When you browse the net - you often send sensitive and highly personal data - passwords, banking information and so much more. One of the basic protections we have is a secure connection - or HTTPS instead of a HTTP. What does this mean? Should you enable this secure connection on your website? How can you inform your users to seek out these connections?
Typing our banking information, secure passwords or our credit card information into an unsecure connection - can put at anyone at high risk of having our information stolen.
This scenario and various others are all to true in the digital age and can wreak havoc on many individual’s personal lives. Some leading towards bankruptcy and financial ruin. This webinar will discuss:
- what HTTPS is
- how it functions
- how to enable it
- where to get a SSL certificate that will sign your HTTPS implementation
-along with where it should be implemented.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
"Let's go HTTPS" by Simone Carletti
HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
"Let's go HTTPS" by Simone Carletti
HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...Sandro Gauci
WebRTC is often considered to be secure by default - with most security concerns being around IP address leakage which is more of a privacy issue than anything. Well, I have news for you - the applications and infrastructure that handles WebRTC can be attacked. It may indeed have various types of security vulnerabilities which are often overlooked. This presentation is based on experiences gained through security testing of WebRTC applications with anecdotal stories to illustrate the dangers. We will also take a peek at Video Delivery mechanisms such as RIST and SRT and discuss what could possibly go wrong there too!
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
How to Insert your Library into the mobile sharing economyJustin Denton
Have you found the phenomena of Uber, Air-BNB, and Lyft just amazing?
Through this session we will talk about how to build a library environment that leverages our patrons as a next level of literature. From leveraging & building a larger book sharing model to tapping into our users to host various in-house programs and services then expanding the network to allow additional libraries to leverage all the in-house developed connections to share with a larger patron base.
Have you found the phenomena of Uber, Air-BNB, and Lyft just amazing?
Through this session we will talk about how to build a library environment that leverages our patrons as a next level of literature. From leveraging & building a larger book sharing model to tapping into our users to host various in-house programs and services then expanding the network to allow additional libraries to leverage all the in-house developed connections to share with a larger patron base.
Leveraging Cloud Based Technology to Increase ProductivityJustin Denton
RAILS presentation
Do you commonly find yourself working different shifts, in different locations or just wanting to check into work while your own vacation?
If you’re at this level of juggling then this is the webinar for you. We will discuss how to utilize cloud based technologies such as One-Note, Google Docs, Google Apps, and other Media and Sharing Collaboration sites in a way to increase your and your team’s overall productivity.
We will also discuss how to manage cross team collaboration, keep things organized and how to ensure accountability to the various simultaneous changes that will occur when using cloud technologies.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...Sandro Gauci
WebRTC is often considered to be secure by default - with most security concerns being around IP address leakage which is more of a privacy issue than anything. Well, I have news for you - the applications and infrastructure that handles WebRTC can be attacked. It may indeed have various types of security vulnerabilities which are often overlooked. This presentation is based on experiences gained through security testing of WebRTC applications with anecdotal stories to illustrate the dangers. We will also take a peek at Video Delivery mechanisms such as RIST and SRT and discuss what could possibly go wrong there too!
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
How to Insert your Library into the mobile sharing economyJustin Denton
Have you found the phenomena of Uber, Air-BNB, and Lyft just amazing?
Through this session we will talk about how to build a library environment that leverages our patrons as a next level of literature. From leveraging & building a larger book sharing model to tapping into our users to host various in-house programs and services then expanding the network to allow additional libraries to leverage all the in-house developed connections to share with a larger patron base.
Have you found the phenomena of Uber, Air-BNB, and Lyft just amazing?
Through this session we will talk about how to build a library environment that leverages our patrons as a next level of literature. From leveraging & building a larger book sharing model to tapping into our users to host various in-house programs and services then expanding the network to allow additional libraries to leverage all the in-house developed connections to share with a larger patron base.
Leveraging Cloud Based Technology to Increase ProductivityJustin Denton
RAILS presentation
Do you commonly find yourself working different shifts, in different locations or just wanting to check into work while your own vacation?
If you’re at this level of juggling then this is the webinar for you. We will discuss how to utilize cloud based technologies such as One-Note, Google Docs, Google Apps, and other Media and Sharing Collaboration sites in a way to increase your and your team’s overall productivity.
We will also discuss how to manage cross team collaboration, keep things organized and how to ensure accountability to the various simultaneous changes that will occur when using cloud technologies.
Ever wonder what it’s like to be inside of Bill Gates house or on the Star Trek Enterprise? The Internet of Things has brought this reality and using the Internet of Things can help your library run smoother, cheaper and more efficiently. This webinar will cover the ins and outs of putting together an automated environment.
