The document outlines a presentation on penetration testing and security issues, defining terms like vulnerability assessment, penetration testing, and social engineering. It discusses common security problems organizations face like weak passwords, default security settings, and missing patches. It also provides examples of tools that can be used for self-auditing like port scanners, web application scanners, and tools to check SSL configurations.
AI in Education must be an opportunity for allMarco Neves
Living tremendous and very challenging days impacted by the Digital Transformation mainly supported by Artificial Intelligence is important that all students learn about AI.
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptxOWAISSALAUDDINKHAN
This document provides an overview of Google Cloud's offerings for generative AI and large language models. It begins with a primer on large language models (LLMs) and generative AI, explaining what they are and how they have evolved. It then discusses Google's products for consumers like Bard and MakerSuite, which focus on creativity, and enterprise offerings like VertexAI and Duet AI, which address concerns around accuracy, security and integrating with existing systems. The document aims to explain the differences between consumer and enterprise needs for generative AI and how Google's products meet those needs.
Augmented reality vs. virtual reality differences and similaritiesGlobalTechCouncil
Augmented Reality and Virtual Reality are two buzzwords we hear in the technology sector. Though People are aware of the two technologies in a broad manner but very few understand their true meaning, potential and how they are similar in certain ways yet different altogether.
Let’s have an insight into the two futuristic technologies that are slowly transforming the world around us.
The AI Index Report 2023 provides the following key highlights from its research and development chapter:
1. The US and China have the most cross-country AI research collaborations, though the rate of growth has slowed in recent years.
2. Global AI research output has more than doubled since 2010, led by areas like machine learning, computer vision and pattern recognition.
3. China now leads in total AI research publications, while the US still leads in conference and repository citations but these leads are decreasing.
4. Industry now produces far more significant AI models than academia, as building state-of-the-art systems requires greater resources that industry can provide.
5. Large language models
Generative AI models, such as ChatGPT and Stable Diffusion, can create new and original content like text, images, video, audio, or other data from simple prompts, as well as handle complex dialogs and reason about problems with or without images. These models are disrupting traditional technologies, from search and content creation to automation and problem solving, and are fundamentally shaping the future user interface to computing devices. Generative AI can apply broadly across industries, providing significant enhancements for utility, productivity, and entertainment. As generative AI adoption grows at record-setting speeds and computing demands increase, on-device and hybrid processing are more important than ever. Just like traditional computing evolved from mainframes to today’s mix of cloud and edge devices, AI processing will be distributed between them for AI to scale and reach its full potential.
In this presentation you’ll learn about:
- Why on-device AI is key
- Full-stack AI optimizations to make on-device AI possible and efficient
- Advanced techniques like quantization, distillation, and speculative decoding
- How generative AI models can be run on device and examples of some running now
- Qualcomm Technologies’ role in scaling on-device generative AI
Artificial intelligence (AI) is the science and engineering of making intelligent machines, especially intelligent computer programs. It is related to but not confined to using biologically observable methods to understand human intelligence. The history of AI involves its past developments, current applications, and future potential.
The document discusses intelligent avatars in the metaverse and toward intelligent virtual beings. It provides an overview of the metaverse, its uses cases and applications. Some key points discussed include:
- The metaverse refers to interconnected 3D virtual worlds where physical and digital lives converge.
- Avatars play a central role in the metaverse, pioneered by the video game industry.
- Potential uses of AI in the metaverse include accurate avatar creation, digital humans for interactions, and multilingual accessibility.
- Challenges of AI in the metaverse include issues around ownership of AI-created content, deepfakes, fair use of AI/ML technologies, data use for model training, and accountability for AI bias
The concept of extended reality gains popularity. Microsoft introduced the concept of Mixed Reality. Apple and Google improved on the current concept for Augmented Reality with ARKit, ARCore and Tango. This presentation gives you an introduction on what these technologies offer, and how we use them at Netcetera.
AI in Education must be an opportunity for allMarco Neves
Living tremendous and very challenging days impacted by the Digital Transformation mainly supported by Artificial Intelligence is important that all students learn about AI.
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptxOWAISSALAUDDINKHAN
This document provides an overview of Google Cloud's offerings for generative AI and large language models. It begins with a primer on large language models (LLMs) and generative AI, explaining what they are and how they have evolved. It then discusses Google's products for consumers like Bard and MakerSuite, which focus on creativity, and enterprise offerings like VertexAI and Duet AI, which address concerns around accuracy, security and integrating with existing systems. The document aims to explain the differences between consumer and enterprise needs for generative AI and how Google's products meet those needs.
Augmented reality vs. virtual reality differences and similaritiesGlobalTechCouncil
Augmented Reality and Virtual Reality are two buzzwords we hear in the technology sector. Though People are aware of the two technologies in a broad manner but very few understand their true meaning, potential and how they are similar in certain ways yet different altogether.
Let’s have an insight into the two futuristic technologies that are slowly transforming the world around us.
The AI Index Report 2023 provides the following key highlights from its research and development chapter:
1. The US and China have the most cross-country AI research collaborations, though the rate of growth has slowed in recent years.
2. Global AI research output has more than doubled since 2010, led by areas like machine learning, computer vision and pattern recognition.
3. China now leads in total AI research publications, while the US still leads in conference and repository citations but these leads are decreasing.
4. Industry now produces far more significant AI models than academia, as building state-of-the-art systems requires greater resources that industry can provide.
5. Large language models
Generative AI models, such as ChatGPT and Stable Diffusion, can create new and original content like text, images, video, audio, or other data from simple prompts, as well as handle complex dialogs and reason about problems with or without images. These models are disrupting traditional technologies, from search and content creation to automation and problem solving, and are fundamentally shaping the future user interface to computing devices. Generative AI can apply broadly across industries, providing significant enhancements for utility, productivity, and entertainment. As generative AI adoption grows at record-setting speeds and computing demands increase, on-device and hybrid processing are more important than ever. Just like traditional computing evolved from mainframes to today’s mix of cloud and edge devices, AI processing will be distributed between them for AI to scale and reach its full potential.
In this presentation you’ll learn about:
- Why on-device AI is key
- Full-stack AI optimizations to make on-device AI possible and efficient
- Advanced techniques like quantization, distillation, and speculative decoding
- How generative AI models can be run on device and examples of some running now
- Qualcomm Technologies’ role in scaling on-device generative AI
Artificial intelligence (AI) is the science and engineering of making intelligent machines, especially intelligent computer programs. It is related to but not confined to using biologically observable methods to understand human intelligence. The history of AI involves its past developments, current applications, and future potential.
The document discusses intelligent avatars in the metaverse and toward intelligent virtual beings. It provides an overview of the metaverse, its uses cases and applications. Some key points discussed include:
- The metaverse refers to interconnected 3D virtual worlds where physical and digital lives converge.
