Riccardo Tempesta gave a presentation on data security and leakage prevention in Magento stores. He discussed how security threats have evolved over time from phreaking and viruses to today's focus on stealing users' personal information. He then provided two examples of real security issues: (1) a SQL injection vulnerability in a third-party module that allowed unauthorized access, and (2) an XSS vulnerability that could allow malicious JavaScript to be run on a site. Throughout the presentation, he emphasized the importance of vetting third-party extensions and properly validating and escaping user input to prevent these types of attacks.
How to make yourself hard to hack! slide share presentationGriffin LaFleur
The document discusses common causes of security breaches and provides tips for individuals and businesses to better protect themselves from hackers. It notes that human error is responsible for the majority of security incidents and outlines strategies like using unique, changed passwords; enabling two-factor authentication; encrypting data; and updating devices regularly. The document advocates for a layered cybersecurity approach and summarizes best practices such as deploying anti-virus software, backups, and user education, and performing security risk assessments.
This document discusses integrating cyber security into continuous delivery practices. It notes that cyber security is an issue that everyone faces and outlines how DevOps practices can be expanded to DevSecOps by incorporating security into all phases of development. This includes implementing security controls, conducting threat modeling, code reviews, and security testing. It also recommends monitoring logs and deploying tools to help with static code analysis, vulnerability assessment and security for containers and cloud environments.
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicBojan Simic
This document from the Bitcoin Security Project discusses internet security and hacks that compromised over 575 million user accounts in 2013. It provides tips for improving security including hiring qualified developers, encrypting sensitive data, using secure storage methods like cold storage or paper wallets, taking advantage of free security resources, and starting a bug bounty program. The average security breach costs between $50,000 to $650,000 to remedy.
Cyber Vulnerabilities of Biometrics - OWASP 2015Bojan Simic
Talk done at OWASP DC and NoVa for biometric authentication and security. Includes a brief overview of Fast Identity Online (FIDO) specification as well as common ways authentication and biometrics are bypassed.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this.
This talk was presented in the WordCamp Osaka 2019.
LoginCat - the only application layer, zero trust, and negative trust cybersecurity solution out there.
Secure your Enterprise applications, at the application layer, which is exactly what hackers are after, without any modification to the applications themselves.
This document provides an overview of the LoginCat security software. It begins with background on the company TekMonks and then discusses current cybersecurity challenges, issues with traditional perimeter-based security solutions, and how LoginCat addresses these issues with a zero-trust, application-layer approach. LoginCat eliminates passwords and user IDs, uses passphrases and AI-based algorithms to secure access. It can integrate with existing applications via adapters and provides benefits like single sign-on, automated credential changes, and auditability.
How to make yourself hard to hack! slide share presentationGriffin LaFleur
The document discusses common causes of security breaches and provides tips for individuals and businesses to better protect themselves from hackers. It notes that human error is responsible for the majority of security incidents and outlines strategies like using unique, changed passwords; enabling two-factor authentication; encrypting data; and updating devices regularly. The document advocates for a layered cybersecurity approach and summarizes best practices such as deploying anti-virus software, backups, and user education, and performing security risk assessments.
This document discusses integrating cyber security into continuous delivery practices. It notes that cyber security is an issue that everyone faces and outlines how DevOps practices can be expanded to DevSecOps by incorporating security into all phases of development. This includes implementing security controls, conducting threat modeling, code reviews, and security testing. It also recommends monitoring logs and deploying tools to help with static code analysis, vulnerability assessment and security for containers and cloud environments.
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicBojan Simic
This document from the Bitcoin Security Project discusses internet security and hacks that compromised over 575 million user accounts in 2013. It provides tips for improving security including hiring qualified developers, encrypting sensitive data, using secure storage methods like cold storage or paper wallets, taking advantage of free security resources, and starting a bug bounty program. The average security breach costs between $50,000 to $650,000 to remedy.
Cyber Vulnerabilities of Biometrics - OWASP 2015Bojan Simic
Talk done at OWASP DC and NoVa for biometric authentication and security. Includes a brief overview of Fast Identity Online (FIDO) specification as well as common ways authentication and biometrics are bypassed.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this.