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...Justin Denton
It’s all too common that once someone leaves the Library they don’t feel
they have a need to return unless it is to return a book, access a computer system or utilize
another Library resource. In today’s market you need to keep in touch with your users on-site
while also driving constant awareness and interaction outside of the facility. This session will
talk about how to continue to engage your patrons. We will dive into how to drive a strong
online presence that engages them and draws more interaction than your typical point and
click web-presence. We will discuss concepts such as online learning, facilitated sessions
and building a strong sense of community for both online and on-site consumption.
Starbucks, or a Hotel and wondered how do I get on the network and how can I print to my printer? Then you just experienced the complexity of a Mesh Network. This webinar will talk about the most common network available to everyone, the Mesh Network. We will talk about what a Mesh Network is, how it functions and how it compares to other various network types. Lastly this session will cover some basic ways to setup your own MESH Network at your library. In some instances, you may have already set one up and didn’t even know it.
Leveraging Cloud Based Technologies for Increased Team ProductivityJustin Denton
Do you commonly find yourself working different shifts, in different locations or just wanting to check into work while your own vacation? If you’re at this level of juggling then this is the webinar for you. We will discuss how to utilize cloud based technologies such as One-Note, Google Docs, Google Apps, and other Media and Sharing Collaboration sites in a way to increase your and your team’s overall productivity. We will discuss how to manage cross team collaboration, keep things organized and how to ensure accountability to the various simultaneous changes that will occur when using cloud technologies.
6 Ways to Improve Employee Engagement and Create a Culture of LearningBizLibrary
Relationships at work aren’t always easy. And no, we don’t mean office romance. When you hire a new employee – it’s a commitment and relationship. Both the organization and the employee saw something in each other that they loved. Recent research shows many of us are on the road to break-up.
So, how can we nurture our relationships and create a learning culture that is engaged and committed to learning?
Key Learning Objectives:
What is employee engagement and why it’s important
Key characteristics of an engaged learning culture
What can we do to improve employee engagement?
Key managerial competencies and challenges
Most everyone is going through a personal “digital metamorphosis” and it will (if it hasn’t already) happen to you too. This presentation highlights some of the emerging technology trends that are impacting most everyone’s lives. In it, I hope to give you some ideas and some insight that you can use in your libraries to help bring more visibility to your resources/services in order to showcase its value.
Intelligent drones, wearable technology, becoming invisible, emailing wrenches to outer space, 3D printing and design, Virtual Reality, Deep Learning, Smart Virtual Personal Assistants, “It’s like Uber for ____”, Makerspaces, self-publishing, data security, Tor Project, Blackphone, IFTTT, IoT, Open Source, and much more will be covered. So, join the Novare Library Services’ team (Diana Silveira and Chad Mairn) as they take a look back to 2014 to highlight the most successful and useful technology trends impacting librarians. They will also share some technologies that may have been missed while providing a glimpse into what to look for in the upcoming year.
http://mindpersuasion.com/tools/
People are terrified of setting goals for two reasons. One is they feel like they'll be overly constricted. The other is that they are afraid they'll fail. Both of these are false. Learn Why: http://mindpersuasion.com/tools/
Libraries Do Matter: Enhancing Traditional Services with Library 2.0St. Petersburg College
What is library 2.0? Should your library actually 'upgrade' from version 1.0 to 2.0? Is Library 3.0 on the horizon? Sit back and relax while Diana Sachs-Silveira and Chad Mairn answer these questions while unscrambling the hodgepodge of Web 2.0 lingo. Diana and Chad will introduce a variety of Web 2.0 concepts that have evolved into services like MySpace, Wikipedia, Del.ic.ious, Digg, Flickr, RSS, Second Life, Writely, and others and discuss how libraries can play a part in all of this.
"93% of businesses that suffer
a significant loss of data are
out of business within 4 years."
The Bureau of Labor
Man-made and natural disasters happen all the time. How resilient is your business? Even if you have a disaster recovery plan, are you really prepared for the unexpected?
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
This series in about the Entrepreneurial and E-Commerce opportunities and how to harness the power of Information Technology to improve or revolutionize business.
This session discusses about:
the types of threats that could occur to an e-commerce business, and what are the prevention methods and technologies available for such threats.
Privacy & Security on the Web - Tools on Mozilla FirefoxAbhiram Ravikumar
A slide deck on privacy ans security on the Web using Mozilla Firefox
Credits: Mayur Patil
http://www.slideshare.net/yomanpatil/privacy-security-using-firefox
This is a slide deck from a talk I gave at the Melbourne WordPress Meetup about SSL/HTTPS. It covers the basics on what it SSL is, if you should be using it, and how to enable it on your WordPress site.