- Avatars play a central role in the metaverse, pioneered by the video game industry.
- Potential uses of AI in the metaverse include accurate avatar creation, digital humans for interactions, and multilingual accessibility.
- Challenges of AI in the metaverse include issues around ownership of AI-created content, deepfakes, fair use of AI/ML technologies, data use for model training, and accountability for AI bias
The concept of extended reality gains popularity. Microsoft introduced the concept of Mixed Reality. Apple and Google improved on the current concept for Augmented Reality with ARKit, ARCore and Tango. This presentation gives you an introduction on what these technologies offer, and how we use them at Netcetera.
Artificial Intelligence in Life Sciences and Agriculture.Yannick Djoumbou
Artificial intelligence is increasingly being used in life sciences and agriculture to help address challenges in drug and pesticide development. Key applications of AI include computer-aided molecular design, synthesis planning, metabolism prediction, and quantitative structure-activity relationship modeling. These applications utilize machine learning algorithms to parse large amounts of data and gain insights that help streamline the drug and pesticide development process. However, challenges remain such as a lack of sufficiently large and diverse datasets as well as a shortage of AI expertise. Overall, AI is transforming the design-make-test-analyze cycle in molecular discovery and there is significant potential for continued innovation in this area.
Audition ChatGPT Mission IA Commission des LoisAlain Goudey
Mon discours du jour a porté sur un sujet d'actualité extrêmement pertinent : les enjeux des IA génératives sur les entreprises, la société et les individus.
À travers mon intervention, j'ai exploré la manière dont ces IA, dont fait partie la technologie ChatGPT, sont en train de transformer radicalement notre société et notre économie. J'ai examiné comment elles sont utilisées dans le monde des affaires, comment elles affectent nos vies quotidiennes et comment elles ont le potentiel de modeler notre avenir.
J'ai aussi abordé les questions éthiques et législatives associées à ces IA. Comment pouvons-nous garantir une utilisation équitable et sécurisée de ces technologies ? Quel rôle les pouvoirs publics doivent-ils jouer pour réglementer ces outils ? Comment pouvons-nous nous assurer que ces IA bénéficient à tous et ne contribuent pas à accentuer les inégalités existantes ?
J'ai enfin présenté quelques idées d'importance pour les pouvoirs publics, en insistant sur la nécessité d'une politique publique bien pensée et proactive dans ce domaine. J'ai discuté des meilleures pratiques internationales en matière de réglementation de l'IA, et proposera des recommandations sur la manière dont la France pourrait adopter une approche similaire.
The document discusses artificial intelligence (AI), including its definition, history, applications, and future. It defines AI as the study of intelligent behavior in machines and the goal of AI research is to create technology that allows computers and machines to function intelligently. Some current applications of AI discussed are robotics, medical diagnosis, video games, and computer vision. The future of AI could include personal robots or a scenario where robots turn against humans.
VR adalah simulasi interaktif real-time yang membenamkan pengguna dalam dunia virtual melalui beberapa saluran sensorik. VR telah diterapkan dalam berbagai bidang seperti hiburan, kesehatan, manufaktur, dan pendidikan. Meskipun masih menghadapi tantangan seperti cybersickness, biaya mahal, dan keterbatasan teknologi, VR diharapkan semakin memainkan peran penting dalam kehidupan manusia ke depannya.
Many questions arise around this topic: What is Artificial Intelligence and what isn't? What is possible today? How can my organisation use AI? Will this replace my job? What can we expect in the future?
We will answer these and more in our presentation. We help you understand the impact of digital on your business and give you concrete steps to start taking action.
UX Strategy is a term that has been around for quite a while but is often not really well understood or implemented in business. Some companies have dedicated UX teams while others have a single UX champion who is struggling to make sense or identify what UX means to their organisation. How can organisations start thinking about how to bake UX into how they work? This tutorial at UXPA 2015 in San Diego, CA, took a pragmatic look at deconstructing what UX and UX strategy means to organisations, and looked at a framework to provide practical strategies to help connect UX Strategy to Business Strategy with the aim of truly embedding user insights and user centered design into the culture of their organisations.
My presentation entitled 'AI, Creativity and Generative Art', presented at the annual symposium for AI students (CKI) at Utrecht University, Fri. June 16th, 2017
How to implement camera recording for USB webcam or IP camera in C#.NETOzeki Informatics Ltd.
More info: www.camera-sdk.com
Source code: http://www.camera-sdk.com/p_123-video-tutorial-on-how-to-record-video-in-c-onvif.html
Welcome to this presentation that explains step-by-step how to develop video recording feature for your USB webcam and your IP camera / ONVIF IP camera in C#.NET to be able to capture and save the camera image. Good luck, have fun!
This document discusses using AWS services for industrial IoT and smart manufacturing applications. It provides examples of companies like Fender, Valmet and Volkswagen Group using AWS IoT, machine learning and analytics services to improve operational efficiency, enable predictive maintenance and quality, and gain insights from industrial equipment data. Edge computing solutions with AWS Greengrass are discussed as well for handling data from remote locations with unreliable internet connectivity.
This webinar is designed to explore the state of the art AI innovation and business applications for the web3 based metaverse development.
Agenda:
AI for Building Metaverse World
AI for 3D Objects/Contents/Avatars Creation
AI for Metaverse Commerce
AI for Metaverse Fashion
AI for NFT
AI for DAO
IP Issues with AI Created Assets
Generative AI: Redefining Creativity and Transforming Corporate LandscapeOsaka University
The advent of Generative AI is redefining the boundaries of creativity and markedly transforming the corporate landscape. One of the pioneering technologies in this domain is the Reinforcement Learning from Human Feedback (RLHF). Combined with advancements in LLM (Language Model) has emerged as a notable player. LLM offers two primary interpretations: firstly, as a machine capable of generating highly plausible texts in response to specific directives, and secondly, as a multi-lingual knowledge repository that responds to diverse inquiries.
The ramifications of these technologies are widespread, with profound impacts on various industries. They are catalyzing digital transformation within enterprises, driving significant advancements in research and development, especially within the realms of drug discovery and healthcare. In countries like Japan, Generative AI is heralded for its potential to bolster creativity. The value generated by such AI-driven innovations is estimated to be several trillion dollars annually. Intriguingly, about 75% of this value, steered by creative AI applications, is predominantly concentrated within customer operations, marketing and sales, software engineering, and R&D. These applications are pivotal in enhancing customer interactions, generating innovative content for marketing campaigns, and even crafting computer code from natural language prompts. The ripple effect of these innovations is palpable in sectors like banking, high-tech, and life sciences.
However, as with every innovation, there are certain setbacks. For instance, the traditional business model of individualized instruction, as seen in the context of professors teaching basic actions, is on the brink of obsolescence.
