The document discusses various cybersecurity threats such as large-scale attacks on universities and vulnerabilities like Heartbleed, as well as new types of attacks like spear phishing and watering hole attacks. It also covers security incidents like operations Aurora and Shady Rat, which involved cyber espionage targeting governments and corporations. The document stresses the importance of information security and recommends best practices for users like choosing strong passwords and updating software regularly.
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
The biggest story in 2014 was, of course, the Heartbleed bug, which shook the foundations of Internet security. This wasn’t about criminals being clever; it was about the inherent vulnerabilities of human-built software, and it reminded everyone of the need for vigilance, better implementation, and more diligent website security.
Of course, while Heartbleed hit the headlines, criminals were still hard at work making their own opportunities for exploitation, theft and disruption. 2014 saw criminals grow more professional, sophisticated, and aggressive in their tactics to the detriment of businesses and individuals alike.
Two large corporations have been crippled by recent information security breaches. It may not be hard to quantify the losses in terms of lost revenue and profits but what will be hard to quantify are the losses to reputation. Cited as two of the most damaging cyber-attacks on corporate America, this presentation looks at what went wrong and what could have been done to prevent these situations.
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
The biggest story in 2014 was, of course, the Heartbleed bug, which shook the foundations of Internet security. This wasn’t about criminals being clever; it was about the inherent vulnerabilities of human-built software, and it reminded everyone of the need for vigilance, better implementation, and more diligent website security.
Of course, while Heartbleed hit the headlines, criminals were still hard at work making their own opportunities for exploitation, theft and disruption. 2014 saw criminals grow more professional, sophisticated, and aggressive in their tactics to the detriment of businesses and individuals alike.
Two large corporations have been crippled by recent information security breaches. It may not be hard to quantify the losses in terms of lost revenue and profits but what will be hard to quantify are the losses to reputation. Cited as two of the most damaging cyber-attacks on corporate America, this presentation looks at what went wrong and what could have been done to prevent these situations.
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
If last year’s presentation on the SANS 20 felt like more of a rant than a practical application of elite IT knowledge, Ian Trump’s technical track presentation is going to unleash GFI MAX as a security dashboard like nothing you have seen.
The Octopi team has leveraged network scanning and event log checks, and Ian takes the GFI MAX dashboard to a whole new level. MSP’s can take his code and research and immediately apply it to their practices to secure their customers from cyber threats. Dehydrated from the summer information security conferences, Ian will give you the threat intel you need to be on the lookout for in the months ahead.
Besides all the GFI MAX goodness, being part of a live demo to find APT, and seeing Ian link Human Rights, Market Research, Ice, Law, Iggy Azalea, War Ferrets, Christian Studies, Event Auditing, Security Tools, Taylor Swift and How we can all fix the cyber problem into one epic presentation – well, you don’t want to miss this.
Did you know the average time it takes to remediate a breached social account is 5.5 hours? Our report, The Social Takeover, helps you understand why social media security is important for any organization to address.
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
Malicious Uniform Resource Locator (URL) is a frequent and severe menace to cybersecurity. Malicious URLs are used to extract unsolicited information and trick inexperienced end users as a sufferer of scams and create losses of billions of money each year. It is crucial to identify and appropriately respond to such URLs. Usually, this discovery is made by the practice and use of blacklists in the cyber world. However, blacklists cannot be exhaustive, and cannot recognize zero-day malicious URLs. So to increase the observation of malicious URL indicators, machine learning procedures should be incorporated. In this study, we have developed a complete prototype of Malicious URL Detection using machine learning methods. In particular, we have attempted an exact formulation of Malicious URL exposure from a machine learning perspective and proposed an approach using the AdaBoost algorithm - the proposed approach has brought forward more accuracy than other existing algorithms.
Welcome to the July edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
The average number of spear-phishing attacks per day has dropped back to a similar level seen in May. The .doc file type continues to be the most common attachment type used in spear-phishing attacks, followed by .exe files. Organizations with 2500+ employees were the most likely to be targeted, which non-traditional services, such as Business, Amusement, and Repair-related services, lead the Top-Ten Industries targeted, followed by Manufacturing.
The largest data breach reported in July resulted in the exposure of 900,000 identities. Hackers continue to be responsible for 49 % of data breaches over the last 12 months, most often exposing real names, government ID numbers, such as Social Security numbers, and home addresses in the data breaches. W32.Sality and W32.Ramnit variants continue to dominate the top-ten malware list. The most common OSX threat seen was OSX.RSPlug.A, making up 38 % of all OSX malware found on OSX Endpoints.