Many websites use HTTPS in place of HTTP, which has led to questions about the HTTP vs HTTPS difference. Research shows that HTTPS is faster than HTTP for retrieving webpages and in terms of HTTP vs HTTPS performance, requires less time to load webpages. Here's a blog on HTTP vs HTTPS Difference Read Now.
HTTP cookie hijacking in the wild: security and privacy implicationsPriyanka Aash
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access over encrypted connections, while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. In this work, we conduct an in-depth assessment of a diverse set of major websites and explore what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies. We identify a recurring pattern across websites with partially deployed HTTPS; service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-session cookies. Our cookie hijacking study reveals a number of severe flaws; attackers can obtain the user's home and work address and visited websites from Google, Bing and Baidu expose the user's complete search history, and Yahoo allows attackers to extract the contact list and send emails from the user's account. Furthermore, e-commerce vendors such as Amazon and Ebay expose the user's purchase history (partial and full respectively), and almost every website exposes the user's name and email address. Ad networks like Doubleclick can also reveal pages the user has visited. To fully evaluate the practicality and extent of cookie hijacking, we explore multiple aspects of the online ecosystem, including mobile apps, browser security mechanisms, extensions and search bars. To estimate the extent of the threat, we run IRB-approved measurements on a subset of our university's public wireless network for 30 days, and detect over 282K accounts exposing the cookies required for our hijacking attacks. We also explore how users can protect themselves and find that, while mechanisms such as the EFF's HTTPS Everywhere extension can reduce the attack surface, HTTP cookies are still regularly exposed. The privacy implications of these attacks become even more alarming when considering how they can be used to deanonymize Tor users. Our measurements suggest that a significant portion of Tor users may currently be vulnerable to cookie hijacking.
(Source: Black Hat USA 2016, Las Vegas)
Block chains and crypto currencies - introductionInitio
Objectives and knowledge sharing
• What is blockchain? Why should we care?
• Cryptography: Shared secrets and the Blockchain
• Protocols: What’s in those blocks ?!
• Ethereum
• Bitcoin
• Hyperledger
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
4. What we’re covering today…
• What HTTPS is.
• How HTTPS functions.
• Where to get a SSL certificates?
• Why HTTPS?
• How to enable HTTPS.
• Where should HTTPS be implemented?
• Communication and Training
• Best Practices & Tips.
5. What is
• HTTP is how a Web Server
communications with Web Browsers
• HTTPS is secure communication
between a Web Server and Web
Browsers
S
6. Founded
• Netscape Communications created HTTPS in 1994 for its Netscape
Navigator web browser.[40] Originally, HTTPS was used with the SSL
protocol. As SSL evolved into Transport Layer Security (TLS), the
current version of HTTPS was formally specified by RFC 2818 in May
2000.
7. What type of sites have you been
to that use HTTPS?
8. What does HTTPS Do?
• HTTPS verifies the identity of a website and encrypts nearly all
information sent between the website and the user.
• Protected information includes cookies, user agent details, URL paths,
form submissions, and query string parameters.
• HTTPS is a combination of HTTP and Transport Layer Security (TLS).
• Browsers and other HTTPS clients are configured to trust a set
of certificate authorities that can issue cryptographically signed
certificates on behalf of web service owners.
9. What Doesn’t HTTPS Do?
• HTTPS has several important limitations.
• IP addresses and destination domain names are not encrypted.
• Even encrypted traffic can reveal some information indirectly, such as time
spent on site, or the size of requested resources or submitted information.
• HTTPS only guarantees the integrity of the connection between two systems,
not the systems themselves.
• It is not designed to protect a web server from being hacked.
• If a user’s system is compromised by an attacker, that system can be altered
so that its future HTTPS connections are under the attacker’s control.
10. Using HTTPS…
• The computers agree on a "code" between them, and then they
scramble the messages using that "code" so that no one in between
can read them. This keeps your information safe from hackers.
• They use the "code" on a Secure Sockets Layer (SSL), sometimes
called Transport Layer Security (TLS) to send the information back and
forth.
11. How can you make your site Secure?
• Utilize a security certificated called a SSL certificate.
• SSL = Secure Sockets Layer
• SSL certification ensures website visitors that you are the owner of
the website and that the information is secured using a SSL certificate
authority.
• Free SSL
• https://letsencrypt.org/
12. Any individual or organization that uses their website to require, receive, process,
collect, store, or display confidential or sensitive information. Some examples of
this information are:
• Logins and Passwords
• Financial Information (e.g., credit card numbers, bank accounts)
• Personal data (e.g., names, addresses, social security numbers, birth dates)
• Proprietary information
• Legal documents and contracts
• Client lists
• Medical records
Who needs an SSL Certificate?
13. Question
• You click to check out at an online merchant. Suddenly your browser
address bar says HTTPS instead of HTTP. What's going on? Is your
credit card information safe?