This talk was presented in the WordCamp Osaka 2019.
LoginCat - the only application layer, zero trust, and negative trust cybersecurity solution out there.
Secure your Enterprise applications, at the application layer, which is exactly what hackers are after, without any modification to the applications themselves.
This document provides an overview of the LoginCat security software. It begins with background on the company TekMonks and then discusses current cybersecurity challenges, issues with traditional perimeter-based security solutions, and how LoginCat addresses these issues with a zero-trust, application-layer approach. LoginCat eliminates passwords and user IDs, uses passphrases and AI-based algorithms to secure access. It can integrate with existing applications via adapters and provides benefits like single sign-on, automated credential changes, and auditability.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
For nearly 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. Security is our entire focus, and it shows. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats.
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
This document summarizes the key points from a Silicon Valley VC's perspective on security opportunities and challenges. It notes that the security landscape is increasingly complex, with state-sponsored attacks and advanced tools being used by attackers. Most enterprises do not treat security as a core part of their culture. There are many opportunities for startups in security analytics, behavioral monitoring, encryption, and translating technical security data into actionable intelligence for companies. However, the document also notes that startups themselves often have very poor security practices. It provides examples of weak security postures commonly seen in startups. The document argues that improving security should be a priority for startups in order to protect their valuable assets and avoid losing funding or having their work stolen.
2016, A New Era of OS and Cloud Security - Tudor DamianITCamp
This document summarizes a presentation about new security trends and technologies from Microsoft. The presentation covered:
1) Industry security trends like the evolution of attacks from script kiddies to organized crime and nation-states, and how modern attacks compromise credentials and use legitimate tools.
2) New Microsoft security technologies like Shielded VMs, Hypervisor Code Integrity, and Device Guard that provide hardware-based security on Windows devices.
3) Other technologies like Provable PC Health that attest the health of devices and Advanced Threat Analytics that uses machine learning to detect abnormal active directory usage indicating attacks.
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
Old security approaches are based on finding malware and data leaks. This is like "boiling the ocean," since you are “patching” all possible data paths and data stores, and you may not even find a trace of an attack. New security approaches assume that you are under attack and focus instead on protecting the data itself, even in computer memory (the “target” for a growing number of attacks). This session discusses what companies can do now to prevent what happened to Target and others processing PII, PHI and PCI data. The Oracle Big Data Appliance is a critical part of the solution.
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
The document discusses data privacy and security challenges posed by large language models like ChatGPT. It outlines recent data breaches and leaks involving ChatGPT, including a software bug and instances where ChatGPT was used to inadvertently leak company secrets. The document also examines ChatGPT's data retention policy and privacy issues, noting concerns about how personal information from user conversations may be collected and reviewed. Potential cybersecurity risks of ChatGPT like phishing scams and generating malicious code are presented. OpenAI's handling of these issues through bug bounties is also covered.
IT Security In 2016: Hull
14.30 - 16.00. Thurs 28th April @ Allia Future Business Centre, Peterborough
Slide deck taken from the Will Your Business Get Hacked? business breakfast seminar on Thursday 28th April at Allia Future Business Centre, London Road, Peterborough.
Speakers:
Phil Denham - Commercial Director @ Kamarin Computers
James Burchell - Senior Sales Engineer @ Sophos
Will Your Business Get Hacked - Hull (Apr 28)HBP Systems Ltd
IT Security In 2016: Hull
08.30 - 10.00. Thurs 28th April @ C4DI, Hull
Slide deck taken from the Will Your Business Get Hacked? business breakfast seminar on Thursday 28th April at C4DI @ TheDock, Queens St, Hull.
Speakers:
Phil Denham - Commercial Director @ HBP Systems
James Burchell - Senior Sales Engineer @ Sophos
The document provides an overview of the security industry, including current technologies, the startup landscape, and industry regulation. It discusses how data breaches are increasing in frequency and cost, driving growth in the security market from $55 billion in 2015 to a projected $128 billion by 2020. The top security technologies cover access control, endpoint protection, network threats, monitoring/forensics, and other areas. Recent investments have focused on infrastructure, cloud, and mobile security startups. Regulations have aimed to protect systems and information through laws like HIPAA, GLBA, and various cybersecurity acts.
