When we talk about security for your library, we should understand some of the tools people may use to harm your network and infrastructure. In this session, learn how hackers may hack and ways to protect yourself. IT security is more than just a buzzword; it’s a necessity to understand and implement the correct measures to keep you, your library, and your patrons safe.
Basic security principles for information systems development/deployment. Information security is concerned with the confidentiality, integrity, and availability of information. From these three 'pillars', the following principles must be applied when implementing and maintaining an information system: Accountability.
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherVerein FM Konferenz
Security issues like the "Heartbleed" bug and data breaches have been occurring all too frequently. Keeping up to date on the many security threats is important, and protecting your or your customers' data from these threats is critical. This session will survey recent security issues and help you understand the threat landscape that your solutions may be exposed to. You will learn about some of the many security features in the FileMaker platform, including "under the hood" details of Database Encryption in FileMaker 13.
Survey of recent security issues
Information security and the threat landscape
Use of security features in the FileMaker platform
"Under the hood" details of Database Encryption
How to secure a safe teleworking environment by:
Managing Security Responsibilities
Updates, Patches and Scans
Enforcing Password Protection
Phishing Attacks
WiFi, Routers & Connections
Where the “Work” Should Reside
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
Basic security principles for information systems development/deployment. Information security is concerned with the confidentiality, integrity, and availability of information. From these three 'pillars', the following principles must be applied when implementing and maintaining an information system: Accountability.
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherVerein FM Konferenz
Security issues like the "Heartbleed" bug and data breaches have been occurring all too frequently. Keeping up to date on the many security threats is important, and protecting your or your customers' data from these threats is critical. This session will survey recent security issues and help you understand the threat landscape that your solutions may be exposed to. You will learn about some of the many security features in the FileMaker platform, including "under the hood" details of Database Encryption in FileMaker 13.
Survey of recent security issues
Information security and the threat landscape
Use of security features in the FileMaker platform
"Under the hood" details of Database Encryption
How to secure a safe teleworking environment by:
Managing Security Responsibilities
Updates, Patches and Scans
Enforcing Password Protection
Phishing Attacks
WiFi, Routers & Connections
Where the “Work” Should Reside
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
This presentation is based on the 16th chapter of our textbook Fundamentals of Web Development. The book is published by Addison-Wesley. It can be purchased via http://www.amazon.com/Fundamentals-Web-Development-Randy-Connolly/dp/0133407152.
This book is intended to be used as a textbook on web development suitable for intermediate to upper-level computing students. It may also be of interest to a non-student reader wanting a single book that encompasses the entire breadth of contemporary web development.
This book will be the first in what will hopefully be a textbook series. Each book in the series will have the same topics and coverage but each will use a different web development environment. The first book in the series will use PHP.
To learn more about the book, visit http://www.funwebdev.com.
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Website: https://samsclass.info/123/123_F16.shtml
I tried to cover small information about the present threat, vulnerability and best practices.
Most of information taken from the training material and internet.
Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
This presentation is based on the 16th chapter of our textbook Fundamentals of Web Development. The book is published by Addison-Wesley. It can be purchased via http://www.amazon.com/Fundamentals-Web-Development-Randy-Connolly/dp/0133407152.
This book is intended to be used as a textbook on web development suitable for intermediate to upper-level computing students. It may also be of interest to a non-student reader wanting a single book that encompasses the entire breadth of contemporary web development.
This book will be the first in what will hopefully be a textbook series. Each book in the series will have the same topics and coverage but each will use a different web development environment. The first book in the series will use PHP.
To learn more about the book, visit http://www.funwebdev.com.
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Website: https://samsclass.info/123/123_F16.shtml
I tried to cover small information about the present threat, vulnerability and best practices.
Most of information taken from the training material and internet.
Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
Expand Your Control of Access to IBM i Systems and DataPrecisely
Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access.