14. Answer
• Good news. Your information is safe. The
website you are working with has made
attempts to ensure that no one can steal
your information.
18. Why HTTPS?
• Prevents Hackers from watching what you
do over the Internet
• Encrypts Data
• Keeps stuff private
• Keeps you safe
• Prevents people from tracking your
internet activity
• Unencrypted HTTP request reveals
information about a user’s behavior.
The HTTP protocol does not protect data from interception or alteration.
19.
20. Why?
• Chosen as a good place to put an
international message
• Posting click-baity articles and
spam
• Posting political message
• Holding for ransom
• Fun / Competition
• Money
• Steal Personal Info
• No reason at all..
21. High percentages of people have fell victim.
More than 1 in 10 on average in the US.
23. How are they getting in?
• Unsecure POP3 Email Servers
• Public Wi-Fi not secure
• HTTPS is not being used on sites
that you are accessing
• No Anti-Spyware / Anti-Virus
Software installed (or out of date)
• User base not aware
24. Does HTTPS Solve all my worries?
• A sophisticated type of man-in-the-middle attack called SSL
stripping was presented at the Blackhat Conference 2009.
• This type of attack defeats the security provided by HTTPS by
changing the https: link into an http: link.
26. Enabling HTTPS…
• Things you need to do…
• Enable HTTPS on your Web Server
• Easy for Public Hosting companies such as GoDaddy
• Harder if you run your own. (Recommend engaging
IT Expert.)
• Hosted sites are Click and Pay.
• Some configuration may be needed.
• Hosting providers will have specific documentation
on how to configure.
• Provider Dependant
• Test your site after implementing
• Look for the Browser Locks
27. What’s your responsibility?
• Provide a safe and secure environment for
your customers
• Implement & test Internet security measures
• Register and maintain an SSL Certificate
• Educate your customers
28. How to stay secure?
Take Preventative Measures…
29. Does anyone in attendance do
anything to protect themselves
while online?
30. How can you be secure?
• Be aware when putting in data “YOU” want to protect
into a non-HTTPS secure site
• Have Anti-Virus software installed and updated
• Don’t go to suspicious sites
• Utilize private VPN
• Make sure you use Encrypted apps
• Use a password manager
31. How can you be secure? Cont’d…
• Remember to be on the “CORRECT” Site..
HTTPS doesn’t mean that the site is Secure
from Hackers.. Just means that the data you
enter onto the site is encrypted and protected
form others that could potentially see it.
• If you go to a Hacker Site with HTTPS, your data
is secure, but only secure between you and the
hacker
32. How is the Government handling this?
• The HTTPS-Only Standard
• A memorandum M-15-13, “A Policy to Require Secure Connections across
Federal Websites and Web Services”
33. Best Practices…
• SSL Certificates
• Keep track of when they expire.
• Ensure you renew on-time.
• Understanding that HTTPS runs on Port 443 & HTTP runs on Port 80.
(What does this mean?)
• Modify firewall settings
34. Communication & Training
• Building strategies for communication &
training to consumers
• Continue to inform
• Have security awareness programs for
employees and consumers
• Have a Cyber-Safety Month
• Other ideas?
36. • There are obvious instances in which this type
of secure connection is a must.
Transfer of Personal Identifiable
Information
Transfer of transaction data in e-commerce
Transfer of any other sensitive data
• The actual act of securing a website is a very
complex process.
• HTTPS does not stop attackers from hacking a
website, web server or network.
• It will not stop an attacker from exploiting
software vulnerabilities, brute forcing your access
controls or ensure your websites availability by
mitigating Distributed Denial of Services (DDOS)
attacks.
Remember…
Editor's Notes
HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user.
Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit.
HTTPS is a combination of HTTP and Transport Layer Security (TLS). TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network.
Browsers and other HTTPS clients are configured to trust a set of certificate authorities [2] that can issue cryptographically signed certificates on behalf of web service owners. These certificates communicate to the client that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This prevents unknown or untrusted websites from masquerading as a Federal website or service.
What HTTPS Doesn’t Do
HTTPS has several important limitations. IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information.
HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation. Similarly, if a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control. The guarantees of HTTPS may also be weakened or eliminated by compromised or malicious certificate authorities.
Data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.
Not only websites are being targeted.. Even Facebook, twitter, Pintrest, etc.. Anything that is popular and drives awareness.. Smaller sites that are hacked are usually people that are playing around testing there skills.. Large sites hacked are to distribute a message.
American Library Association’s Facebook page and posted an endless stream of clickbaity articles and spam.
Taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client.[38] This prompted the development of a countermeasure in HTTP called HTTP Strict Transport Security.