There were 575 vulnerabilities disclosed during the month of July, though no zero-day vulnerabilities discovered. Internet Explorer has reported the most browser vulnerabilities in the last 12 months, while Oracle’s Java reported the most plug-in vulnerabilities over the same time period.
There were four Android malware families discovered in July. Of the mobile threats discovered in the last 12 months, 24 % steal information from the device and 22 % track the device’s user. In terms of social networking scams, 63 % were fake offerings and 27 % were manually shared scams.
Finally, the phishing rate was down in July, at one in 1,299 emails, down from one in 496 emails in June. The global spam rate was 63.7 % for the month of July, one out of every 351 emails contained a virus, and of the email traffic in the month of July, 7.9 % contained a malicious URL. We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
The Document describes the SQL server security need and securing.
Server Attack
Port Scanning
Instance Name Browsing
Exposing Database Names
Accessing administrative objects
Data threats
Data theft.
Business logic theft.
Database object change/drop
>>
Authentication
Authorization
The process of verifying that user/person claiming is genuine or not
SQL Server supports two authentication modes.
Windows authentication mode
Mixed mode.
>>
Do
Install only required components.
Disable unnecessary features and services.
Install recent fixes & service packs from Microsoft.
Enforce strong password policy,
Disable SA account or rename it.
Change default port
Hide instances
Valid every input.
Don’t use dynamic queries
>>
Don't
Don’t Install sample database on Production server.
Never Use SA account to interact application to database
Don’t remove the system databases/ system stored procedure.
Don’t use dictionary passwords.
Don’t treat input safe be valid all.
Don’t disable automatic updated for SQL server on production.
Don’t take manual backup also schedule things using scripts/ management plans
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
If last year’s presentation on the SANS 20 felt like more of a rant than a practical application of elite IT knowledge, Ian Trump’s technical track presentation is going to unleash GFI MAX as a security dashboard like nothing you have seen.
The Octopi team has leveraged network scanning and event log checks, and Ian takes the GFI MAX dashboard to a whole new level. MSP’s can take his code and research and immediately apply it to their practices to secure their customers from cyber threats. Dehydrated from the summer information security conferences, Ian will give you the threat intel you need to be on the lookout for in the months ahead.
Besides all the GFI MAX goodness, being part of a live demo to find APT, and seeing Ian link Human Rights, Market Research, Ice, Law, Iggy Azalea, War Ferrets, Christian Studies, Event Auditing, Security Tools, Taylor Swift and How we can all fix the cyber problem into one epic presentation – well, you don’t want to miss this.
Did you know the average time it takes to remediate a breached social account is 5.5 hours? Our report, The Social Takeover, helps you understand why social media security is important for any organization to address.
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
Malicious Uniform Resource Locator (URL) is a frequent and severe menace to cybersecurity. Malicious URLs are used to extract unsolicited information and trick inexperienced end users as a sufferer of scams and create losses of billions of money each year. It is crucial to identify and appropriately respond to such URLs. Usually, this discovery is made by the practice and use of blacklists in the cyber world. However, blacklists cannot be exhaustive, and cannot recognize zero-day malicious URLs. So to increase the observation of malicious URL indicators, machine learning procedures should be incorporated. In this study, we have developed a complete prototype of Malicious URL Detection using machine learning methods. In particular, we have attempted an exact formulation of Malicious URL exposure from a machine learning perspective and proposed an approach using the AdaBoost algorithm - the proposed approach has brought forward more accuracy than other existing algorithms.
Welcome to the July edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
The average number of spear-phishing attacks per day has dropped back to a similar level seen in May. The .doc file type continues to be the most common attachment type used in spear-phishing attacks, followed by .exe files. Organizations with 2500+ employees were the most likely to be targeted, which non-traditional services, such as Business, Amusement, and Repair-related services, lead the Top-Ten Industries targeted, followed by Manufacturing.
The largest data breach reported in July resulted in the exposure of 900,000 identities. Hackers continue to be responsible for 49 % of data breaches over the last 12 months, most often exposing real names, government ID numbers, such as Social Security numbers, and home addresses in the data breaches. W32.Sality and W32.Ramnit variants continue to dominate the top-ten malware list. The most common OSX threat seen was OSX.RSPlug.A, making up 38 % of all OSX malware found on OSX Endpoints.
There were 575 vulnerabilities disclosed during the month of July, though no zero-day vulnerabilities discovered. Internet Explorer has reported the most browser vulnerabilities in the last 12 months, while Oracle’s Java reported the most plug-in vulnerabilities over the same time period.
There were four Android malware families discovered in July. Of the mobile threats discovered in the last 12 months, 24 % steal information from the device and 22 % track the device’s user. In terms of social networking scams, 63 % were fake offerings and 27 % were manually shared scams.