Topics include:
• IBM i access methods and risks
• Using exit programs to block traditional and modern access methods
• Real life examples and perspectives
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
Compliance made easy. Pass your audits stress-free.AlgoSec
Don’t fail an audit ever again. Yes, it’s possible.
It doesn’t matter what regulation you are talking about, whether your own internal compliance standard or a common global framework such as PCI DSS, SOX, HIPPA, SWIFT, or even HKMA.
Cyber Security Overview for Small BusinessesCharles Cline
Defining cyber security
Identifying information that your small business should secure
Identifying the types of cyber threats against small businesses
Small business risk management
Small business best practices for guarding against cyber threats
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
With the help of GCHQ and Cert-UK, we've produced this presentation on reducing the impact of normal cyber attacks. It's not meant to be an exhaustive guide on cyber security threats. The presentation isn't tailored to individual needs, and it is not a replacement for specialist cyber security advice.
AI Coding, Tools for Building AI (TBLC AI Conference)Brian Pichman
Embark on an engaging journey into the world of AI coding with Brian Pichman from the Evolve Project. This advanced track offers participants hands-on experiences in coding AI, blending theory with practice. Explore the latest games/gadgets/gizmos designed to educate and enhance skills in coding alongside AI. This session is perfect for those who are curious about what's it take to code AI and learn about cutting-edge developments in AI technology
Building Your Own AI Instance (TBLC AI )Brian Pichman
Join Brian Pichman from the Evolve Project in an enlightening session focusing on the creation of a building your own AI chatbot. This advanced track delves into the practical aspects of utilizing the OpenAI API alongside other innovative software products. Participants will gain invaluable insights into the processes and technologies involved inbuilding a custom AI instance. This track is ideal for those seeking adeeper understanding of AI integration and personalization in the realm. of conversational AI.
CyberSecurity - Computers In Libraries 2024Brian Pichman
Protecting privacy and security while leveraging technology to accomplish positive change is becoming a serious challenge for individuals, communities, and businesses. This workshop, led by expert leaders and practitioners, covers personal and organizational privacy as well as top security issues for libraries and their communities, especially the implications of AI. If you don’t have a security plan in place, are unsure of where to even start to make sure your library is secure, or have an existing plan in place but want to cross your T’s and dot your I’s, come to this interactive workshop.
AI Workshops at Computers In Libraries 2024Brian Pichman
While AI holds tremendous potential for libraries, it also comes with significant concerns and the potential for harm. We find ourselves sailing uncertain waters; there are few guardrails governing AI's use. Even as we acknowledge this truth, we must also note that library staff are already experimenting with the use of AI chatbots (most commonly ChatGPT), generative AI design tools (like Midjourney), and other variations of AI technology. In short, we have great potential, pitfalls, and a total lack of clarity. It is only through the thoughtful development of policy, procedure, and professionals that we can hope to articulate a vision for the ethical use of AI in our libraries. Join this conversation about new disruptive technology, take a deep breath, and get to work laying a foundation of policy guidelines and staff development to navigate the uncertain road ahead.
This interactive and hands-on workshop allows you to play and experiment with new tools which will spark ideas for the future of your library and community activities. It focuses on OpenAI’s API and how to get started building personalities in AI. It explores various tools to create AI images, videos, and more. Filled with tips, it will definitely be fun!
Community Health & Welfare: Seniors & Memory CareBrian Pichman
Memory care is becoming a huge topic in libraries around the world. How do we support seniors and their caregivers affected by conditions such as Alzheimer's or dementia? This session explores tools, tips, and program ideas to enable your library to include these groups and empower them to use the library in a safe and inviting way.
Robotics in Libraries - Education and AutomationBrian Pichman
Explore how robotics is reshaping various industries and how they may create new possibilities within library environments. This session explores a wide gambit of information — from the basic STEAM toys that can teach coding to industry-level equipment and their applications in libraries, including sorting systems, interactive learning companions, and assistive devices for patrons with disabilities. Gain insights into the benefits and limitations of robotics, and explore future trends in the field.
