Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolJan Schaumann
'Always wear underwear' and other practical advice for Computer Science students.
A transcript of the talk is available at www.netmeister.org/blog/semper-ubi-sub-ubi.html
Primum non nocere - Ethical Obligations in Internet OperationsJan Schaumann
Given at Velocity NY 2015.
Full transcript here: https://www.netmeister.org/blog/primum-non-nocere.html
See also: https://www.netmeister.org/blog/velocity-ny2015-survey-results.html
Crazy Like A Fox - #Infosec Ideas That Just Might WorkJan Schaumann
Slides from an Ignite Talk given at O'Reilly Security NYC, 2016-10-31. Talk details will be posted at https://www.netmeister.org/blog/crazy-like-a-fox.html
A Choose Your Own Adventure for Devs, Ops, and other Humans
Given at ConFoo Vancouver 2016.
Write-up will be posted at https://www.netmeister.org/blog/opsec101.html
Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session I’ll cover what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.
I’ll demo attacks a CSP will block, break things, show what the different CSP directives & options will do and introduce some of the tools available to help with implementing a CSP on your sites!
SpringOne Platform 2016
Speaker: Justin Smith; Director, Pivotal
Enterprise software security traditionally resists change as a matter of unquestioned policy. Vulnerability is a function that changes with time. The probability of being exploited increases with the accumulation of long lived credentials and unpatched code. The question that must be asked is: how can a security strategy which resists change keep up with the pace of the modern threat landscape? This asymmetry in speed and adaptiveness only creates advantages for the attacker. What if the only what to increase security is to move as fast as possible? Continuously rotating credentials, patching systems, and rebuilding clusters to minimize windows of vulnerability decreases the threat profile in time and severity. This presentation will outline principles and practices of Cloud Native Security and how Cloud Foundry can be part of your strategy to increase velocity and security.
Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolJan Schaumann
'Always wear underwear' and other practical advice for Computer Science students.
A transcript of the talk is available at www.netmeister.org/blog/semper-ubi-sub-ubi.html
Primum non nocere - Ethical Obligations in Internet OperationsJan Schaumann
Given at Velocity NY 2015.
Full transcript here: https://www.netmeister.org/blog/primum-non-nocere.html
See also: https://www.netmeister.org/blog/velocity-ny2015-survey-results.html
Crazy Like A Fox - #Infosec Ideas That Just Might WorkJan Schaumann
Slides from an Ignite Talk given at O'Reilly Security NYC, 2016-10-31. Talk details will be posted at https://www.netmeister.org/blog/crazy-like-a-fox.html
A Choose Your Own Adventure for Devs, Ops, and other Humans
Given at ConFoo Vancouver 2016.
Write-up will be posted at https://www.netmeister.org/blog/opsec101.html
Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session I’ll cover what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.
I’ll demo attacks a CSP will block, break things, show what the different CSP directives & options will do and introduce some of the tools available to help with implementing a CSP on your sites!
SpringOne Platform 2016
Speaker: Justin Smith; Director, Pivotal
Enterprise software security traditionally resists change as a matter of unquestioned policy. Vulnerability is a function that changes with time. The probability of being exploited increases with the accumulation of long lived credentials and unpatched code. The question that must be asked is: how can a security strategy which resists change keep up with the pace of the modern threat landscape? This asymmetry in speed and adaptiveness only creates advantages for the attacker. What if the only what to increase security is to move as fast as possible? Continuously rotating credentials, patching systems, and rebuilding clusters to minimize windows of vulnerability decreases the threat profile in time and severity. This presentation will outline principles and practices of Cloud Native Security and how Cloud Foundry can be part of your strategy to increase velocity and security.
PuppetConf 2016: How You Actually Get Hacked – Ben Hughes, EtsyPuppet
Here are the slides from Ben Hughes's PuppetConf 2016 presentation called How You Actually Get Hacked. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
DevSecOps - a 2 year journey of success & failure!Stu Hirst
I've spent over 2 years at Skyscanner 'doing security stuff'. There have been lots of successes, but also some failure - here's a whistle-stop run-down!
How to Rob a Bank: The SWIFT and Easy Way to Grow Your Online SavingsCheryl Biswas
Bank heists make great stories. This year, we’ve got some really good stories to tell courtesy of a trusted network known as SWIFT, and some banks that believed they were inherently protected by virtue of being connected – except they weren’t. Hundreds of millions of dollars have revealed some ugly truths and dangerous assumptions. In this security fairy tale we’ll talk about scary godmothers, big bad wolves, fire breathing dragons and what’s inherently wrong with the banking system. Because the emperors have no clothes on.
Presumptive Design: "It's not research! We're getting stuff done!"UXPA International
Agencies and client UX professionals alike point out a growing trend: companies are becoming allergic to research. Budgets are shrinking and making the case to leaders grows more difficult each month.
Working in small groups, professionals from across the UX spectrum (research, design and communications) will learn Presumptive Design (PrD), a technique for capturing the unmet, and often unspoken, needs of our stakeholders.