Looking ahead, the next five years pose pertinent questions about humanity's role amidst this technological evolution. A salient skillset will encompass the adept utilization of generative AI, paired with the discernment to accept or critique AI-generated outputs. Education, as we know it, will be reimagined. The evaluative focus will transition from verifying a student's independent work to gauging their ability to produce content surpassing their AI tools. Generative AI's disruptive nature will compel us to re-evaluate human value, reshaping the paradigms of corporate management and educational methodologies
The field of Artificial Intelligence (AI) has progressed rapidly in the past few years. AI systems are having a growing impact on society and concerns have been raised whether AI system can be trusted. A way to address these concerns is to employ ethically aligned design principles to the development of AI software. Yet these principles are still far away from practical application. This talk provides state-of-the-art empirical insight into what should researchers and professionals do today when the client wants ethics to be added to their system.
Presentation by Bo Parker, Managing Director of Center for Technology and Innovation at PricewaterhouseCoopers. Presentation was shown during the lecture at Digital October technology entrepreneurship center in Moscow, on 26 October.
Generative AI art has a lot of issues:
Lack of Control: Generative AI art eliminates digital artists' control over their work. The results are unpredictable and often unsatisfactory, leaving artists feeling frustrated.
No Unique Signature: Generative AI art lacks a unique signature or style, making it difficult for digital artists to stand out.
Quality Control Issues: Generative AI art can be of poor quality and unsuitable for professional use. Digital artists who rely on their work to make a living may find that AI-generated work is not up to their standards.
Decreased Job Opportunities: As generative AI art becomes more popular, the demand for human digital artists may decrease, leading to fewer job opportunities.
No Emotional Connection: Generative AI art lacks the emotional connection artists can create through their work. This can make it difficult for digital artists to connect with their audience and make a lasting impact.
Limited Creative Potential: Generative AI art has limited creative potential based on algorithms and pre-defined parameters. Digital artists who seek to express their creativity and individuality may find it limiting.
Intellectual Property Concerns: Generative AI art can infringe on the intellectual property of others, leading to legal issues for the artist.
Lack of Personal Touch: Generative AI art lacks the personal touch that digital artists can bring to their work. This can result in a lack of emotion, connection, and engagement with the audience.
Decreased Income: Generative AI art is often available for free or at a low cost, making it difficult for digital artists to make a living through their work.
Loss of Craftsmanship: Generative AI art relies on technology, taking away the element of craftsmanship and hand-drawn skills that digital artists have honed over time.
Augmented reality (AR) is a technology that superimposes computer-generated information over a user's view of the real world. AR combines real and virtual worlds to produce an enhanced version of reality. Key components of AR include scene generators to render virtual objects, tracking systems to align real and virtual views, and various display technologies like optical see-through HMDs. AR has applications in many fields including medical visualization, manufacturing, education, and gaming. While AR displays and tracking accuracy continue improving, challenges remain in areas like photorealistic rendering, reducing latency, and developing lighter and less obtrusive wearable devices.
A bit about Augmented Reality http://k3hamilton.com/AR/
Based on a presentation given on May 27, 2010 by Karen Hamilton and Jorge Olenenwa
Website has moved to http://k3hamilton.com/AR/ due to closing of wikispaces
The industrial revolution has changed many aspects of society. It brought about technology that vastly improved the manufacturing process, and it provided new jobs like assembly line work. However, with the rise of robotic automation, some jobs have gone obsolete. This is why some people are calling for a fifth industrial revolution, in which artificial intelligence will takeover some low-skill manual labor tasks.
The document discusses several key issues regarding the ethics of developing artificial intelligence and creating a personal AI:
1. It is theoretically possible to create artificial intelligence that exhibits intelligent behavior, but personal intelligence on the level of human intelligence poses significant challenges.
2. Developing a personal AI that experiences consciousness, emotions, and qualia like humans raises philosophical questions about personhood, rights, and whether such an experiment could cause harm.
3. While an AI may be able to reason logically, replicating human moral decision-making and judgment requires the ability to empathize and consider unique contexts and scenarios, which is extremely difficult to program.
Artificial intelligence (AI) is an area of computer science that aims to create intelligent machines that work and react like humans. The document discusses the definition of AI, its aims and types including reactive machines, limited memory machines, theory of mind, and self-awareness. It outlines advantages like executing complex tasks without cost and operating continuously, as well as disadvantages such as high costs and inability to replace humans fully. Applications are described in gaming, natural language processing, expert systems, and intelligent robots. Emerging trends in the military, criminal investigations, medicine, and home assistants are also mentioned. The future scope discusses uses in agriculture like weather forecasting, crop health analysis, agricultural robotics, and predictive analytics.
BYODTrends, Challenges, Pitfalls and TipsAxios Systems
George Spalding, EVP of Pink Elephant, explores the “Bring Your Own Device” (BYOD) trend, the opposing perspectives of staff and the company, and what BYOD means for IT people.
Products today are released despite the process. Most teams are dealing with a chaotic process that few understand. And yet, every organization is unique—so your planning process should be too. Most organizations need a small number of living documents—fewer than 10—to guide product innovation and provide consistency in process and roles. In this session, we’ll show how to use the Quartz Open Framework canvas to define a nimble planning process that determines which activities, artifacts and roles are necessary in your business.
Throw out your existing methods and start again. Create an innovative process that aligns with the agility of your organization.
Artificial Intelligence in Life Sciences and Agriculture.Yannick Djoumbou
Artificial intelligence is increasingly being used in life sciences and agriculture to help address challenges in drug and pesticide development. Key applications of AI include computer-aided molecular design, synthesis planning, metabolism prediction, and quantitative structure-activity relationship modeling. These applications utilize machine learning algorithms to parse large amounts of data and gain insights that help streamline the drug and pesticide development process. However, challenges remain such as a lack of sufficiently large and diverse datasets as well as a shortage of AI expertise. Overall, AI is transforming the design-make-test-analyze cycle in molecular discovery and there is significant potential for continued innovation in this area.
Audition ChatGPT Mission IA Commission des LoisAlain Goudey
Mon discours du jour a porté sur un sujet d'actualité extrêmement pertinent : les enjeux des IA génératives sur les entreprises, la société et les individus.
À travers mon intervention, j'ai exploré la manière dont ces IA, dont fait partie la technologie ChatGPT, sont en train de transformer radicalement notre société et notre économie. J'ai examiné comment elles sont utilisées dans le monde des affaires, comment elles affectent nos vies quotidiennes et comment elles ont le potentiel de modeler notre avenir.