Key Points:
Overview of robotics technologies and their relevance to libraries.
Benefits and limitations of integrating robotics into library operations.
Various Edutech Products that teach robotics.
Future trends and possibilities for robotics in the library environment.
NCompass Live - Pretty Sweet Tech - Evolve ProjectBrian Pichman
Presentation for NCompass Live
Brian Pichman of the Evolve Project is the man behind the scenes, transforming how libraries engage with technology. Here at the Commission, he helped a lot with the Tech Kits Through the Mail. If you’ve gotten a kit from us, it’s because he tracks tech trends, works with tech gadget startups, and helps build solid strategies to connect communities with transformative technology.
Honestly, he’s helped me a lot over the years. But I can’t be selfish. I decided to share his expertise with you all! Turns out Brian does way more than I ever knew possible.
In this session we will get Brian talking about all the cool things he has going on:
Explore how his pilot programs of new games & gadgets are shaping the future of libraries through makerspaces, innovation spaces, and leading edge programming
Learn how Brian helps libraries embrace AI, VR and AR to revolutionize library services and enhance accessibility and engagement for all.
Discover his passion for open-source solutions to drive positive change, and his recent endeavors with ByWater Solutions, a leading provider of open-source library software.
Dig into his work with libchalk, a web hosting platform designed specifically to help libraries host digital content, websites, courses, and online resource libraries.
The real question is, what doesn’t he do? He can help your library too. Find out how.
AI tools in Scholarly Research and PublishingBrian Pichman
Discover how AI is revolutionizing research methodologies and publishing processes, making data analysis more efficient and streamlining academic workflows. This talk will cover the latest trends, challenges, and future opportunities of integrating AI in academia. Ideal for scholars, publishers, and tech enthusiasts aiming to stay ahead in the digital age. We will also explore new tools and how to build your own environments.
Tech Trends 2024 and Beyond - AI and VR and MOreBrian Pichman
Join Brian Pichman, the tech geek from the Evolve Project, in a
jolly tech-filled sleigh ride through the hottest trends that'll make
this holiday season merrier for librarians! From digital AI elves
to magical augmented reality, this fun-packed presentation will
unwrap the tech wonders that'll keep libraries ahead of the
game in the North Pole of innovation. Don't miss out on the
holiday cheer and the chance to sprinkle some digital snow on
your library's future!
Content Creation and Social Media Tools for LibrariesBrian Pichman
Discover the transformative role of Artificial Intelligence in shaping content creation and social media engagement within library environments. This presentation explores how AI-driven tools are revolutionizing the way libraries share information, curate content, and connect with their communities. Explore practical applications of AI in generating personalized content, automating social media interactions, and enhancing user engagement, all while maintaining the unique character of library services.
Key Points:
Tailoring library content through AI: Customized reading recommendations, curated lists, and more.
Amplifying outreach with AI-powered social media strategies, boosting community interaction.
Ethical considerations in AI-generated content for libraries: Striking the right balance.
Real-world examples of successful AI-driven library campaigns that foster engagement.
Collaborative possibilities: How libraries can work with AI to enhance user experiences.
Future prospects: Navigating the evolving landscape of AI and its integration in library services.
Artificial Intelligence (AI) – Powering Data and Conversations.pptxBrian Pichman
Uncover the potential of Artificial Intelligence in revolutionizing data analysis and enhancing conversational experiences within library contexts. This presentation explores how AI technologies are redefining data management, insights, and user interactions in libraries. Gain insights into how AI-driven data analysis can optimize collection management, resource allocation, and user engagement. Additionally, learn about the implementation of AI-powered conversational interfaces to provide seamless library support and guidance.
Key Points:
- Enhancing library data analysis: From catalog optimization to user behavior insights using AI.
- Leveraging AI to automate routine data-related tasks and enhance decision-making.