Finally, the phishing rate was down in July, at one in 1,299 emails, down from one in 496 emails in June. The global spam rate was 63.7 % for the month of July, one out of every 351 emails contained a virus, and of the email traffic in the month of July, 7.9 % contained a malicious URL. We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
The Document describes the SQL server security need and securing.
Server Attack
Port Scanning
Instance Name Browsing
Exposing Database Names
Accessing administrative objects
Data threats
Data theft.
Business logic theft.
Database object change/drop
>>
Authentication
Authorization
The process of verifying that user/person claiming is genuine or not
SQL Server supports two authentication modes.
Windows authentication mode
Mixed mode.
>>
Do
Install only required components.
Disable unnecessary features and services.
Install recent fixes & service packs from Microsoft.
Enforce strong password policy,
Disable SA account or rename it.
Change default port
Hide instances
Valid every input.
Don’t use dynamic queries
>>
Don't
Don’t Install sample database on Production server.
Never Use SA account to interact application to database
Don’t remove the system databases/ system stored procedure.
Don’t use dictionary passwords.
Don’t treat input safe be valid all.
Don’t disable automatic updated for SQL server on production.
Don’t take manual backup also schedule things using scripts/ management plans
Safe never sleep - a peak into the IT underworld. Security briefing from McAfee and Global Micro - Microsoft Hosting Partner of the Year 2010 and 2011. Presentation by Christo Van Staden www.globalmicro.co.za. Follow me on twitter @jjrmilner
Fair ranking in competitive bidding procurement: a case analysisMichael Soltys
Fair and transparent procurement procedures are a cornerstone of a well functioning free-market economy. In particular, bidding is a mechanism whereby companies compete for contracts; when functioning well, the process rewards both the quality of the proposal, and the “reasonableness” of the quote.
This talk is going to be centered on two papers that are going to appear in the following months:
Neerja Mhaskar and Michael Soltys, Non-repetitive strings over alphabet lists
to appear in WALCOM, February 2015.
Neerja Mhaskar and Michael Soltys, String Shuffle: Circuits and Graphs
to appear in the Journal of Discrete Algorithms, January 2015.
Visit http://soltys.cs.csuci.edu for more details (these two papers are number 3 and 19 on the page), as well as Python programs that can be used to illustrate the ideas in the papers. We are going to introduce some basic concepts related to computations on string, present some recent results, and propose two open problems.
Thue showed that there exist arbitrarily long square-free strings over an alphabet of three symbols (not true for two symbols). An open problem was posed, which is a generalization of Thue’s original result: given an alphabet list L = L1, . . . , Ln, where |Li| = 3, is it always possible to find a square-free string, w = w1w2 . . . wn, where wi ∈ Li? In this paper we show that squares can be forced on square-free strings over alphabet lists iff a suffix of the square-free string conforms to a pattern which we term as an offending suffix. We also prove properties of offending suffixes. However, the problem remains tantalizingly open.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Perform a search on the Web for articles and stories about social en.pdffasttrackcomputersol
Perform a search on the Web for articles and stories about social engineering attacks or reverse
social engineering attacks. Find an attack that was successful and describe how it could have
been prevented.
Solution
Answer:
As per Computer Weekly, social engineering attacks were the most well-known hacking strategy
utilized as a part of 2015. What\'s more, there\'s no indication of it backing off; in 2016 60
percent of undertakings were casualties of a social engineering attack or something to that affect.
Furthermore, as per EMC, phishing attacks—the least demanding and most normal sort of social
engineering attacks—brought about almost $6 billion in misfortunes in 2013 alone, spread out
finished around 450,000 separate bargains.
Some hurt more regrettable than others, however all brought about a sufficiently genuine shake
up for security directors to recalibrate their regard for the vector, investigate their conventions,
and make teaching staff a best need.
Here\'s our pick for five of the greatest social engineering attacks ever.
5. 2011 RSA SecurID Phishing Attack
Security firms ought to be the most secure targets with regards to a data framework attack, yet
they are likewise delicious focuses on that draw more than what\'s coming to them of endeavors.
In 2011, one of these attacks bit encryption mammoth RSA and prevailing with regards to mesh
hackers profitable data about the organization\'s SecurID two-factor validation coxcombs.
In spite of the fact that RSA at first denied that the data could enable hackers to trade off
anybody utilizing SecurID, protection temporary worker Lockheed Martin soon recognized
hackers endeavoring to rupture their system utilizing stolen SecurID information. RSA retreated
rapidly and consented to supplant a large portion of the disseminated security tokens.
