Investigation about the Chinese Great Cannon and information about Great Firewall as introduction.
Deny of Service attack to Github repositories.
This repositories contain information about how can broke the Great Firewall
[CB18] Discover traces of attackers from the remains of disposable attack inf...CODE BLUE
In order to detect malicious activities, we often make use of blacklists. The blacklists are useful, however malicious domain names in the blacklists can be considered static threat intelligence after we receive them. On the other hand, the behavior of the malicious domain names depends on adversaries. Advanced cyber adversaries often change their attack infrastructure in a short time in order to avoid tracking. In the extreme cases, the malicious domain names expire soon after we receive them from the blacklists.
Previous studies have paid attention to the determination problem for unidentified domain names. Once some unidentified domain name prove to be malicious, operators simply register the malicious domain names with their blacklists and wait for updates.
We have already presented our research regarding “Detection index learning based on cyber threat intelligence and its application” and continue to concentrate on an effective utilization of known threat intelligence. In this presentation, we will present an extended framework for examining indicators based on Domain Name System (DNS) actively and passively. In short, for malicious domain names from blacklists, while we make query regarding the domain names (Active DNS), we learn the history of the domain names from the point of view of DNS for both the survival and disposable domain names (Passive DNS). Then we make opinion, for example, we guess that some malicious domain name continue to be used, on the other hand, other one disappears soon then we recommend that you have to prepare for the next malicious activities. Based on the extended framework, we implement our indicator diagnosis system. We will show several case studies regarding the diagnosis results.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
NOTES
--
Slide 8
Some of the categories we will discuss are very broad like this one.
Untrusted command – get / post / rest style params
Clicks
Surprise inputs
Slide 13
Very broad too
Little or no auth
Auth with some bypass possibilities
Some problem with how session is generated, managed, expired
Insufficient sessionID protection
Slide 18
When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.
Slide 27
Security hardening throughout Application Stack
Unnecessary features enabled or installed?
ports, services, pages, accounts, privileges
Security settings in your development frameworks (e.g., Struts, Spring, ASP.NET) and libraries not set to secure values?
Default accounts/ passwords still enabled and unchanged?
Error handling reveal stack traces or other overly informative error messages to users?
Software out of date?
OS, Web Server, DBMS, applications, code libraries
Slide 41
sign up for updates or do regular audits to see versions
there might be technical dependencies
easily exploited by attackers using metaspoilt, info gathering using headers & responses, etc.
Slide 47
We can look at the architecture, give you tips around what you could use, what would be good. This would avoid making any major changes when the product is ready which would save everyone’s time in the long run.
Have sprints with dedicated security features and use those as a selling point for our security conscious customers
Slide 48
Carefully look at the license to make sure you can use it in your type of product. Ask Fallon if you are not sure
Research how much support it gets, how popular it is
Look to find out any vulnerabilities in it before you start using it
Maintain it; Sign up for CVE updates
Ask us if you need to get something reviewed
Slide 50
Not only better and more features
Security vulnerabilities get patched in new versions
New versions get most attention by the companies and old ones stop getting support after some time fully
Most Security Support by the community
Turn on auto updates for Chrome; always look at updates on AppStore
Slide 51
Use different passwords for different sites
Password managers let you set complexity, generate random passwords, etc.
Slide 52
Only grant access to whats needed to get the job done
employee leaves; mistakes; vulnerabilities in other s/w which leverages this;
Don’t install redundant software, plugins, etc.
This opens up so much risk
People forget to uninstall them; s/w doesn't get much attention from community; open ports are left; boom exploited by attackers;
Slide 55
To prevent unintended execution actions
e.g., fail open auth errors
Leak minimal info about infrastructure as this info is leveraged by attackers to carry out further attacks
Fuzzing can be an effecive way to uncover bugs and vulnerabilities. Bug bounty hunters, penetration testers and developers can benefit from this quick and efficient technique.
[CB18] Discover traces of attackers from the remains of disposable attack inf...CODE BLUE
In order to detect malicious activities, we often make use of blacklists. The blacklists are useful, however malicious domain names in the blacklists can be considered static threat intelligence after we receive them. On the other hand, the behavior of the malicious domain names depends on adversaries. Advanced cyber adversaries often change their attack infrastructure in a short time in order to avoid tracking. In the extreme cases, the malicious domain names expire soon after we receive them from the blacklists.