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”
In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.
The rise of privacy & personal data in the IT business - Claudia JeleaITCamp
They say personal data is the currency driving this digital and interconnected world we live in. And mobile and cloud definitely reshape things. So the business of the future should learn how to build trust and create user-centered data strategies.
This interactive session will explore and try to give a few answers to questions like:
• Should IT businesses care about privacy & personal data?
• Do security and privacy walk hand in hand in the cloud?
• Is it relevant for a mobile developer to have the right privacy model?
• Do you embed privacy in your IT app development?
• Is there any real need for privacy & cookie policy in the digital world?
ITCamp 2016: The rise of privacy and personal data in the IT businessclaudiajelea
They say personal data is the currency driving this digital and interconnected world we live in. And mobile and cloud definitely reshape things. So the business of the future should learn how to build trust and create user-centered data strategies.
This interactive session will explore and try to give a few answers to questions like:
• Should IT businesses care about privacy & personal data?
• Do security and privacy walk hand in hand in the cloud?
• Is it relevant for a mobile developer to have the right privacy model?
• Do you embed privacy in your IT app development?
• Is there any real need for privacy & cookie policy in the digital world?
ITCamp 2018 - Walter Belgers - Lockpicking and IT securityITCamp
In this lecture, Walter Belgers will look at some security flaws in locks to see how they came about. Then, he shows us how similar mistakes are made in software development and deployment. In both cases, we have to deal with design flaws, implementation errors, zero day attacks, brute force attacks, user errors and more. Real life examples will be given and demonstrated. There are some interesting differences in how security is looked at in the hardware and the software world. Both groups can certainly learn each other.
The future of FinTech product using pervasive Machine Learning automation - A...Shift Conference
Machine learning and automated decisions are reshaping businesses by automating processes, optimizing customer interactions, and efficiently measuring risk. The future of fintech relies on pervasive use of machine learning, but scaling ML applications is challenging due to the scarcity of data scientists and the complex ML process. Automated machine learning can address these issues by simplifying and accelerating the ML lifecycle, enabling a wider range of users to develop and deploy models at scale across all business functions.
Modern cybersecurity threats, and shiny new tools to help deal with them - T...ITCamp
With cybersecurity threats changing rapidly, we definitely need a new set of tools to be able to prevent and address them more efficiently: malware is becoming more complex and harder to detect, malicious insider attacks are on the rise and zero-day exploits make their way to the public much quicker than before. Join this session to see how Windows Server 2016 and Windows 10 can help organizations deal with this ever-changing security ecosystem by providing them with ways to better secure their environment and data. We’ll touch on topics such as malware & threat resistance, identity & access control, virtualization-based security, configurable code integrity, remote attestation and a few others.
The document describes a new antivirus software called Smatsh that is being developed by Sun IT Pvt. Ltd in Pakistan. Smatsh aims to provide a more effective and efficient antivirus solution compared to existing alternatives. It utilizes modern technologies and regular updates to protect against viruses, malware, and other cyber threats. The developers believe Smatsh can help address Pakistan's technological backwardness by providing a high-quality local antivirus option. Sun IT Pvt. Ltd plans to target the Pakistani market initially and hopes Smatsh will gain widespread adoption.
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
The past couple of years have brought along new vulnerabilities, exploits and attack methods, as well as new data privacy requirements such as the GDPR. All of these things require significant changes to any existing processes and tools, but most importantly, to people's awareness. Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
For nearly 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. Security is our entire focus, and it shows. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats.
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
This document summarizes the key points from a Silicon Valley VC's perspective on security opportunities and challenges. It notes that the security landscape is increasingly complex, with state-sponsored attacks and advanced tools being used by attackers. Most enterprises do not treat security as a core part of their culture. There are many opportunities for startups in security analytics, behavioral monitoring, encryption, and translating technical security data into actionable intelligence for companies. However, the document also notes that startups themselves often have very poor security practices. It provides examples of weak security postures commonly seen in startups. The document argues that improving security should be a priority for startups in order to protect their valuable assets and avoid losing funding or having their work stolen.