PrD *is* a research method, but because it begins with designing an artifact, stakeholders are far more receptive to it as a process. Further, the method is fast, reducing time *and cost* to insights.
Attendees will learn the theoretical frameworks behind PrD as well as gain hands-on experience practicing the method. By the end of the course, attendees will have completed one full cycle of a PrD engagement, including feedback from external users.
CONFidence 2018: XSS is dead. We just don't get it (Mario Heiderich)PROIDEA
XSS is about twenty years old by now and appears to be alive and kicking. JavaScript alerts are still popping left and right and bug bounty programs are drowning in submissions. But is XSS really still a problem of our time? Or is it just an undead foul-smelling zombie vulnerability from the dark ages of string concatenation that doesn't wanna perish because we are just too f**** stubborn? This talk will be an hour-long rant (yes, swearwords, leave your kids at home), paired with a stroll through the history of XSS and related issues. We will go back into the year 1998 and see how it all started, how things developed, what we tried to do against it and how hard we failed every single time. We will also look at the future and predict what is about to happen next. Mostly nothing - but good to know, right? We will not only look at our own failures but also see how the entire infrastructure and monetization of the web contributed to us being simply not capable or even just willing to fix XSS. And we might as well see if any of those behavioral and structural patterns can be compared to other human failures - and see if there is something we all can learn. Or, at least, agree that we knew it all along and are all on the same page.
SAAS IS THE ENEMY OF OPEN SOURCE GOOD THING THAT WE ARE IN THE POST-SAAS ERAOri Pekelman
My talk from Open Source Summit Paris 2016, on how our multi-cloud second generation PaaS, Platform.sh allows any Open Source vendor to create a sustainable non-evil SaaS model and what this means for enterprise customers. How Control and Productivity can be aligned.
Mike McQuaid — How to Not Fail at Using Open-Source Software in Your Organisa...Turing Fest
Almost every company today uses open source software to do business (whether they know it or not). Almost every company isn’t using open source software as effectively as they could. Learn from GitHub’s Mike McQuaid about how to use open source software in your organisation without succumbing to the most common of pitfalls.
This presentation will approach the unique challenges that UX professionals face when crafting their career path and finding roles that are both appropriate fits for their existing skillsets and offer opportunities to grow. It will help the attendees understand UX career options and help them craft their work samples and personal interactions to maximize their chances for success, whatever that looks like to them. Participants will learn to use the core concepts they utilize for their project work to how they present themselves and their work.
I’ll cover:
The varying career paths within UX and definitions of success
Information on what employers are looking for in UX professionals
Ways to utilize existing UX skills to illustrate strengths and articulate value within a work environment or to potential employers
Tips to improve work samples to demonstrate expertise
Methods to present and brands oneself
A Day in the Life of a CISO
The intent of this presentation is to present the diverse nature of being a CISO today within the context of a public, regulated and targeted organization. The content is to both inspire and warn those whose career choices may include the CISO destination.
Mark Nagiel SVP/CISO, PrimeLending (4th. largest mortgage company in the US)
Director, Information Security (MetroPCS/T-Mobile)
VP, Technology/VP Information Security (InCharge Institute - Financial Services)
Co-Founder, Network Audit Systems, Inc. (Acquired by Armor Holdings (NYSE company)
InfoSec Chief (Niagara Mohawk Power Corp.)
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security".
In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more.
Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software.
From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”
The Razors Edge - Cutting your TLS BaggageJan Schaumann
A talk on effecting change across a large organization, given at O'Reilly Security 2017.
Write-up will be posted at https://www.netmeister.org/blog/razors-edge.html
PuppetConf 2016: How You Actually Get Hacked – Ben Hughes, EtsyPuppet
Here are the slides from Ben Hughes's PuppetConf 2016 presentation called How You Actually Get Hacked. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
DevSecOps - a 2 year journey of success & failure!Stu Hirst
I've spent over 2 years at Skyscanner 'doing security stuff'. There have been lots of successes, but also some failure - here's a whistle-stop run-down!
How to Rob a Bank: The SWIFT and Easy Way to Grow Your Online SavingsCheryl Biswas
Bank heists make great stories. This year, we’ve got some really good stories to tell courtesy of a trusted network known as SWIFT, and some banks that believed they were inherently protected by virtue of being connected – except they weren’t. Hundreds of millions of dollars have revealed some ugly truths and dangerous assumptions. In this security fairy tale we’ll talk about scary godmothers, big bad wolves, fire breathing dragons and what’s inherently wrong with the banking system. Because the emperors have no clothes on.
Presumptive Design: "It's not research! We're getting stuff done!"UXPA International
Agencies and client UX professionals alike point out a growing trend: companies are becoming allergic to research. Budgets are shrinking and making the case to leaders grows more difficult each month.
Working in small groups, professionals from across the UX spectrum (research, design and communications) will learn Presumptive Design (PrD), a technique for capturing the unmet, and often unspoken, needs of our stakeholders.