- Conversational AI in libraries: Creating virtual assistants and chatbots for user assistance.
- Merging human expertise with AI: Crafting effective user interactions in library services.
- Case studies showcasing libraries streamlining operations and enriching user experiences through AI.
- Future horizons: The evolving role of AI in data management and personalized library interactions.
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
Step right into a realm where cyber security meets the enchanting world of Harry Potter! Join Brian Pichman, our fearless Defense Against the Dark Arts wizard, as he unveils the secrets to safeguarding our digital realms. Prepare to be captivated as Brian illuminates the spellbinding techniques of encryption, firewalls, and intrusion detection, equipping us to fortify our cherished data against the sinister forces of the digital realm.
But beware! Just like in the magical world, treacherous adversaries prowl the shadows. Brian will expose the dark arts of phishing, ransomware, and social engineering, empowering us to defend our digital castles. Engrossed in tales of peril and armed with ancient cyber security spells, this captivating presentation promises to leave you spellbound and ready to protect yourself in this ever-evolving landscape. So grab your wands and brace yourselves as Brian Pichman conjures a shield of protection, ensuring the safety of our digital realms against the forces of darkness. Together, we shall prevail in this journey of cyber security and magic.
Join Brian Pichman from the Evolve Project as he shares a new strategy he hopes libraries adopt to strengthen their connection with themselves, their team, and the community. By setting up a 40 Day Challenge (and yes challenges will be shared in this presentation) you can take yourself and your library to a whole new level of librarianship.
NCompass Live: AI: The Modern Day Pandora's BoxBrian Pichman
Artificial Intelligence (AI) has unfurled a world of possibilities and opportunities, but just like Pandora's box, it comes with its own set of challenges and ethical conundrums. Brian Pichman of the Evolve Project takes you on a deep dive into the complex landscape of AI, its implications, ethical concerns, and its transformative role in both private and public sectors.
Key Takeaways:
Understand the multifaceted nature of AI and its applications.
Explore the ethical questions surrounding AI, from data privacy to job displacement.
Discover how AI can serve as a force for good and where it may fall short.
Gain insights into how industries are adopting AI technologies for innovative solutions.
Learn actionable strategies for responsibly integrating AI into your organization or research.
AI can help digest information efficiently, develop creative solutions to complex problems, & more. We will explore using hands-on tools that can be used by marketing teams, tech teams, & more. We will break down what AI is, how it works, & some limitations or challenges.
Securing and Safeguarding Your Library SetupBrian Pichman
We will explore various tools, techniques, & procedures to ensure our environment's safety & security. Leave with a list of ideas you can use today within your library.
Join Brian Pichman and his Consumer Electronic Show (CES) recap. CES is the ultimate tech conference that unveils the latest and greatest in tech gadgets and gizmos. Brian will share his findings of the next must-have technology announced at the event, along with some library partnerships that can help evolve your library’s maker spaces. Learn more about tech trends such as AI, Metaverse, Robotics, and more with some hands-on time with the latest and greatest gadgets.
By now, most people have heard of ChatGPT as a conversational AI that can create conversations and answer questions. This flashy technology has helped introduce AI to the masses, yet this type of conversational AI has been around for almost a while in various formats. This session shows some of the less-known things you can do with AI, such as creating content for your blog/website, creating videos, generating marketing material, tweets, and more. Brian Pichman of the Evolve Project will share some access to technology to let participants play and create AI content to bring back to their library.
STEM Programming Ideas at the Library.pdfBrian Pichman
With all the latest gadgets, gizmos, and everything in between, what are the latest programming ideas within library spaces? How can we use AI in different ways to engage our community? What about low costs or low-tech opportunities? Join Brian Pichman of the Evolve Project as he highlights some awesome programming ideas that you can implement within your library spaces! Bring in more patrons, build more collaboration, and improve your community outreach with some out-of-the-box STEM activities that really get your creative minds flowing.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
5. THE COSTS OF BREACHES
• his year’s study reports the global average cost of a data breach is down 10 percent over previous years to
$3.62 million. The average cost for each lost or stolen record containing sensitive and confidential information
also significantly decreased from $158 in 2016 to $141 [per record] in this year’s study.