2016, A New Era of OS and Cloud Security - Tudor DamianITCamp
This document summarizes a presentation about new security trends and technologies from Microsoft. The presentation covered:
1) Industry security trends like the evolution of attacks from script kiddies to organized crime and nation-states, and how modern attacks compromise credentials and use legitimate tools.
2) New Microsoft security technologies like Shielded VMs, Hypervisor Code Integrity, and Device Guard that provide hardware-based security on Windows devices.
3) Other technologies like Provable PC Health that attest the health of devices and Advanced Threat Analytics that uses machine learning to detect abnormal active directory usage indicating attacks.
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
Old security approaches are based on finding malware and data leaks. This is like "boiling the ocean," since you are “patching” all possible data paths and data stores, and you may not even find a trace of an attack. New security approaches assume that you are under attack and focus instead on protecting the data itself, even in computer memory (the “target” for a growing number of attacks). This session discusses what companies can do now to prevent what happened to Target and others processing PII, PHI and PCI data. The Oracle Big Data Appliance is a critical part of the solution.
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
The document discusses data privacy and security challenges posed by large language models like ChatGPT. It outlines recent data breaches and leaks involving ChatGPT, including a software bug and instances where ChatGPT was used to inadvertently leak company secrets. The document also examines ChatGPT's data retention policy and privacy issues, noting concerns about how personal information from user conversations may be collected and reviewed. Potential cybersecurity risks of ChatGPT like phishing scams and generating malicious code are presented. OpenAI's handling of these issues through bug bounties is also covered.
IT Security In 2016: Hull
14.30 - 16.00. Thurs 28th April @ Allia Future Business Centre, Peterborough
Slide deck taken from the Will Your Business Get Hacked? business breakfast seminar on Thursday 28th April at Allia Future Business Centre, London Road, Peterborough.
Speakers:
Phil Denham - Commercial Director @ Kamarin Computers
James Burchell - Senior Sales Engineer @ Sophos
Will Your Business Get Hacked - Hull (Apr 28)HBP Systems Ltd
IT Security In 2016: Hull
08.30 - 10.00. Thurs 28th April @ C4DI, Hull
Slide deck taken from the Will Your Business Get Hacked? business breakfast seminar on Thursday 28th April at C4DI @ TheDock, Queens St, Hull.
Speakers:
Phil Denham - Commercial Director @ HBP Systems
James Burchell - Senior Sales Engineer @ Sophos
The document provides an overview of the security industry, including current technologies, the startup landscape, and industry regulation. It discusses how data breaches are increasing in frequency and cost, driving growth in the security market from $55 billion in 2015 to a projected $128 billion by 2020. The top security technologies cover access control, endpoint protection, network threats, monitoring/forensics, and other areas. Recent investments have focused on infrastructure, cloud, and mobile security startups. Regulations have aimed to protect systems and information through laws like HIPAA, GLBA, and various cybersecurity acts.
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”
In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.
The rise of privacy & personal data in the IT business - Claudia JeleaITCamp
They say personal data is the currency driving this digital and interconnected world we live in. And mobile and cloud definitely reshape things. So the business of the future should learn how to build trust and create user-centered data strategies.
This interactive session will explore and try to give a few answers to questions like:
• Should IT businesses care about privacy & personal data?
• Do security and privacy walk hand in hand in the cloud?
• Is it relevant for a mobile developer to have the right privacy model?
• Do you embed privacy in your IT app development?
• Is there any real need for privacy & cookie policy in the digital world?
ITCamp 2016: The rise of privacy and personal data in the IT businessclaudiajelea
They say personal data is the currency driving this digital and interconnected world we live in. And mobile and cloud definitely reshape things. So the business of the future should learn how to build trust and create user-centered data strategies.