PrD *is* a research method, but because it begins with designing an artifact, stakeholders are far more receptive to it as a process. Further, the method is fast, reducing time *and cost* to insights.
Attendees will learn the theoretical frameworks behind PrD as well as gain hands-on experience practicing the method. By the end of the course, attendees will have completed one full cycle of a PrD engagement, including feedback from external users.
CONFidence 2018: XSS is dead. We just don't get it (Mario Heiderich)PROIDEA
XSS is about twenty years old by now and appears to be alive and kicking. JavaScript alerts are still popping left and right and bug bounty programs are drowning in submissions. But is XSS really still a problem of our time? Or is it just an undead foul-smelling zombie vulnerability from the dark ages of string concatenation that doesn't wanna perish because we are just too f**** stubborn? This talk will be an hour-long rant (yes, swearwords, leave your kids at home), paired with a stroll through the history of XSS and related issues. We will go back into the year 1998 and see how it all started, how things developed, what we tried to do against it and how hard we failed every single time. We will also look at the future and predict what is about to happen next. Mostly nothing - but good to know, right? We will not only look at our own failures but also see how the entire infrastructure and monetization of the web contributed to us being simply not capable or even just willing to fix XSS. And we might as well see if any of those behavioral and structural patterns can be compared to other human failures - and see if there is something we all can learn. Or, at least, agree that we knew it all along and are all on the same page.
SAAS IS THE ENEMY OF OPEN SOURCE GOOD THING THAT WE ARE IN THE POST-SAAS ERAOri Pekelman
My talk from Open Source Summit Paris 2016, on how our multi-cloud second generation PaaS, Platform.sh allows any Open Source vendor to create a sustainable non-evil SaaS model and what this means for enterprise customers. How Control and Productivity can be aligned.
Mike McQuaid — How to Not Fail at Using Open-Source Software in Your Organisa...Turing Fest
Almost every company today uses open source software to do business (whether they know it or not). Almost every company isn’t using open source software as effectively as they could. Learn from GitHub’s Mike McQuaid about how to use open source software in your organisation without succumbing to the most common of pitfalls.
This presentation will approach the unique challenges that UX professionals face when crafting their career path and finding roles that are both appropriate fits for their existing skillsets and offer opportunities to grow. It will help the attendees understand UX career options and help them craft their work samples and personal interactions to maximize their chances for success, whatever that looks like to them. Participants will learn to use the core concepts they utilize for their project work to how they present themselves and their work.
I’ll cover:
The varying career paths within UX and definitions of success
Information on what employers are looking for in UX professionals
Ways to utilize existing UX skills to illustrate strengths and articulate value within a work environment or to potential employers
Tips to improve work samples to demonstrate expertise
Methods to present and brands oneself
A Day in the Life of a CISO
The intent of this presentation is to present the diverse nature of being a CISO today within the context of a public, regulated and targeted organization. The content is to both inspire and warn those whose career choices may include the CISO destination.
Mark Nagiel SVP/CISO, PrimeLending (4th. largest mortgage company in the US)
Director, Information Security (MetroPCS/T-Mobile)
VP, Technology/VP Information Security (InCharge Institute - Financial Services)
Co-Founder, Network Audit Systems, Inc. (Acquired by Armor Holdings (NYSE company)
InfoSec Chief (Niagara Mohawk Power Corp.)
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security".
In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more.
Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software.
From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”
Similar to Everything is Awful (And You're Not Helping) (18)
The Razors Edge - Cutting your TLS BaggageJan Schaumann
A talk on effecting change across a large organization, given at O'Reilly Security 2017.
Write-up will be posted at https://www.netmeister.org/blog/razors-edge.html
Safely Drinking from the Data WaterhoseJan Schaumann
An ingite talk given at DataGotham 2012 about how we extract security related events and alerts from our logs. I repeated the same talk at DevOpsDays NYC 2013.
A talk on how system engineers and administrators, the people who maintain the infrastructure of the internet and who write a lot of code without (usually) having any training in software engineering practices, can improve their tools. Originally given at NYCBug in June 2009.
A presentation on how changes in Daylight Saving Time were handled at Yahoo!. Originally given at BayLISA in May 2007. Slides are available here:
netmeister.org/misc/dst_yahoo.pdf
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
32. @jschauma
BSidesSF
2016
Absolutely
secure
systems
do
not
exist.
To
halve
your
vulnerability,
you
have
to
double
your
expenditure.
33. @jschauma
BSidesSF
2016
Absolutely
secure
systems
do
not
exist.
To
halve
your
vulnerability,
you
have
to
double
your
expenditure.
Cryptography
is
typically
bypassed,
not
penetrated.
35. 💡
@jschauma
BSidesSF
2016
Absolutely
secure
systems
do
not
exist.
Keep
calm,
that’s
fine.
Raising
the
cost
of
an
aaack
is
oben
sufficient.
Know
your
Threat
Model.