J'ai aussi abordé les questions éthiques et législatives associées à ces IA. Comment pouvons-nous garantir une utilisation équitable et sécurisée de ces technologies ? Quel rôle les pouvoirs publics doivent-ils jouer pour réglementer ces outils ? Comment pouvons-nous nous assurer que ces IA bénéficient à tous et ne contribuent pas à accentuer les inégalités existantes ?
J'ai enfin présenté quelques idées d'importance pour les pouvoirs publics, en insistant sur la nécessité d'une politique publique bien pensée et proactive dans ce domaine. J'ai discuté des meilleures pratiques internationales en matière de réglementation de l'IA, et proposera des recommandations sur la manière dont la France pourrait adopter une approche similaire.
The document discusses artificial intelligence (AI), including its definition, history, applications, and future. It defines AI as the study of intelligent behavior in machines and the goal of AI research is to create technology that allows computers and machines to function intelligently. Some current applications of AI discussed are robotics, medical diagnosis, video games, and computer vision. The future of AI could include personal robots or a scenario where robots turn against humans.
VR adalah simulasi interaktif real-time yang membenamkan pengguna dalam dunia virtual melalui beberapa saluran sensorik. VR telah diterapkan dalam berbagai bidang seperti hiburan, kesehatan, manufaktur, dan pendidikan. Meskipun masih menghadapi tantangan seperti cybersickness, biaya mahal, dan keterbatasan teknologi, VR diharapkan semakin memainkan peran penting dalam kehidupan manusia ke depannya.
Many questions arise around this topic: What is Artificial Intelligence and what isn't? What is possible today? How can my organisation use AI? Will this replace my job? What can we expect in the future?
We will answer these and more in our presentation. We help you understand the impact of digital on your business and give you concrete steps to start taking action.
UX Strategy is a term that has been around for quite a while but is often not really well understood or implemented in business. Some companies have dedicated UX teams while others have a single UX champion who is struggling to make sense or identify what UX means to their organisation. How can organisations start thinking about how to bake UX into how they work? This tutorial at UXPA 2015 in San Diego, CA, took a pragmatic look at deconstructing what UX and UX strategy means to organisations, and looked at a framework to provide practical strategies to help connect UX Strategy to Business Strategy with the aim of truly embedding user insights and user centered design into the culture of their organisations.
My presentation entitled 'AI, Creativity and Generative Art', presented at the annual symposium for AI students (CKI) at Utrecht University, Fri. June 16th, 2017
How to implement camera recording for USB webcam or IP camera in C#.NETOzeki Informatics Ltd.
More info: www.camera-sdk.com
Source code: http://www.camera-sdk.com/p_123-video-tutorial-on-how-to-record-video-in-c-onvif.html
Welcome to this presentation that explains step-by-step how to develop video recording feature for your USB webcam and your IP camera / ONVIF IP camera in C#.NET to be able to capture and save the camera image. Good luck, have fun!
This document discusses using AWS services for industrial IoT and smart manufacturing applications. It provides examples of companies like Fender, Valmet and Volkswagen Group using AWS IoT, machine learning and analytics services to improve operational efficiency, enable predictive maintenance and quality, and gain insights from industrial equipment data. Edge computing solutions with AWS Greengrass are discussed as well for handling data from remote locations with unreliable internet connectivity.
This webinar is designed to explore the state of the art AI innovation and business applications for the web3 based metaverse development.
Agenda:
AI for Building Metaverse World
AI for 3D Objects/Contents/Avatars Creation
AI for Metaverse Commerce
AI for Metaverse Fashion
AI for NFT
AI for DAO
IP Issues with AI Created Assets
Generative AI: Redefining Creativity and Transforming Corporate LandscapeOsaka University
The advent of Generative AI is redefining the boundaries of creativity and markedly transforming the corporate landscape. One of the pioneering technologies in this domain is the Reinforcement Learning from Human Feedback (RLHF). Combined with advancements in LLM (Language Model) has emerged as a notable player. LLM offers two primary interpretations: firstly, as a machine capable of generating highly plausible texts in response to specific directives, and secondly, as a multi-lingual knowledge repository that responds to diverse inquiries.
The ramifications of these technologies are widespread, with profound impacts on various industries. They are catalyzing digital transformation within enterprises, driving significant advancements in research and development, especially within the realms of drug discovery and healthcare. In countries like Japan, Generative AI is heralded for its potential to bolster creativity. The value generated by such AI-driven innovations is estimated to be several trillion dollars annually. Intriguingly, about 75% of this value, steered by creative AI applications, is predominantly concentrated within customer operations, marketing and sales, software engineering, and R&D. These applications are pivotal in enhancing customer interactions, generating innovative content for marketing campaigns, and even crafting computer code from natural language prompts. The ripple effect of these innovations is palpable in sectors like banking, high-tech, and life sciences.
However, as with every innovation, there are certain setbacks. For instance, the traditional business model of individualized instruction, as seen in the context of professors teaching basic actions, is on the brink of obsolescence.
Looking ahead, the next five years pose pertinent questions about humanity's role amidst this technological evolution. A salient skillset will encompass the adept utilization of generative AI, paired with the discernment to accept or critique AI-generated outputs. Education, as we know it, will be reimagined. The evaluative focus will transition from verifying a student's independent work to gauging their ability to produce content surpassing their AI tools. Generative AI's disruptive nature will compel us to re-evaluate human value, reshaping the paradigms of corporate management and educational methodologies
The field of Artificial Intelligence (AI) has progressed rapidly in the past few years. AI systems are having a growing impact on society and concerns have been raised whether AI system can be trusted. A way to address these concerns is to employ ethically aligned design principles to the development of AI software. Yet these principles are still far away from practical application. This talk provides state-of-the-art empirical insight into what should researchers and professionals do today when the client wants ethics to be added to their system.
Presentation by Bo Parker, Managing Director of Center for Technology and Innovation at PricewaterhouseCoopers. Presentation was shown during the lecture at Digital October technology entrepreneurship center in Moscow, on 26 October.
Generative AI art has a lot of issues:
Lack of Control: Generative AI art eliminates digital artists' control over their work. The results are unpredictable and often unsatisfactory, leaving artists feeling frustrated.
No Unique Signature: Generative AI art lacks a unique signature or style, making it difficult for digital artists to stand out.
Quality Control Issues: Generative AI art can be of poor quality and unsuitable for professional use. Digital artists who rely on their work to make a living may find that AI-generated work is not up to their standards.
Decreased Job Opportunities: As generative AI art becomes more popular, the demand for human digital artists may decrease, leading to fewer job opportunities.
No Emotional Connection: Generative AI art lacks the emotional connection artists can create through their work. This can make it difficult for digital artists to connect with their audience and make a lasting impact.
Limited Creative Potential: Generative AI art has limited creative potential based on algorithms and pre-defined parameters. Digital artists who seek to express their creativity and individuality may find it limiting.