• However, despite the decline in the overall cost, companies in this year’s study are having larger breaches. The
average size of the data breaches in this research increased 1.8 percent to more than 24,000 records
[http://www-03.ibm.com/security/data-breach/]
• Data Breached Companies Experience…
• People loose faith in your brand
• Loss in patrons
• Financial Costs
• Government Requirements,
Penalties, Fees, etc.
• Sending of Notifications
• Payment of Identity Protection or
repercussions.
• Business Continuity
https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
6. WHY DO PEOPLE ATTACK?
• Financial Gain
• Stocks
• Getting Paid
• Selling of information
• Data Theft
• For a single person
• For a bundle of people
• Just Because
• Malicious
7. YOU CAN ONLY MITIGATE RISK…NEVER PREVENT ALL RISK
Understanding your network and evaluating their risks; allows you to build plans around mitigating risk.
You can never remove all risk. You aren’t “un hackable”
8. SO WHAT DO YOU NEED TO PROTECT?
• Website(s)
• ILS
• Staff Computers
• And what they do on them
• Patron Computers
• And what they do on them
• Network
• And what people do on them
• Stored Data, Files, etc.
• Business Assets
• Personal Assets
• ….anything and everything that is plugged
in…
9. Outside
• Modem Router Firewall
Switches
• Servers
End User
• Phones
• Computers
• Laptops
10. OUTER DEFENSES (ROUTERS/FIREWALLS)
• Site to Site Protection (Router to
Router or Firewall to Firewall)
• Encrypted over a VPN Connection
• Protection With:
• IDS
• IPS
• Web filtering
• Antivirus at Web Level
• Protecting INBOUND and OUTBOUND
11. UNIFIED THREAT MANAGEMENT
• Single Device Security
• All traffic is routed through a
unified threat management
device.
12. AREAS OF ATTACK ON OUTER DEFENSE
External Facing Applications
• Anything with an “External IP”
• NAT, ONE to ONE, etc.
• Website
• EZProxy Connection
• Custom Built Web Applications or Services
Internal Applications
• File Shares
• Active Directory (usernames / passwords)
• Patron Records
• DNS Routing
• Outbound Network Traffic
• Who is going where
13. ATTACKS
• Man in the Middle
• Sitting between a conversation and either listening or altering the data as its sent across.
• DNS Spoofing (https://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns-lan-redirect-traffic-your-
fake-website-0151620/) set up a fake website and let people login to it.
• D/DoS Attack (Distributed/Denial of Service Attack)
• Directing a large amount of traffic to disrupt service to a particular box or an entire network.
• Could be done via sending bad traffic or data
• That device can be brought down to an unrecoverable state to disrupt business operations.
• Sniffing Attacks
• Monitoring of data and traffic to determine what people are doing.
17. COMPUTER SECURITY AND POLICY
Why IT Loves It
• Protects the computers from accidental changes
• Protects Data
• Lots of things depend on the running operation
of the network.
• Filtering helps with network efficiency
Why it is a Barrier
• You need something done to improve your job
(efficiency /performance)
• Patrons!
• Filtering limits access.
18.
19. UPDATES, PATCHES, FIRMWARE
• Keeping your system updated is
important.
• Being on the latest and greatest
[software/update/firmware] isn’t always
good.
• Need to test and vet all updates before
implementation
• If you can – build a dev environment to
test and validate.
22. SWITCH CONFIGURATIONS
• Routing Rules
• Split networks into
• Public: 10.0.10.X
• Staff: 10.0.20.X / :: Wireless Staff
• Servers: 10.0.30.X
• Wireless Public
• Route traffic so Public LAN cannot see
Staff LAN
• Access Restrictions
• Limit devices connecting to LAN
• MAC Address Filtering
• Limit Port Scanning, IP Scanning, etc
on network.