This interactive session will explore and try to give a few answers to questions like:
• Should IT businesses care about privacy & personal data?
• Do security and privacy walk hand in hand in the cloud?
• Is it relevant for a mobile developer to have the right privacy model?
• Do you embed privacy in your IT app development?
• Is there any real need for privacy & cookie policy in the digital world?
ITCamp 2018 - Walter Belgers - Lockpicking and IT securityITCamp
In this lecture, Walter Belgers will look at some security flaws in locks to see how they came about. Then, he shows us how similar mistakes are made in software development and deployment. In both cases, we have to deal with design flaws, implementation errors, zero day attacks, brute force attacks, user errors and more. Real life examples will be given and demonstrated. There are some interesting differences in how security is looked at in the hardware and the software world. Both groups can certainly learn each other.
The future of FinTech product using pervasive Machine Learning automation - A...Shift Conference
Machine learning and automated decisions are reshaping businesses by automating processes, optimizing customer interactions, and efficiently measuring risk. The future of fintech relies on pervasive use of machine learning, but scaling ML applications is challenging due to the scarcity of data scientists and the complex ML process. Automated machine learning can address these issues by simplifying and accelerating the ML lifecycle, enabling a wider range of users to develop and deploy models at scale across all business functions.
Modern cybersecurity threats, and shiny new tools to help deal with them - T...ITCamp
With cybersecurity threats changing rapidly, we definitely need a new set of tools to be able to prevent and address them more efficiently: malware is becoming more complex and harder to detect, malicious insider attacks are on the rise and zero-day exploits make their way to the public much quicker than before. Join this session to see how Windows Server 2016 and Windows 10 can help organizations deal with this ever-changing security ecosystem by providing them with ways to better secure their environment and data. We’ll touch on topics such as malware & threat resistance, identity & access control, virtualization-based security, configurable code integrity, remote attestation and a few others.
The document describes a new antivirus software called Smatsh that is being developed by Sun IT Pvt. Ltd in Pakistan. Smatsh aims to provide a more effective and efficient antivirus solution compared to existing alternatives. It utilizes modern technologies and regular updates to protect against viruses, malware, and other cyber threats. The developers believe Smatsh can help address Pakistan's technological backwardness by providing a high-quality local antivirus option. Sun IT Pvt. Ltd plans to target the Pakistani market initially and hopes Smatsh will gain widespread adoption.
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
The past couple of years have brought along new vulnerabilities, exploits and attack methods, as well as new data privacy requirements such as the GDPR. All of these things require significant changes to any existing processes and tools, but most importantly, to people's awareness. Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.
Similar to MeetMagento NL 2018 - Riccardo Tempesta - Magento 2 under siege (20)
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsRosie Wells
Insight: In a landscape where traditional narrative structures are giving way to fragmented and non-linear forms of storytelling, there lies immense potential for creativity and exploration.
'Collapsing Narratives: Exploring Non-Linearity' is a micro report from Rosie Wells.
Rosie Wells is an Arts & Cultural Strategist uniquely positioned at the intersection of grassroots and mainstream storytelling.
Their work is focused on developing meaningful and lasting connections that can drive social change.
Please download this presentation to enjoy the hyperlinks!
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
1. #mm18nl | @RicTempesta
Riccardo Tempesta - CTO @ MageSpecialist
Magento addicted developer
Magento 1 Certified Developer Plus
Magento 2 Certified Professional Developer
In the top Magento2 contributors list of 2017
Magento Stack Exchange 4% topmost
Proud NERD and GEEK
Something about me…
3. Data Security and Leakage prevention
#mm18nl | @RicTempesta
70s
Phreaking
80s
Worms / Viruses
(network)
Big companies
EU/US governments
public authorities
Security threats timeline
4. Data Security and Leakage prevention
#mm18nl | @RicTempesta
70s
Phreaking
80s
Worms / Viruses
(network)
First 90s
Worms / Viruses
(floppy)
Late 90s
Email viruses
Big companies
EU/US governments
public authorities
Small business companies
and final users
Security threats timeline
5. Data Security and Leakage prevention
#mm18nl | @RicTempesta
70s
Phreaking
80s
Worms / Viruses
(network)
First 90s
Worms / Viruses
(floppy)
Late 90s
Email viruses
Big companies
EU/US governments
public authorities
Small business companies
and final users
Security threats timeline
2000s
Spywares
2010s
Websites
Malwares
Users personal
information
6. Data Security and Leakage prevention
Users information
and
personal data
are the main
targets today
#mm18nl | @RicTempesta
7. Data Security and Leakage prevention
And the number of hackers and
“hackers wannabe” has drastically
increased…
#mm18nl | @RicTempesta
8. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Are you asking why?