This inconvenience came down to four workers at RSA parent organization EMC. Attackers sent
them email with a satirize deliver implying to be at a vocation enrollment site, with an Excel
connection titled 2011 Recruitment Plan. It wasn\'t clear why the representatives would think
about a spreadsheet from an outsider site, however they opened it—and a zero-day Flash
adventure covered in the spreadsheet introduced indirect access to their work machines that soon
exposed the keys to the kingdom.
4. 2015 Ubiquiti Networks Scam
Not all hackers are searching for touchy data; here and there they simply need chilly, hard
money.
In 2015, Ubiquiti, a particular producer of wifi hardware and software situated in San Jose,
discovered this out the most difficult way possible when their fund division was focused in an
extortion conspire rotating around worker pantomime.
The organization never uncovered precisely how the attack was organized, yet said that the
bookkeeping office got email indicating to be from the organization\'s Hong Kong auxiliary.
Regularly, such emails contain guidelines with respect to changes in installment account points
of interest or new selle.
Symantec Intelligence Report December 2014Symantec
Welcome to the December edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
SPECIAL REPORT : SECURE BUSINESS ...
How-to avoid being hostage of ransomware attacks ?
How-to preserve collaborators work, identities, access ?
"WHY CYBER PROTECTION CAN'T WAIT ?!"
This SPECIAL report from our Partner SYMANTEC, realized in collaboration with WSJ CUSTOM Studios is really a NEED to Read for ALL Executives, Leaders, Influencers, Owners, Admins, ...
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
Data Leak prevention is a research field which deals with study of potential security threats to
organizational data and strategies to prevent such threats. Data leaks involve the release of sensitive information
to an untrusted third party, intentionally or otherwise while data loss on the other hand is disappearance or
damage of data, inwhich a correct data copy isno longer available to the organization.Thesecorrespond toa
compromise of data integrity oravailability. Data leak/loss has led to huge loss of revenue in the affected
organisation and a threat to their continued existence. All organisations using electronic data storage are
vulnerable to this attack. This research work is targeted at organisations with sensitive datasuch as Bank,
Manufacturing industries, GSM operators, research centres, Military, Higher Educational Institutions and so
on.The authorsanalyse the possible threats to organisational data and the parties that are involved in such threat,
the impact of successful attack on an organisation,and current approaches to DLP.The authorsalso design a DLP
modelusing “text mining” and “social network analysis”, and suggested further research into “text mining” and
“social network analysis”for effective future solution to DLP problems.In conclusion, implementation of this
design with adherence to good data security practices and proactive strategies suggested in thispaper will
significantly reduce the risk of such security threats.
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
54 Chapter 1 • The Threat Environment
FIGURE 1-18 Cyberwar and Cyberterror (Study Figure)
Nightmare Threats
Potential for far greater attacks than those caused by criminal attackers
Cyberwar
Computer-based attacks by national governments
Espionage
Cyber-only attacks to damage financial and communication infrastructure
To augment conventional physical attacks
Attack IT infrastructure along with physical attacks (or in place of physical attacks)
Paralyze enemy command and control
Engage in propaganda attacks
Cyberterror
Attacks by terrorists or terrorist groups
May attack IT resources directly
Use the Internet for recruitment and coordination
Use the Internet to augment physical attacks
Disrupt communication among first responders
Use cyberattacks to increase terror in physical attacks
Turn to computer crime to fund their attacks
espionage.87 Cyber espionage from China has been a serious problem since 1999.88
The Chinese government has been involved in, or sponsored, attacks aimed at the State
Department, Commerce Department, Senators, Congressmen, and US military labs.89
Cyberwar attacks can be launched without engaging in physical hostilities and still do
tremendous damage. Countries can use cyberwar attacks to do massive damage to one
another’s financial infrastructures, to disrupt one another’s communication infrastructures,
and to damage the country’s IT infrastructure all as precursors to actual physical hostilities.
Cyberterror
Another nightmare scenario is cyberterror, in which the attacker is a terrorist or group of
terrorists.90 Of course, cyberterrorists can attack information technology resources directly.
They can damage a country’s financial, communication, and utilities infrastructure.91
87 Dawn S. Onley and Patience Wait, “Red Storm Rising,” GCN.com, August 21, 2006. Keith Epstein, “China
Stealing U.S. Computer Data, Says Commission,” Business Week, November 21, 2008. http://www.businessweek.
com/bwdaily/dnflash/content/nov2008/db20081121_440892.htm.