• Limit which networks have access to
which ports.
23. PROTECTING END DEVICES
• Protecting Assets
• Business Assets
• Thefts
• Hacking
• Personal Devices
• Security Risk
• Usually pose an INBOUND threat
to your network
25. PASSWORDS
• Let’s talk about Passwords
• Length of Password
• Complexity of password
requirements
• DO NOT USE POST IT NOTES
• A person’s “every day account”
should never have admin rights to
machines.
• That includes your IT Folks!
33. MYTHS
• I’m not worth being attacked.
• Hackers won’t guess my password.
• I have anti-virus software.
• I’ll know if I been compromised.
34. UNDERSTANDING BREACHES AND HACKS
• A hack involves a person or group to gain authorized access to a protected computer or network
• A breach typically indicates a release of confidential data (including those done by accident)
• Both of these require different responses if breaches/hacks occur.
35. EXAMPLES OF HACKS/BREACHES
• An employee/family member allows a hacker to access their machine through:
• Email Attachments
• Social Engineering
• Walking away from their computer unattended
• An employee/family member sends information to someone thinking they are someone else
• “Hi, I’m the CFO assistant, he needs me to collect all the W2s”
• Or more intrusive –
• There is an attack on a database or server that then allowed a hacker in (SQL Injection)
• There is a brute force attack or someone guessed the password on a key admin account, on servers/networks,
etc.
36. BEST KIND OF TRAINING
• Awareness
• Reporting Issues Immediately
• Precautions
• Being smart about links, emails, and phone calls.
• Don’t know the person – probably not legit.
• Site doesn’t look familiar – probably not legit
• Checking Others
• Seeing someone doing something “suspicious?”
• Seeing someone not following the “security training?”
• Acting as “owners” to data and assets.
40. CALL SPOOFERS
• Phone calls from “Microsoft”
• Wanting to remote in and fix your computer.
• Phone calls from your “Bank”
• Wanting to talk to you about your credit card
• Rule:
• Just. Hang. Up. Then call the number on the back of the card or directly off their actual
website.
46. SITES TO HELP
• Haveibeenpwnd.com
• Sign up and check to see if your data appears
after a hack is released
• https://krebsonsecurity.com/
• Great blog to stay informed of what is
happening with IT Security
• LifeLock, Identify Guard
• Monitoring Your Data and Privacy
47.
48. DISASTER AND SECURITY PLANS
• Are tested and audited.
• Audit account usage, audit network logs, check computers for malicious software, check if computers aren’t
receiving updates.
• Test staff’s ability to follow basic security rules and principles.
• Refined and Monitored
• As your infrastructure grows or as things change, you will need to continually refine and update your security
plan and policy.
• Plans are followed.
• There shouldn’t be exceptions to rules.
50. ONION ROUTING, TOR BROWSING
• Technique for anonymous communication to take place over a network. The encryption takes place at
three different times:
• Entry Node
• Relay Node
• Exit Node
• Tor is made up of volunteers running relay servers. No single router knows the entire network (only its
to and from).
• Tor can bypass internet content filtering, restricted government networks (like China) or allow people to
be anonymous whistle blowers.
• Tor allows you to gain access to “.onion” websites that are not accessible via a normal web browser.
• Communication on the Dark Web happens, via Web, Telnet, IRC, and other means of communication
being developed daily.
51. SOME HISTORY
• Originally grew with help from the U.S. Military as a way to
communicate without detection.
• In 1995 the concept of “onion routing” was born.
• The Deep Web was coined in 2001 by BrightPlanet which
specializes in locating content within the dark web.
• In 2004 the U.S. Naval Research Lab released the Tor code to the
public, and in 2006 it was retooled as the Tor Project.