Intellectual Property Concerns: Generative AI art can infringe on the intellectual property of others, leading to legal issues for the artist.
Lack of Personal Touch: Generative AI art lacks the personal touch that digital artists can bring to their work. This can result in a lack of emotion, connection, and engagement with the audience.
Decreased Income: Generative AI art is often available for free or at a low cost, making it difficult for digital artists to make a living through their work.
Loss of Craftsmanship: Generative AI art relies on technology, taking away the element of craftsmanship and hand-drawn skills that digital artists have honed over time.
Augmented reality (AR) is a technology that superimposes computer-generated information over a user's view of the real world. AR combines real and virtual worlds to produce an enhanced version of reality. Key components of AR include scene generators to render virtual objects, tracking systems to align real and virtual views, and various display technologies like optical see-through HMDs. AR has applications in many fields including medical visualization, manufacturing, education, and gaming. While AR displays and tracking accuracy continue improving, challenges remain in areas like photorealistic rendering, reducing latency, and developing lighter and less obtrusive wearable devices.
A bit about Augmented Reality http://k3hamilton.com/AR/
Based on a presentation given on May 27, 2010 by Karen Hamilton and Jorge Olenenwa
Website has moved to http://k3hamilton.com/AR/ due to closing of wikispaces
The industrial revolution has changed many aspects of society. It brought about technology that vastly improved the manufacturing process, and it provided new jobs like assembly line work. However, with the rise of robotic automation, some jobs have gone obsolete. This is why some people are calling for a fifth industrial revolution, in which artificial intelligence will takeover some low-skill manual labor tasks.
The document discusses several key issues regarding the ethics of developing artificial intelligence and creating a personal AI:
1. It is theoretically possible to create artificial intelligence that exhibits intelligent behavior, but personal intelligence on the level of human intelligence poses significant challenges.
2. Developing a personal AI that experiences consciousness, emotions, and qualia like humans raises philosophical questions about personhood, rights, and whether such an experiment could cause harm.
3. While an AI may be able to reason logically, replicating human moral decision-making and judgment requires the ability to empathize and consider unique contexts and scenarios, which is extremely difficult to program.
Artificial intelligence (AI) is an area of computer science that aims to create intelligent machines that work and react like humans. The document discusses the definition of AI, its aims and types including reactive machines, limited memory machines, theory of mind, and self-awareness. It outlines advantages like executing complex tasks without cost and operating continuously, as well as disadvantages such as high costs and inability to replace humans fully. Applications are described in gaming, natural language processing, expert systems, and intelligent robots. Emerging trends in the military, criminal investigations, medicine, and home assistants are also mentioned. The future scope discusses uses in agriculture like weather forecasting, crop health analysis, agricultural robotics, and predictive analytics.
BYODTrends, Challenges, Pitfalls and TipsAxios Systems
George Spalding, EVP of Pink Elephant, explores the “Bring Your Own Device” (BYOD) trend, the opposing perspectives of staff and the company, and what BYOD means for IT people.
Products today are released despite the process. Most teams are dealing with a chaotic process that few understand. And yet, every organization is unique—so your planning process should be too. Most organizations need a small number of living documents—fewer than 10—to guide product innovation and provide consistency in process and roles. In this session, we’ll show how to use the Quartz Open Framework canvas to define a nimble planning process that determines which activities, artifacts and roles are necessary in your business.
Throw out your existing methods and start again. Create an innovative process that aligns with the agility of your organization.
Parag Deodhar presented on securing mobile workplaces at the Enterprise Mobility Summit on May 9th, 2012 in Bengaluru. He discussed how mobility is changing how IT operates as data moves outside of corporate networks. This crossing of the "Lakshman Rekha" or corporate firewall poses security risks. He highlighted issues with bring your own device policies including difficulty securing and managing personal devices on the network. Deodhar argued that organizations need a mobile enterprise strategy including device management, updated security policies, training, and enforcement mechanisms to balance security and productivity in an increasingly mobile workplace.
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
The Difference Between Being Secure And Being CompliantJohn Bedrick
The document discusses the difference between security and compliance. It begins with an overview of AccuCode, a company that provides security and compliance services. It then discusses how security is about protecting assets from threats like malware, hackers, and social engineering. Compliance, on the other hand, focuses on following standards and regulations. The document stresses that security is an ongoing process of analyzing risks and implementing appropriate protection measures. While compliance is important, true security requires layers of people, processes and technologies working together. Outsourcing to experts can help organizations achieve both security and compliance.
This document summarizes a presentation on enterprise mobility and mobile security. It discusses the goals of enterprise mobility such as increasing productivity and reducing risk. It covers topics like mobile device encryption, access control, mobile device management technologies, and unexpected expenses of data protection. The presentation emphasizes that mobility is about managing data, not just the devices, and discusses privacy and security risks, best practices, and the need for a governance, risk and compliance framework when adopting mobile solutions.
Humans Are The Weakest Link – How DLP Can HelpValery Boronin
SAS 2012 Official Video is available at http://www.youtube.com/watch?v=Vr8lmIhc0pk
Abstracts: All companies are invested in security, but far from all came to realize: employees’ awareness and education are the key factors to improve information protection and prevent data leaks. You can install most powerful DLP, encryption and other security tools, hire a lot of security officers and consulters to tune your business processes, eventually waste a lot of money and resources at security issues, but if end-users don’t understand threats, don’t know rules – they cannot follow internal policies and regulations, cannot correctly use appropriate tools. It’s all for nothing. Efficient information security strategy is to create a culture of awareness and enforcement – culture where users understand the consequences.
This session is about 3 main things:
1) What is user awareness in information security?
2) Why user awareness is required?
3) How to raise user awareness and what are key factors.
Practical recommendations for security user awareness program adopters and practitioners will be given. Role of the DLP in raising user awareness will be highlighted.
Related links:
http://www.youtube.com/watch?v=vXlyuGXAZzU – Valery Boronin on Data Luxury Protection at DLP Russia 2011 (in Russian)
Isaca e symposium understanding your data flow jul 6Ulf Mattsson
This document discusses understanding data flow and using tokenization to secure data. It provides an overview of vaultless tokenization compared to vault-based tokenization. Vaultless tokenization provides a smaller, static footprint without the need for replication or key management of a centralized vault. It allows for easy geographic distribution without collisions and provides the fastest industry tokenization with unlimited capability and little impact on performance. Case studies show vaultless tokenization helped large organizations reduce PCI compliance costs, improve performance, lower maintenance costs, enhance security, and simplify security assessments.