88 Daniel Verton and L. Scott Tillett, “DOD Confirms Cyberattack ‘Something New’,” Cnn.com, March 6, 1999.
89 Josh Rogin, “The Top 10 Chinese Cyber Attacks (that we know of),” ForeignPolicy.com, January 22, 2010.
90 Although organized terrorist groups are very serious threats, a related group of attackers is somewhat dan-
gerous. These are hacktivists, who attack based on political beliefs. During tense periods between the United
States and China, for instance, hacktivists on both sides have attacked the IT resources of the other country.
91 In 2008, the CIA revealed that attacks over the Internet had cut off electrical power in several cities. Robert
McMillan, PC World, January 19, 2008. http://www.pcworld.com/article/id,141564/article.htm?tk=nl_dnxnws.
Chapter 1 • The Threat Environment 55
Most commonly, cyberterrorists use the Internet as a recruitment tool through
websites and to coordinate their activities.92 They can also use cyberterror in conjunc-
tion with .
Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeWalaa Eldin Moustafa
Dynamic policy enforcement is becoming an increasingly important topic in today’s world where data privacy and compliance is a top priority for companies, individuals, and regulators alike. In these slides, we discuss how LinkedIn implements a powerful dynamic policy enforcement engine, called ViewShift, and integrates it within its data lake. We show the query engine architecture and how catalog implementations can automatically route table resolutions to compliance-enforcing SQL views. Such views have a set of very interesting properties: (1) They are auto-generated from declarative data annotations. (2) They respect user-level consent and preferences (3) They are context-aware, encoding a different set of transformations for different use cases (4) They are portable; while the SQL logic is only implemented in one SQL dialect, it is accessible in all engines.
#SQL #Views #Privacy #Compliance #DataLake
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Round table discussion of vector databases, unstructured data, ai, big data, real-time, robots and Milvus.
A lively discussion with NJ Gen AI Meetup Lead, Prasad and Procure.FYI's Co-Found
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...sameer shah
"Join us for STATATHON, a dynamic 2-day event dedicated to exploring statistical knowledge and its real-world applications. From theory to practice, participants engage in intensive learning sessions, workshops, and challenges, fostering a deeper understanding of statistical methodologies and their significance in various fields."
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Global Situational Awareness of A.I. and where its headedvikram sood
You can see the future first in San Francisco.
Over the past year, the talk of the town has shifted from $10 billion compute clusters to $100 billion clusters to trillion-dollar clusters. Every six months another zero is added to the boardroom plans. Behind the scenes, there’s a fierce scramble to secure every power contract still available for the rest of the decade, every voltage transformer that can possibly be procured. American big business is gearing up to pour trillions of dollars into a long-unseen mobilization of American industrial might. By the end of the decade, American electricity production will have grown tens of percent; from the shale fields of Pennsylvania to the solar farms of Nevada, hundreds of millions of GPUs will hum.
The AGI race has begun. We are building machines that can think and reason. By 2025/26, these machines will outpace college graduates. By the end of the decade, they will be smarter than you or I; we will have superintelligence, in the true sense of the word. Along the way, national security forces not seen in half a century will be un-leashed, and before long, The Project will be on. If we’re lucky, we’ll be in an all-out race with the CCP; if we’re unlucky, an all-out war.
Everyone is now talking about AI, but few have the faintest glimmer of what is about to hit them. Nvidia analysts still think 2024 might be close to the peak. Mainstream pundits are stuck on the wilful blindness of “it’s just predicting the next word”. They see only hype and business-as-usual; at most they entertain another internet-scale technological change.
Before long, the world will wake up. But right now, there are perhaps a few hundred people, most of them in San Francisco and the AI labs, that have situational awareness. Through whatever peculiar forces of fate, I have found myself amongst them. A few years ago, these people were derided as crazy—but they trusted the trendlines, which allowed them to correctly predict the AI advances of the past few years. Whether these people are also right about the next few years remains to be seen. But these are very smart people—the smartest people I have ever met—and they are the ones building this technology. Perhaps they will be an odd footnote in history, or perhaps they will go down in history like Szilard and Oppenheimer and Teller. If they are seeing the future even close to correctly, we are in for a wild ride.
Let me tell you what we see.
Global Situational Awareness of A.I. and where its headed
How Safe is your Data?
1. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 1/33
How Safe is Your Data?
TAPPS
12 May 2014
Michael Soltys
McMaster University / Executek
2. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#8 2/33
Information Security
Key in a knowledge-based economy; key to safety: at a personal,
organizational, and national level
As technology evolves, so do the threats
User behavior:
- choose good passwords
- update software regularly
- authenticate
Advanced practice:
- comes down to the unsolved problem of writing correct software
- Big data analytics
3. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#8 3/33
Large scale attacks: U of Maryland
Attacks it can affect large numbers of people
In February 2014 the University of Maryland faced what it called a
"sophisticated cyber-attack"
which breached the records of more than 287,000 present and past students
4. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 4/33
Large scale vulnerabilities: Heartbleed Bug
allows an attack to read the memory of a web server
affects all versions of OpenSSL in the 1.0.1 series up to and including 1.0.1f
the defect could be used to reveal up to 64 kilobytes of the application's memory
CVE-2014-0160
Canadian Revenue Agency (CRA) closed down its electronic services website over
Heartbleed bug security concerns
OpenSSL validated under FIPS 140-2 by NIST!