52. SURFACE WEB, DEEP WEB, DARK WEB
• The Deep Web is anything a
search engine can’t find.
• Search Engines use links to
“crawl” the internet.
• Within the Deep Web is the
Dark Web which requires
special software or network
configurations, and access
rights in order to access.
• The Dark Web is a small
portion of the Deep Web
53. CLOAK OF INVISIBILITY
• Top reasons why people want to hide their IP address:
• Hide their geographical location
• Prevent Web tracking
• Avoid leaving a digital footprint
• Bypass any bans or blacklisting of their IP address
• Perform legal/illegal acts without being detected
54. CLOAK OF INVISIBILITY
• How do you Hide an 800lb Gorilla?
• Use Free Wifi (To Hide your location)
• Use a Secure Web Browser
• Use a Private VPN
• Go back to Dial-up
• Setup RF Data Transfer over CB Radio Waves
• Use Kali linux to hack someone else’s Wifi Encryption.
• Setup long-range Wireless Antennas
55. CLOAK OF INVISIBILITY
• How to hide yourself?
• Private VPN
• You want a TOTALLY anonymous service.
• Look for one that keeps no log history (Verify via reviews)
• Look at Bandwidth & Available Servers
• Recommendations:
• Private Internet Access (PIA)
• TorGuard VPN
• Pure VPN
• Opera Web Browser
• Avast AntiVirus (SecureLine)
• Worst Case: Free WIFI
57. HOW TO NAVIGATE AND PREVENT WRONG
TURNS
NAVIGATING THE DARK WEB - INCLUDING THE PITFALLS
58. HOW TO NAVIGATE AND PREVENT WRONG TURNS
• Who are the people we’re trying to void?
• Hacker Groups
• Lizard Squad. ...
• Anonymous. ...
• LulzSec. ...
• Syrian Electronic Army. ...
• Chaos Computer Club (CCC) ...
• Iran's Tarh Andishan. ...
• The Level Seven Crew. ...
• globalHell.
59. TOOLS TO BECOME A HACKER
EXPLORE TOOLS HACKERS USE TO EXPLOIT COMPANIES AND US
60. TOOLS TO BECOME A HACKER
• Get a router that allows for VPN at the router
• Install a second VPN Client on the PC
• Use Tor Browser for Browsing
• Use other tools form this point
• Keeps everything anonymized and encrypted
61. TOOLS TO BECOME A HACKER
• The Basics.
• Social Engineering
• Get a Voice that’s not behind a computer.
• Write a Batch File
• Odd, but Windows still has DOS hidden underneath
65. YOU AS A LIBRARY - OBLIGATIONS
• You are obligated to protect the data and privacy of:
• Employees
• Patrons
• Business Partners/Vendors/Etc.
• Sometimes, we forget we house a lot of personal and identifying information about our employees and
patrons.
• Employees Social/Payroll/HR
• Patron Records/Accounts/Catalog History(?)
• What employees/patrons are accessing on the web
• A sniffing tool, key logger, or fake DNS redirects can monitor not only the sites people are accessing but what they use
for their username / password
66. STEPS – COMMUNICATION AND SPEED!
• Communicate
• People will ask “How long did you know XYZ happened” before communicating to them an attack
occurred.
• If you discover a breach, hack, or any other compromise that may have the impact of data
being stolen or viewed, you MUST communicate quickly and effectively.
• While every scenario is different and has different factors – groups that move faster with the
information they know (as soon as they know it) they are generally better off long term (ie don’t’
wait months as you “investigate” the issue. Give people time to protect themselves)
• Don’t over communicate and have one spokesperson
• Be clear and concise. Too many details can be harmful.
67. OTHER POINTS ON COMMUNICATION
• Once you know a breach has occurred, by law you are required to inform
customers if their data has been compromised.