Why cant organizations fix all vulnerabilities? Why is it so difficult? Let's find it out
Presentation given at BSides Ottawa on Nov 29, 2019 by Dennis Chaupis and Ivan Perez
Key Findings from the World Quality Report 2012-13 at HP DiscoverCapgemini
Presented at HP Discover 2012
Alain Mey
Capgemini Global & EMEA Alliance Manager,
HP Software
Stefan Gerstner
VP Global Testing Services Capgemini Group
Sunrise Presentation, Company Overview 2012jvangombos
Sunrise Labs is celebrating 20 years of transforming client ideas into award-winning medical and industrial products. They have an experienced management team and provide complete product development services, including system design, software development, prototyping, and regulatory approval assistance, leveraging strategic partners and a collaborative approach. With technical expertise in areas like electronics, embedded systems, and software, Sunrise Labs helps clients smoothly transition projects from design to manufacturing.
Sunrise is expert in product development for robust, reliable, "smart" devices and instrumentation and have deep technical expertise in project management and systems integration. We excel as a strategic engineering resource ranging from complete product development to component obsolescence, 3rd edition, RoHS/REACH compliance, SWQA, V&V, and life cycle management and are ISO-13485 certified.
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
1) The document discusses the challenges facing CISOs in 2013, including the need to identify and mitigate risks, ensure effective controls, and communicate risks in business terms.
2) It presents Skybox Security as a leader in proactive security risk management through predictive risk analytics and continuous, scalable operations across diverse customers and industries.
3) The CEO argues that traditional vulnerability management, SIEM, and GRC tools are insufficient for continuous and effective security risk management. Skybox proposes an integrated approach using modeling, simulation, and risk analytics to provide improved visibility, security, and performance.
The document outlines the agenda and key topics for a Trusted Relationships Programme meeting. The agenda includes presentations on identity management issues, technical developments, personal identity management, and conclusions. Some of the key identity management issues discussed are authentication of external users, addressing policies that can be barriers to access, encouraging trusted relationship management and data sharing between institutions and employers, and providing secure learning environments and access to information for employees and work-based learners. The meeting aims to discuss tools for identity management, issues relating to portfolios and learning identity, views on privacy, and technical identity management issues.
IDC developed a set of cybersecurity case studies of US commercial organizations in order to learn: What security problems they have experienced, changes that they have made to address them, and new underlying security procedures that they are exploring.
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
The document discusses several topics related to cybersecurity including integrating endpoint technologies to stop threats, developing adaptive defenses to identify attackers, using threat modeling to assess vulnerabilities, selecting effective endpoint security products, protecting critical servers from advanced threats, finding exploitable flaws through fuzzing, implementing the top 4 critical controls, modern botnets posing major risks to banks, gathering additional threat intelligence from security tools, and training admins to detect and react to attacks.
The document discusses security threats and strategies for addressing them. It covers the rise of targeted, advanced persistent threats against both personal computers and mobile devices like Android. It advocates for an inside-out approach to security that protects valuable internal assets and data through deep security measures like firewalls, antivirus, and integrity monitoring across physical, virtual, and mobile environments. Detection and analysis of threats is also discussed through technologies that monitor network traffic and reputation services for mobile apps.
This document describes a case study based approach for teaching information security. It proposes using case studies that present real-world information security scenarios. Students would analyze these case studies individually and in teams to identify problems, generate solutions, and select optimal solutions. The document outlines various tools and methods for analyzing case studies, including using terminology definitions, static and dynamic perspectives, event chains, and table representations. It provides examples of how these analysis tools could be applied to a case study. The case study approach aims to make information security learning interactive, develop analytical skills, and be close to real-world situations.
1. The document discusses strategies around automating security processes to keep pace with rapid software development cycles. It notes problems that arise when security cannot keep up, such as lack of business agility.
2. Automating security checks and integrating them into continuous integration/delivery pipelines is proposed as a solution. This includes running automated vulnerability scans on code check-ins and having security bugs break the build.
3. A cultural shift is needed where security is a shared responsibility and developers/operations staff understand security outputs. Continuous learning and improving processes will also help security scale effectively.
Similar to Low Hanging Fruit from Penetration Testing (20)
This document outlines the benefits of outsourcing cybersecurity services to Syrinx Technologies through their Virtual CSO program. It discusses common security roadblocks organizations face related to cost, policy implementation, and risk perception. The Virtual CSO program provides business benefits like flexibility and no payroll costs, and technical benefits such as policy development, penetration testing, security awareness training, and compliance consulting. Clients can customize their solutions to fit their budgets. The summary encourages organizations to assess their security needs and work with Syrinx Technologies to develop an action plan and yearly program.
This document summarizes a presentation on cybersecurity in the cloud. The presentation covered cloud computing definitions and models including SaaS, PaaS, IaaS, and public, private and hybrid clouds. It discussed major cloud vendors like Amazon Web Services, Microsoft Azure, and OpenStack. The presentation addressed security issues in the cloud like outages, data breaches, and regulatory compliance. It emphasized the importance of service level agreements, testing disaster recovery plans, and monitoring metrics when adopting cloud services.
This document summarizes a presentation on regulations updates and penetration testing. The presentation covered recent changes to regulations like the ID Theft Red Flags Rule and PCI standards. It discussed why organizations should perform penetration tests, including to satisfy legal requirements and improve security. Potential vulnerabilities to check for were provided, like default passwords. The presentation included case studies of penetration tests performed and how access was gained through issues like unpatched systems. It emphasized that many security issues can be addressed through better password management, policies and procedures, and patch management.
PCI Compliance - What does it mean to me?syrinxtech
This document outlines the key points of a presentation on the Payment Card Industry Data Security Standard (PCI DSS). It introduces PCI DSS and its history, provides definitions of important terminology, describes the 12 requirements of the standard across 6 goals for securing payment card data, and discusses roles and responsibilities for compliance. The presentation covers building a secure network, protecting stored card data, maintaining vulnerability management, access controls, monitoring systems, and security policies.
1. VA SCAN 2012: Securing the Future: BYOD and Beyond
The Low Hanging Fruit
of
Penetration Testing
Bryan Miller
Computer Science & Information Systems
Virginia Commonwealth University
2. VA SCAN 2012: Securing the Future: BYOD and Beyond
Agenda
Speaker Introduction
What’s the Problem?
Definitions
Security Testing Issues
Lessons Learned
Self-Audit Tools
Wrap Up
The Low Hanging Fruit of Penetration Testing
10/9/2012 2
3. VA SCAN 2012: Securing the Future: BYOD and Beyond
Speaker Introduction
B.S. ISY, M.S. CS – VCU
VCU Network Engineer for 5 years
CISSP, former Cisco CCIE in R/S
FTEMS, ISSA, ISACA, IALR, VA SCAN lecturer
Penetration testing for 11 years
Formed Syrinx Technologies in 2007
Published author with 25 years in I.T.
The Low Hanging Fruit of Penetration Testing
10/9/2012 3
4. VA SCAN 2012: Securing the Future: BYOD and Beyond
What’s the Problem?