(FIPS = Federal Information Processing Standards; NIST = National Institute of Standards
and Technology)
5. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 5/33
New types of attacks
The field is not static; new attacks are clever and inventive:
Drive-by downloads: where a browsing reader can accidentally download rogue
computer programs.
Spear phishing: where specific individuals or organisations are targeted with fake
emails to obtain confidential information.
Watering Hole: about one in 20 attacks uses this strategy where rather than trying to
break into an organisation's network directly, this targets other websites where
people might regularly visit, with the aim of infecting their computers and trying to
get the unwitting carrier to bring a virus back into their own network.
6. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 6/33
A typical attack: Malicious PDFs
In March 2014 a massive scam email was sent in Colombia, claiming to be from one of
the country's credit score agencies
The email contained an attachment file. The file does not show malicious payload when
scanned by antimalware software.
However, doing a "stream dump" of the file we see:
Malicious scripting: which instructs the reader to execute the URL. After downloading
the file shown in that URL, keylogger is downloaded.
7. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 7/33
2011: A Bad Year
When the history of 2011 is written, it may well be remembered as the Year of the Hack.
Stories of computer breaches were breaking almost every week:
Sony
Fox
the British National Health Service
and the Web sites of:
PBS
the U.S. Senate
and the C.I.A.
all fallen victim to highly publicized cyber-attacks. Many of the breaches have been
attributed to the groups Anonymous and LulzSec.
8. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 8/33
Operation Shady Rat
Operation Shady rat ranks with Operation Aurora (the attack on Google and many
other companies in 2010) as among the most significant and potentially damaging
acts of cyber-espionage yet made public.
Operation Shady rat has been stealing valuable intellectual property (including
government secrets, email archives, legal contracts, negotiation plans for
business activities, and design schematics) from more than 70 public and
private sector organizations in 14 countries.
The list of victims, which ranges from national governments to global
corporations to tiny nonprofits, demonstrates with unprecedented clarity the
universal scope of cyber-espionage and the vulnerability of organizations in
almost every category imaginable.
9. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 9/33
Operation Shady Rat
The vast majority of victims, 49, were U.S. based companies, government
agencies, and nonprofits. The category most heavily targeted was defense
contractors, 13 in all.
All the signs point to China.
Forensic investigation revealed that the defense contractor had been hit by a
species of malware that had never been seen before: a spear-phishing email
containing a link to a Web page that, when clicked, automatically loaded a
malicious program, a remote access tool, or rat, onto the victim's computer.
The rat opened the door for a live intruder to get on the network, escalate
user privileges, and begin exfiltrating data.
10. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 10/33
Victims don't want to be victims
McAfee sent emails to officials at four organizations, informing them that
their computer networks had been compromised.
Three of those organizations-including one whose breach is ongoing-made no
response to McAfee's notifications.
"Victims don't want to know they're victims. I
guess that's just victim psychology: if you
don't know about it, it's not really happening."
bit.ly/1iiKWoh(http://bit.ly/1iiKWoh)
0:00 / 3:21
CNN - Operation Shady RAT
11. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 11/33
An innocuous click
RSA is the security division of the high-tech company EMC. Its products protect
computer networks at the
White House
the Central Intelligence Agency
the National Security Agency
the Pentagon
the Department of Homeland Security,
as well as most top defense contractors, and a majority of Fortune 500
corporations.
12. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 12/33
An innocuous click
Sometime in the winter of 2011, lying there in the junk-mail folder, in the
spammy mess of mortgage offers and erectile-dysfunction drug ads, an email from
an associate with a subject line that looked legit caught the man's eye.
The subject line said "2011 Recruitment Plan."
The man clicked on the message, downloaded the attached Excel spreadsheet file,
and unwittingly set in motion a chain of events allowing hackers to raid the
computer networks of his employer, RSA.
The parent company disclosed the breach on March 17, 2011, in a filing with the
Securities and Exchange Commission. The hack gravely undermined the reputation
of RSA's popular SecurID security service.
13. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 13/33
An innocuous click
Experts found evidence that the attack on RSA had come from China.