• Some states have deadlines of when the announcement has to be made
• Every impacted person must be told that a data breach has occurred, when it
occurred, and what kind of information was compromised.
• Answer: what are you doing to provide a remedy and should they do
• (next slide)
68. WHAT ARE YOU DOING TO PROVIDE A REMEDY AND SHOULD THEY DO
You as the Library
• Build a website with information about the
breach
• Offer a Toll Free number people to call in for
questions
• If the possibility of social information provide
contact information for Equifax, Experian and
Transunion, and the quick links for fraud
protection.
Them as Impacted Parties
• Fraud Protection (if necessary)
• Request them to change their passwords if their
password was compromised
• Highlight if they use this password on OTHER
sites to change those passwords too
69.
70.
71. STEP 2 - INVESTIGATE
• You will most likely need to hire an outside cyber
security firm – they have the tools and resources to
track what might have been stolen and who stole it.
• Solve which computers and accounts were
compromised, which data was accessed (viewed) or
stolen (copied) and whether any other parties – such as
clients, customers, business partners, users, employees.
Was the stolen data encrypted or unencrypted?
• Also involve folks from the people you pay for services
(depending on where the breach occurred) such as
ISPs, Web Hosting Providers, Security Software,
Firewall Vendors, etc.
• Contact your local, county or state police computer
crimes unit and the FBI, which can do forensic
analyses and provide valuable guidance
72. STEP 3 SOLVE IT
• Through the investigation and hiring of consultants and engagement of local/state/federal
groups – find out what happened and how to prevent it from happening again
• Removing infected computers or servers (if it was from a virus/malware)
• Consider reformatting hacked computers and restoring data with clean backups or replacements
• Removing access from the outside world to your network (or specific applications)
• If the breach occurred because of non patch system or software – patch it, then put a policy in place
to check patches.
• If the breach was done through a stolen or weak passwords, secure those accounts and set new,
complex passwords that will be hard to crack.
• Communicate the resolution and promise to the users impacted
73. REPERCUSSIONS
• Depending on the severity of the hack and type of hack you may:
• Need to pay a fine/penalty from a governing body if it was because of lack of security or no reasonable efforts
to defend users data
• Pay for identity protection for those impacted users (usually at least a year)
• Pay a settlement
74. MOVING FORWARD / PREVENTION
• Make sure your security defenses are running properly and that data is being backed up securely.
• You should run activity logs and tracking on all network devices and public facing servers. These logs should be
checked and monitored for unwanted access or sudden activity.
• Follow up with vendors to see what they are doing to protect your/their data – and share with
customers best practices for their own security (like strong passwords).
• Create a disaster recovery plan and train employees so everyone can respond quickly and calmly if they
know of an attack or see something that could be indicative of being attacked.
75. YOU – AS A PERSON (IF INFECTED MACHINE)
• If you think you infected your machine (through an email, virus, etc)
• Disconnect it from the internet.
• Immediately shut down the computer
• If you notice an odd message take a photo first so an IT person (or you) could do more research
• You can remove your drive from your computer and using another computer (that’s not network
connected) run scans on the drive.
• Depending on the severity – you may need to wipe your computer.
• If this is a work computer – always inform IT Security or IT. They rather have a false alarm than an actual
issue leak to the entire organization.
76. IF YOUR EMAIL GOT HIJACKED
• If its your personal email
• Send an email to all your contacts letting them know (if a fake message was sent out) that it wasn’t
you who sent the message and to delete it.
• Change your email password.
• Google will tell you what sites you have connected your Google Account too:
• https://myaccount.google.com/intro/secureaccount
• If it’s your work email
• Inform IT / Security – and ask them the best course of action.
Infrastructure:
Network (Switches, Routers, Firewalls, Modem)
WiFi Network
VPN Connections
Servers (File Storage, Active Directory, Application Servers).
Phone System, Security System, Website, etc.
End Clients
End User PCs and other Peripherals
Copiers, Scanners, Printers
Software