The Low Hanging Fruit of Penetration Testing
10/9/2012 4
5. VA SCAN 2012: Securing the Future: BYOD and Beyond
In many organizations security is seen as a
nuisance – a “must do” but not a “must have.”
Despite everything we know about securing
systems and applications, there are new data
breaches announced every week.
Organizations of every size and complexity are
affected, including the government, military,
commercial, R&D, banking and education.
The Low Hanging Fruit of Penetration Testing
10/9/2012 5
6. VA SCAN 2012: Securing the Future: BYOD and Beyond
Most of the breaches are caused by issues that
would never have existed if available best
practice rules had been followed.
Hacking has become commercialized.
Exploit “frameworks” lower the bar in regards
to knowledge required to compromise systems.
The Low Hanging Fruit of Penetration Testing
10/9/2012 6
7. VA SCAN 2012: Securing the Future: BYOD and Beyond
Definitions
The Low Hanging Fruit of Penetration Testing
10/9/2012 7
8. VA SCAN 2012: Securing the Future: BYOD and Beyond
Vulnerability Assessment
Penetration Testing
Social Engineering
Wardialing/Wardriving
The Low Hanging Fruit of Penetration Testing
10/9/2012 8
9. VA SCAN 2012: Securing the Future: BYOD and Beyond
Vulnerability Assessment
“jiggling the handle”
Often required for compliance
Sometimes confused with a risk assessment
The Low Hanging Fruit of Penetration Testing
10/9/2012 9
10. VA SCAN 2012: Securing the Future: BYOD and Beyond
Penetration Testing
External vs. internal
Goal is to simulate a real attacker, but with limits
How do those limits affect the testing?
How do you measure success?
The Low Hanging Fruit of Penetration Testing
10/9/2012 10
11. VA SCAN 2012: Securing the Future: BYOD and Beyond
Social Engineering
Three easy words: Hacking the Human
Easy to talk about, extremely difficult to prevent
Policies and education are the front line of defense
The Low Hanging Fruit of Penetration Testing
10/9/2012 11
12. VA SCAN 2012: Securing the Future: BYOD and Beyond
Wardialing/Wardriving
Wardialing – dialing phone numbers to look for
modems
Wardriving – scanning for wireless access points
Includes 802.11, Bluetooth, Zigbee, X.10
Legal to scan but not to associate to an AP
Includes warwalking and warchalking
The Low Hanging Fruit of Penetration Testing
10/9/2012 12
13. VA SCAN 2012: Securing the Future: BYOD and Beyond
Security Testing Issues
The Low Hanging Fruit of Penetration Testing
10/9/2012 13
14. VA SCAN 2012: Securing the Future: BYOD and Beyond
Penetration Testing vs. Vulnerability Assessments
Is one “better” than the other?
Which one is right for my situation?
Thorough requirements definition
Rules of engagement
What constitutes success?
Deliverables
The Low Hanging Fruit of Penetration Testing
10/9/2012 14
15. VA SCAN 2012: Securing the Future: BYOD and Beyond
Why should we test?
FERPA, PCI, HIPAA, SOX, FFIEC, NCUA, FIPS
Internal Audit requirements
Baseline the security posture for new management
Mergers & acquisitions
Natural complement to risk assessments
The Low Hanging Fruit of Penetration Testing
10/9/2012 15
16. VA SCAN 2012: Securing the Future: BYOD and Beyond
Why should we NOT test?
If you consider security a waste of good money
If you don’t want to know the answers
If you can’t or aren’t going to fix anything
If you really want to be on the local news or have
someone write a magazine article about you
The Low Hanging Fruit of Penetration Testing
10/9/2012 16
17. VA SCAN 2012: Securing the Future: BYOD and Beyond
Why don’t we test?
Our employees don’t know how to do bad things.
We already know what’s broken.
We don’t have anything hackers want.
If you tell us what’s wrong, we’ll have to fix it.
We haven’t fixed the things you found last time.
The Low Hanging Fruit of Penetration Testing
10/9/2012 17
18. VA SCAN 2012: Securing the Future: BYOD and Beyond
In-house or outsource?
The first question you have to answer is, “Do I have the
staff with the relevant skills/tools/time?”
You might not have a choice due to auditing standards.
A good compromise is to perform internal self-tests
followed by a review from a 3rd party.
Knowing something about the process makes you a better
consumer.
The Low Hanging Fruit of Penetration Testing
10/9/2012 18
19. VA SCAN 2012: Securing the Future: BYOD and Beyond
Lessons Learned
The Low Hanging Fruit of Penetration Testing
10/9/2012 19
20. VA SCAN 2012: Securing the Future: BYOD and Beyond
So, having said all that, what have we learned
about data breaches?
They happen to organizations of all sizes and
complexity.
Many of them can be prevented using best practice
methods.
Many can be categorized as “low hanging fruit.”
The larger your organization, the more LHF.
The Low Hanging Fruit of Penetration Testing
10/9/2012 20
21. VA SCAN 2012: Securing the Future: BYOD and Beyond
The Low Hanging Fruit Top Ten (1-5)
1. Bad password management
2. Default security controls
3. Incorrect permissions on files, directories,
databases, etc.
4. Missing OS and application patches
5. SQL Injection, XSS, cookie, state and URL
issues on web sites
The Low Hanging Fruit of Penetration Testing
10/9/2012 21
22. VA SCAN 2012: Securing the Future: BYOD and Beyond
The Low Hanging Fruit Top Ten (6-10)
6. Lack of security awareness
7. Access to internal systems from the Internet
8. Insecure wireless access points/modems
9. Lack of encryption (laptops, sensitive data &
emails)
10. Weak physical security
The Low Hanging Fruit of Penetration Testing
10/9/2012 22
23. VA SCAN 2012: Securing the Future: BYOD and Beyond
#1 – Bad password management
The Low Hanging Fruit of Penetration Testing
10/9/2012 23
24. VA SCAN 2012: Securing the Future: BYOD and Beyond
#2 – Default security controls
The Low Hanging Fruit of Penetration Testing
10/9/2012 24
25. VA SCAN 2012: Securing the Future: BYOD and Beyond
#2 – Default security controls
The Low Hanging Fruit of Penetration Testing
10/9/2012 25
26. VA SCAN 2012: Securing the Future: BYOD and Beyond
#3 – Incorrect permissions on web directory
This is how web defacements happen.
The Low Hanging Fruit of Penetration Testing
10/9/2012 26
27. VA SCAN 2012: Securing the Future: BYOD and Beyond
#4 - Missing OS and application patches
The Low Hanging Fruit of Penetration Testing
10/9/2012 27
28. VA SCAN 2012: Securing the Future: BYOD and Beyond
#5 – Cross Site Scripting (XSS)
The Low Hanging Fruit of Penetration Testing
10/9/2012 28
29. VA SCAN 2012: Securing the Future: BYOD and Beyond
#6 – Social Engineering
This is what you can access by pretending to be the “Verizon guy.”