They also linked the RSA attack to the penetration of computer networks at some
of RSA's most powerful defense-contractor clients, among them:
Lockheed Martin, Northrop Grumman, L-3 Communications
Few details of these episodes
have been made public.
BIG DATA →
bit.ly/1iiLc6I(http://bit.ly/1iiLc6I)
14. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 14/33
Operation Aurora
in 2010 Google became the first major company to blow the whistle on Chinese
hacking when it admitted to a penetration known as Operation Aurora, which also
hit:
Intel
Morgan Stanley
and several dozen other corporations
Most companies have preferred not to talk about or even acknowledge violations
of their computer systems, for fear of panicking shareholders and exposing
themselves to lawsuits.
Or for fear of offending the Chinese and jeopardizing their share of that
country's exploding markets.
15. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 15/33
Operation Aurora
Chinese hackers who breached
Google's servers several years
ago gained access to a sensitive
database with years' worth of
information about U.S.
surveillance targets, according to
current and former government
officials.
bit.ly/1iiLtXt(http://bit.ly/1iiLtXt)
The breach appears to have been aimed at unearthing the identities of Chinese
16. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 16/33
Attempted logins
17. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 17/33
Attempted logins
#!/usr/bin/perl
$i=1;
$test=0;
$packets=0;
sub compute_ip {
$IP=`dig @_ +short`;
if ($IP) {
print "tt IP= $IP <br>";
}
else {
print "tt IP= ? <br> n";
}
}
sub compute_location {
$country=`/sw/bin/geoiplookup @_`;
$country =~ m/([ A-Za-z]*)$/;
$country_short = $1;
if ($country_short) {
print "tt Country= $country_short <br>nn";
}
else {
print "tt Country= ? <br> nn";
18. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 18/33
Esotnia 2007
In the Spring of 2007, government computer systems in Estonia experienced a
sustained cyberattack (cyber-{warfare, terror, crime}).
On April 27, officials in Estonia moved a Soviet-era war memorial commemorating
an unknown Russian who died fighting the Nazis. The move stirred emotions, and
led to rioting by ethnic Russians, and the blockading of the Estonian Embassy
in Moscow.
19. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 19/33
Estonia 2007
The event marked the beginning of a series of large and sustained Distributed Denial-
Of-Service (DDOS) attacks launched against several Estonian national websites.
In the early days of the cyberattack, government websites that normally receive around
1,000 visits a day reportedly were receiving 2,000 visits every second. This caused the
repeated shut down of some websites.
The cyberattacks against Estonia were unusual bec. the rate of the packet attack was
very high, and the series of attacks lasted weeks, rather than hour or days, which is
more commonly seen for a DoS attack.
Eventually, NATO and the United States sent computer security experts to
Estonia to help recover from the attacks, and to analyze the methods used and
attempt to determine the source of the attacks.
youtu.be/PTv3QrhGPC8?t=42m34s(http://youtu.be/PTv3QrhGPC8?t=42m34s)
20. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 20/33
Estonia 2007
A persistent problem during and after any cyberattack is accurate
identification of the attacker:
was it sponsored by a nation?
was it the independent work of a few unconnected individuals?
was it initiated by a group to instill frustration and fear by damaging the
computerized infrastructure and economy?
The uncertainty of not knowing the initiator also affects the decision about
whom should ultimately become a target for retaliation, and whether the
response should come from law enforcement or the military.
After some investigation, network analysts later concluded that the
cyberattacks targeting Estonia were not a concerted attack, but instead were
the product of spontaneous anger from a loose federation of separate attackers.
21. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 21/33
Botnets
Botnet = "Robot Network"
Botnets are made up of vast numbers of compromised computers that have been
infected with malicious code, and can be remotely-controlled through commands sent
via the Internet.
Hundreds or thousands of these infected computers can operate in concert to:
disrupt or block Internet traffic for targeted victims
harvest information
distribute spam, viruses, or other malicious code.
22. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 22/33
Botnets
Botmasters can reportedly make large sums of money by marketing their technical
services.
For example, Jeanson Ancheta, a 21-year-old hacker and member of a group called the
Botmaster Underground, reportedly made more than $100,000 from different Internet
Advertising companies who paid him to download specially-designed malicious adware
code onto more than 400,000 vulnerable PCs he had secretly infected and taken over.
He also made tens of thousands more dollars renting his 400,000-unit botnet herd to
other companies that used them to send out spam, viruses, and other malicious code
on the Internet.
PPI: Pay-per-Install - The Commoditization of Malware Distribution
In 2006, Ancheta was sentenced to five years in prison (FBI operation Bot Roast).
Symantec reported that it detected 6 million bot-infected computers in the second half
of 2006.
23. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 23/33
Botnets
Some botnet owners reportedly rent their huge networks for US$200 to $300 an
hour, and botnets are becoming the weapon of choice for fraud and extortion.
Newer methods are evolving for distributing bot software that may make it
even more difficult in the future for law enforcement to identify and locate
the originating botmaster.
Botnets organize themselves in an hierarchical manner, with a central command
and control location (sometimes dynamic) for the botmaster.
This central command location is useful to security professionals because it
offers a possible central point of failure for the botnet.
However, in the near future, attackers may use new botnet architectures that
are more sophisticated, and more difficult to detect and trace, e.g., P2P.
24. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 24/33
E.g., Wordpress
A fantastic piece of software for blogging; but consists of many parts:
MySQL; Apache; PHP; HTML; JavaScript; Mac OS X Server
absolutely essential to have the latest versions and strong password.
25. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 25/33
Passwords
Your password must be a minimum of 8 characters in length and must include
characters from at least three of the four groups below:
Uppercase letters: A, B, C, ... ,Z
Lowercase letters: a, b, c, ...,z
Numerals: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Symbols: ~ ! @ # $ % ^ & * ( ) _ + ` - = { } | ] [ : " ; < > ? , . / '
Do not use any of your last five previous passwords.
Passwords cannot contain your account name or parts of your full name.
Generate with a seed, a name, and an MD5 hash generator
E.g., myname@gmail.com use seed 5a63y@h& to obtain:
hash: ae19e19070a052b85306fc758146ef8e
26. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 26/33
Uncovered during Executek audits
A client's computer we discovered that the data was kept in a Dropbox folder,
and someone who was not supposed to see it had constant access to the latest
version.
Most clients use dictionary passwords, never change them; sometimes they write
them down on sticky notes placed on the monitor. Employees who leave keep
passwords, which are not changed immediatelly, etc.
Software is seldom updated.
The server is secured but the backup module is not.
27. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 27/33
Sophisticated attacks
Control hijacking attacks: exploits and defenses
Dealing with legacy code: sandboxing and isolation
Exploitation techniques and fuzzing
Tools for writing robust application code
Principle of least privilege, access control, and operating systems security
Security problems in network protocols: TCP, DNS, SMTP, and routing
Unwanted traffic: denial of service attacks
28. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 28/33
Authentication
29. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 29/33
Apache Security
Apache HTTP server access:
.htaccess
.htpasswd
The first file is the policy and the second the password:
AuthType Basic
AuthName "Networks & Security Readings 2014"
AuthUserFile cs3c03-w14/ReadingList/.htpasswd
require valid-user
The second file contains the username and a hash of the password; two examples:
nets2014:9bn3EF/hJS5J6
netsec2013:$apr1$fr2JPfTa$HEzejdyg5DE2MFGVCIzd21
30. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 30/33
Apache Security Challenge
I tell my students that the first to break the first password, obtained with
the command:
htpasswd -cbd ./.htpasswd nets2014 a5e1c054
gets extra marks. Note the password is not a dictionary word.
Still, it takes about 15min with, for example,
ochHashcat-plus
software. On the other hand, breaking the second password, obtained with the
command:
htpasswd -cbm ./.htpasswd netsec2013 tigerblood
is practically impossible (crypt vs md5).
31. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 31/33
Executek: Breaking into a Super-User account
Obtained the SHA1 hash of the password from "shadow file":
cat /private/ var/db/shadow/hash/[...] | cut -c 169-216
which turns out to be:
[...]:4AC8F24F7CE9DBF6C81ECEAA9885401E3221147179FB9178
and then used:
John the Ripper 1.7.3.1
software to reverse engineer the password: onegod
it took about 20 minutes
because the password was a dictionary word!
32. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 32/33
References
CRS Report for Congress 2008(http://www.fas.org/sgp/crs/terror/RL32114.pdf)
Vanity Fair: Operation Shady Rat 2011(http://rdd.me/5sihotjz)
Vanity Fair: Enter the Cyber-Dragon 2011(http://rdd.me/todxjx9k)
Malicious PDF (ISC)(https://isc.sans.edu/forums/diary/17875)
Networks Course Password Cracking Challenge(http://bit.ly/1paMuDy)
33. 5/12/2014 How Safe is Your Data?
http://127.0.0.1:3999/security-may2014.slide#1 33/33
Thank you
Michael Soltys
McMaster University / Executek
soltys@mcmaster.ca(mailto:soltys@mcmaster.ca)
http://www.cas.mcmaster.ca/~soltys(http://www.cas.mcmaster.ca/~soltys)
@MichaelMSoltys(http://twitter.com/MichaelMSoltys)