Previous studies have paid attention to the determination problem for unidentified domain names. Once some unidentified domain name prove to be malicious, operators simply register the malicious domain names with their blacklists and wait for updates.
We have already presented our research regarding “Detection index learning based on cyber threat intelligence and its application” and continue to concentrate on an effective utilization of known threat intelligence. In this presentation, we will present an extended framework for examining indicators based on Domain Name System (DNS) actively and passively. In short, for malicious domain names from blacklists, while we make query regarding the domain names (Active DNS), we learn the history of the domain names from the point of view of DNS for both the survival and disposable domain names (Passive DNS). Then we make opinion, for example, we guess that some malicious domain name continue to be used, on the other hand, other one disappears soon then we recommend that you have to prepare for the next malicious activities. Based on the extended framework, we implement our indicator diagnosis system. We will show several case studies regarding the diagnosis results.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
NOTES
--
Slide 8
Some of the categories we will discuss are very broad like this one.
Untrusted command – get / post / rest style params
Clicks
Surprise inputs
Slide 13
Very broad too
Little or no auth
Auth with some bypass possibilities
Some problem with how session is generated, managed, expired
Insufficient sessionID protection
Slide 18
When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.
Slide 27
Security hardening throughout Application Stack
Unnecessary features enabled or installed?
ports, services, pages, accounts, privileges
Security settings in your development frameworks (e.g., Struts, Spring, ASP.NET) and libraries not set to secure values?
Default accounts/ passwords still enabled and unchanged?
Error handling reveal stack traces or other overly informative error messages to users?
Software out of date?
OS, Web Server, DBMS, applications, code libraries
Slide 41
sign up for updates or do regular audits to see versions
there might be technical dependencies
easily exploited by attackers using metaspoilt, info gathering using headers & responses, etc.
Slide 47
We can look at the architecture, give you tips around what you could use, what would be good. This would avoid making any major changes when the product is ready which would save everyone’s time in the long run.
Have sprints with dedicated security features and use those as a selling point for our security conscious customers
Slide 48
Carefully look at the license to make sure you can use it in your type of product. Ask Fallon if you are not sure
Research how much support it gets, how popular it is
Look to find out any vulnerabilities in it before you start using it
Maintain it; Sign up for CVE updates
Ask us if you need to get something reviewed
Slide 50
Not only better and more features
Security vulnerabilities get patched in new versions
New versions get most attention by the companies and old ones stop getting support after some time fully
Most Security Support by the community
Turn on auto updates for Chrome; always look at updates on AppStore
Slide 51
Use different passwords for different sites
Password managers let you set complexity, generate random passwords, etc.
Slide 52
Only grant access to whats needed to get the job done
employee leaves; mistakes; vulnerabilities in other s/w which leverages this;
Don’t install redundant software, plugins, etc.
This opens up so much risk
People forget to uninstall them; s/w doesn't get much attention from community; open ports are left; boom exploited by attackers;
Slide 55
To prevent unintended execution actions
e.g., fail open auth errors
Leak minimal info about infrastructure as this info is leveraged by attackers to carry out further attacks
Fuzzing can be an effecive way to uncover bugs and vulnerabilities. Bug bounty hunters, penetration testers and developers can benefit from this quick and efficient technique.
Buje trifuncional aprovecha- hendrickson- 13510GAFF Official
Aprovecha nuestras promociones de Buje trifuncional. Sólo GAFF garantiza que llegues seguro y sin contratiempos a tu destino. *Aplica restricciones www.gaff.com.mx
Top 15 brands which you may find difficult to Say or pronounce ajithnandanam
15 top brands which you may find difficult to pronounce. How to Pronounce or Say HERMES, GUCCI, MIELE, PORSCHE, HOEGAARDEN, FAGE, ZAGAT, STILA, STELLA ARTOIS, GIVENCHY, GUERLAIN, KINERASE, ADIDAS, SAUCONY, BOEHRINGER INGELHEIM
Drug abuse hurts the people who take drugs AND the people around them, including families, kids, and babies who aren't yet born. Drug abuse hurts the body and the brain, sometimes forever.