The Low Hanging Fruit of Penetration Testing
10/9/2012 29
30. VA SCAN 2012: Securing the Future: BYOD and Beyond
#7 – Access to internal systems from the Internet
The Low Hanging Fruit of Penetration Testing
10/9/2012 30
31. VA SCAN 2012: Securing the Future: BYOD and Beyond
#8 - Insecure wireless access points/modems
The Low Hanging Fruit of Penetration Testing
10/9/2012 31
32. VA SCAN 2012: Securing the Future: BYOD and Beyond
#8 - Insecure wireless access points/modems
The Low Hanging Fruit of Penetration Testing
10/9/2012 32
33. VA SCAN 2012: Securing the Future: BYOD and Beyond
#9 – Lack of encryption with sensitive script
The Low Hanging Fruit of Penetration Testing
10/9/2012 33
34. VA SCAN 2012: Securing the Future: BYOD and Beyond
The real magic occurs when you get creative
Access the Registry via a blank SA password and run the
reg query command to display the VNC password
Use the osql command to turn on Telnet and remotely access
the server
Use the osql command to turn on xp_cmdshell
Watch keystrokes remotely via X-Windows with xspy
Download and compile a password cracking program and
then run it to crack the machine’s passwords
Spoof a wireless access point and execute a MITM attack
The Low Hanging Fruit of Penetration Testing
10/9/2012 34
35. VA SCAN 2012: Securing the Future: BYOD and Beyond
Self-Audit Tools
The Low Hanging Fruit of Penetration Testing
10/9/2012 35
36. VA SCAN 2012: Securing the Future: BYOD and Beyond
Port Scanners
Nmap
Nessus
SuperScan 3,4
RAPS (Remote Access Perimeter Scanner)
GFI
The Low Hanging Fruit of Penetration Testing
10/9/2012 36
37. VA SCAN 2012: Securing the Future: BYOD and Beyond
RAPS Output:
192.168.0.187 Port 5900 - VNC, Version 3.8
192.168.0.187 Port 5900 - VNC, NO LOGIN REQUIRED, Version 3.8
192.168.0.9 Port 3389 - Terminal Server
192.168.10.57 Port 5631 - pcAnywhere, Host: A1
192.168.10.56 Port 1720 - NetMeeting
10.2.0.139 Port 1494 – Citrix Server
10.2.1.20 Port 6000 – X Server, Version 11.0
10.2.1.21 Port 6000 – X Server, NO LOGIN REQUIRED, Version 11.0
The Low Hanging Fruit of Penetration Testing
10/9/2012 37
38. VA SCAN 2012: Securing the Future: BYOD and Beyond
IPSec Configuration
IPSecScan
Identify open IPSec endpoints
IKE-Scan
Display configuration parameters
With “aggressive mode”, dump PSK and brute force
The Low Hanging Fruit of Penetration Testing
10/9/2012 15
39. VA SCAN 2012: Securing the Future: BYOD and Beyond
IKE-Scan Output:
192.168.1.254 Aggressive Mode Handshake
HDR=(CKY-R=509ca66bcabbcc3a)
SA=(Enc=DES Hash=MD5 Group=1:modp768 Auth=PSK LifeType=Seconds )
VID=12f5f2887f768a9702d9fe274cc0100
VID=afcad713a12d96b8696fc77570100
VID=a55b0176cabacc3a52207fea2babaa9
VID=0900299bcfd6b712 (XAUTH)
KeyExchange(128 bytes)
ID(Type=ID_IPV4_ADDR, Value=192.168.1.254)
Nonce(20 bytes)
Hash(20 bytes)
What 3 items are not best practice?
The Low Hanging Fruit of Penetration Testing
10/9/2012 15
40. VA SCAN 2012: Securing the Future: BYOD and Beyond
Web Applications
Proxies
Burp Suite
Paros
Scanners
Acunetix
Nikto
Nessus
HP WebInspect
The Low Hanging Fruit of Penetration Testing
10/9/2012 15
41. VA SCAN 2012: Securing the Future: BYOD and Beyond
SSL Cipher Strength
SSLDigger
THCSSLCheck
OpenSSL
The Low Hanging Fruit of Penetration Testing
10/9/2012 41
42. VA SCAN 2012: Securing the Future: BYOD and Beyond
SSLDigger Output:
192.168.1.1:
EXP-RC2-CBC-MD5 – (40)
EXP-RC4-MD5 – (40)
EXP1024-DES-CBC-SHA – (56)
EXP1024-RC4-SHA – (56)
DES-CBC-SHA – (56)
(X) – Number of bits of encryption
This tool is great for checking PCI compliance
The Low Hanging Fruit of Penetration Testing
10/9/2012 42
43. VA SCAN 2012: Securing the Future: BYOD and Beyond
Dial-In
PhoneSweep
Commercial “wardialer” – can identify modems/architecture
and perform dictionary-based attacks on accounts
Wireless
802.11
Aircrack-ng
Kismet
Bluetooth
Bluesnarf
BlueAuditor
The Low Hanging Fruit of Penetration Testing
10/9/2012 43
44. VA SCAN 2012: Securing the Future: BYOD and Beyond
Why do vendors insist on making it
easy for attackers?
The Low Hanging Fruit of Penetration Testing
10/9/2012 44
45. VA SCAN 2012: Securing the Future: BYOD and Beyond
The Low Hanging Fruit of Penetration Testing
10/9/2012 45
46. VA SCAN 2012: Securing the Future: BYOD and Beyond
The Low Hanging Fruit of Penetration Testing
10/9/2012 46
47. VA SCAN 2012: Securing the Future: BYOD and Beyond
Rule #1 in Security
Ease of
Secure
Use
The Low Hanging Fruit of Penetration Testing
10/9/2012 47
48. VA SCAN 2012: Securing the Future: BYOD and Beyond
Wrap-Up
The Low Hanging Fruit of Penetration Testing
10/9/2012 48
49. VA SCAN 2012: Securing the Future: BYOD and Beyond
Data breaches affect your organization’s
reputation and can cost you significant money.
Software is becoming more complex while
attacker tools are becoming easier to use.
The majority of data breaches can be prevented
by following simple, best practice rules to
eliminate low hanging fruit.
The Low Hanging Fruit of Penetration Testing
10/9/2012 49
50. VA SCAN 2012: Securing the Future: BYOD and Beyond
Q&A
Bryan Miller
bryan@syrinxtech.com
www.syrinxtech.com
804-539-9154
The Low Hanging Fruit of Penetration Testing
10/9/2012 50