Luhn_algorithm ■ https://patentimages.storage.googleapis.com/ec/2a/f7/b9af046ed26128/US295 0048.pdf ■ https://github.com/EnableSecurity/burp-luhn-payload-processor
- 13. Questions?