A presentation on Case Theory from the viewpoint of Radical Minimalism. More to be found in papers available online. Special thanks to Katarzyna Miechowicz-Mathiasen for providing Polish examples and hosting the lectures in which this material was presented.
403. Experiential Education with Overnight Field Trips
This session will give practical advice on how to plan and implement a day-long or overnight field trip for students. Such trips allow students from diverse backgrounds to experience regional, national, and cultural treasures, and give basis for classroom discussion, as well as 21st century skills.
Presenter(s): Kristen Richardson, Angie Cannon
Location: Auditorium II
Yeast two hybrid system for Protein Protein Interaction Studiesajithnandanam
Yeast Two Hybrid system uses a reporter gene to detect the interaction of pair of proteins inside the yeast cell nucleus. In the yeast Two Hybrid System, The interaction of target protein to the protein will bring together transcriptional activator, which then switches on the expression of reporter gene.
All of Pixar’s movies enthralled the audiences, received lot of positive reception and greatly influenced the world culture in a positive way, a fine example of creativity and creative endeavors of people who worked behind the sets.
Hunting Attackers with Network Audit TrailsLancope, Inc.
Sophisticated, targeted attacks have become increasing difficult to detect and analyze. Attackers can employ 0-day vulnerabilities and exploit obfuscation techniques to evade detection systems and “fly under the radar” for long periods of time.
Gartner estimates 85% of breaches go completely undetected and 92% of the detected breaches are reported by third parties. New strategies for identifying network attack activity are necessary.
Learn how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks and used to create an audit trail of network activity that can be analyzed, both automatically and by skilled investigators, to uncover anomalous traffic.
Lancope will demonstrate how to these records can be used to:
Discover active attacks in each phase of the attacker’s “kill chain.”
Determine the scope of successful breaches and document the timeline of the attacks
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
What is it?
How to prevent?
How to test my application web?
what say OWASP about it
All about SQL injection and Cross Site Scripting XSS
Tools to test our application web
Rules to prevent attacks from Hackers on our web
Buje trifuncional aprovecha- hendrickson- 13510GAFF Official
Aprovecha nuestras promociones de Buje trifuncional. Sólo GAFF garantiza que llegues seguro y sin contratiempos a tu destino. *Aplica restricciones www.gaff.com.mx
Top 15 brands which you may find difficult to Say or pronounce ajithnandanam
15 top brands which you may find difficult to pronounce. How to Pronounce or Say HERMES, GUCCI, MIELE, PORSCHE, HOEGAARDEN, FAGE, ZAGAT, STILA, STELLA ARTOIS, GIVENCHY, GUERLAIN, KINERASE, ADIDAS, SAUCONY, BOEHRINGER INGELHEIM
Drug abuse hurts the people who take drugs AND the people around them, including families, kids, and babies who aren't yet born. Drug abuse hurts the body and the brain, sometimes forever.
A presentation on Case Theory from the viewpoint of Radical Minimalism. More to be found in papers available online. Special thanks to Katarzyna Miechowicz-Mathiasen for providing Polish examples and hosting the lectures in which this material was presented.
403. Experiential Education with Overnight Field Trips
This session will give practical advice on how to plan and implement a day-long or overnight field trip for students. Such trips allow students from diverse backgrounds to experience regional, national, and cultural treasures, and give basis for classroom discussion, as well as 21st century skills.
Presenter(s): Kristen Richardson, Angie Cannon
Location: Auditorium II
Yeast two hybrid system for Protein Protein Interaction Studiesajithnandanam
Yeast Two Hybrid system uses a reporter gene to detect the interaction of pair of proteins inside the yeast cell nucleus. In the yeast Two Hybrid System, The interaction of target protein to the protein will bring together transcriptional activator, which then switches on the expression of reporter gene.
All of Pixar’s movies enthralled the audiences, received lot of positive reception and greatly influenced the world culture in a positive way, a fine example of creativity and creative endeavors of people who worked behind the sets.
Hunting Attackers with Network Audit TrailsLancope, Inc.
Sophisticated, targeted attacks have become increasing difficult to detect and analyze. Attackers can employ 0-day vulnerabilities and exploit obfuscation techniques to evade detection systems and “fly under the radar” for long periods of time.
Gartner estimates 85% of breaches go completely undetected and 92% of the detected breaches are reported by third parties. New strategies for identifying network attack activity are necessary.
Learn how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks and used to create an audit trail of network activity that can be analyzed, both automatically and by skilled investigators, to uncover anomalous traffic.
Lancope will demonstrate how to these records can be used to:
Discover active attacks in each phase of the attacker’s “kill chain.”
Determine the scope of successful breaches and document the timeline of the attacks
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
What is it?
How to prevent?
How to test my application web?
what say OWASP about it
All about SQL injection and Cross Site Scripting XSS
Tools to test our application web
Rules to prevent attacks from Hackers on our web
Evenge is an event management application, which allows us to create, notify and create reports based on the audience.
All this of course on a Cloud environment, ie an application entirely in the cloud, with all the advantages that entails.
Broadcast Social Networks, E-mail and Blogs.
Está implementado en Google App Engine y usa los framework Jinja, Webapp2 y Bootstrap
A introduction about apache, how can up performance of your Apache making some little things. You can make some changes about parameters and configurations, and get two time the performance your server.
A introduction about JQuery. Some examples how make a tooltips or Ajax transaction. Also how make a validation on a form and references to examples code writed by me.
The implementation of two telematic services. One is a web server and the other is a document manager server. Can show how make test and implements telematic services
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
6. How do Great Firewall block sites?
1. The Great Firewall search in DNS servers if
the domain is censored
6
7. How do Great Firewall block sites?
1. The Great Firewall search in DNS servers if
the domain is censored
2. If IP is obtained, Great Firewall search if
this IP is saved as blocked
7
8. How do Great Firewall block sites?
1. The Great Firewall search in DNS servers if
the domain is censored
2. If IP is obtained, Great Firewall search if
this IP is saved as blocked
3. The Great Firewall analyse the URL to find
word forbidden
8
9. How do Great Firewall block sites?
1. The Great Firewall search in DNS servers if
the domain is censored
2. If IP is obtained, Great Firewall search if
this IP is saved as blocked
3. The Great Firewall analyse the URL to find
word forbidden
4. The Great Firewall search text forbidden
that is sowed as text plain 9
10. How do Great Firewall block sites?
1. The Great Firewall search in DNS servers if
the domain is censored
2. If IP is obtained, Great Firewall search if
this IP is saved as blocked
3. The Great Firewall analyse the URL to find
word forbidden
4. The Great Firewall search text forbidden
that is sowed as text plain 10
11. How do Great Firewall block sites?
1. The Great Firewall search in DNS
servers if the domain is censored
2. If IP is obtained, Great Firewall
search if this IP is saved as blocked
3. The Great Firewall analyse the URL to
find word forbidden
4. The Great Firewall search text
forbidden that is sowed as text plain
11
12. How do Great Firewall block sites?
1. The Great Firewall search in DNS
servers if the domain is censored
2. If IP is obtained, Great Firewall
search if this IP is saved as blocked
3. The Great Firewall analyse the URL to
find word forbidden
4. The Great Firewall search text
forbidden that is sowed as text plain
12
26. Great Cannon discovered
Great cannon was discovered as result of DDoS on Github
repositories when a lot page was allocated as mirror of
forbidden sites.
https://www.fayerwayer.com/2015/04/asi-es-como-china-ataco-y-tumbo-github-con-su-gran-canon/ 26
27. Conclusion
China have a new weapon to censor by
force
China goverment don’t recognize this
attack and The Great Cannon but all
investigation point to this, so all this
is a augmented supposition
It’s effective? Now, Chinese people are
seeing the same pages attacked
27
28. Conclusion, bibliography and more to investigate
Citizen Lab investigation: https://citizenlab.
org/2015/04/chinas-great-cannon/
GreatFire.org: https://en.greatfire.
org/blog/2015/mar/chinese-authorities-compromise-millions-
cyberattacks
How the Grand Cannon was discovered: http://arstechnica.
com/security/2015/04/ddos-attacks-that-crippled-github-
linked-to-great-firewall-of-china/
28