9. Data Security and Leakage prevention
The hacker cliché in 80s-90s
#mm18nl | @RicTempesta
No social life
Few friends
«Genious»
NOT so cool
10. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Only few movies had
cool hackers
11. #mm18nl | @RicTempesta
Data Security and Leakage prevention
«War Games»
If you do not remeber
this movie you are too
young or not enough
NERD to be here!
12. Data Security and Leakage prevention
The hacker cliché in 2010s
#mm18nl | @RicTempesta
Still no social life
Still few friends
Still genious
But cool!
13. Data Security and Leakage prevention
#mm18nl | @RicTempesta
And this is why,
today everybody
wants
to be a hacker
14. Data Security and Leakage prevention
#mm18nl | @RicTempesta
A considerable amount
of hacking tools are
available today.
15. Data Security and Leakage prevention
#mm18nl | @RicTempesta
It is incredible,
but they are
user friendly!
16. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Security issues are
only happening to
other people…
17. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Even if Magento 2 is one of the
MOST SECURE E-COMMERCE SOLUTIONS
We must be aware that we could
accidentally introduce security holes with:
• Unsecure 3rd party modules
• Bad programming
• Misconfigurations
Using Magento is not enough…
18. Data Security and Leakage prevention
#mm18nl | @RicTempesta
I will try to scare
you for the next 10
minutes with “real
examples”
19. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Example #1: Data leakage
Beware of unverified 3rd party modules
20. Data Security and Leakage prevention
#mm18nl | @RicTempesta
A Magento merchant
Installed a 3rd party extension from a famous
company providing e-commerce services.
After few days he experienced multiple
unauthorized backend accesses.
21. Data Security and Leakage prevention
#mm18nl | @RicTempesta
<?php
namespace SomeVendorModel;
...
class SomeClass implements SomeClassInterface
{
...
public function getSomething()
{
$connection = $this->getConnection();
$filter = $this->request->getParam('filter’);
$qry = "select body from some_table where=" . $filter;
return $connection->fetchAll($qry);
}
...
}
What we found:
22. Data Security and Leakage prevention
#mm18nl | @RicTempesta
<?php
namespace SomeVendorModel;
...
class SomeClass implements SomeClassInterface
{
...
public function getSomething()
{
$connection = $this->getConnection();
$filter = $this->request->getParam('filter’);
$qry = "select body from some_table where=" . $filter;
return $connection->fetchAll($qry);
}
...
}
What we found:
Blind SQL injection
23. Data Security and Leakage prevention
#mm18nl | @RicTempesta
http://mysite/my/awesome/module?filter=title%3da+story
Everything is fine if we use it in the expected way:
24. Data Security and Leakage prevention
#mm18nl | @RicTempesta
…?filter=title%3da+story;+drop+database+magento;
This will NOT work:
Because PHP does not allow multiple queries in one time
27. Data Security and Leakage prevention
#mm18nl | @RicTempesta
…?filter=1+union+select+something+from+somewhere
But this will work:
This is called «union select attack»
28. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Let’s see what a malicious
user can do with SQLMap:
29. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Video #1
30. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Passwords are protected
Magento2 uses a SHA-256 hashing salt + pwd
algorithm to protect passwords.
But a malicious user can always run
a brute force off-line attack.
31. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Let’s see what can happen with “HashCat”
A tool able to run brute force attacks using the
Graphical Card GPU.
Up to 500MH/s with a standard video card
32. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Video #2
33. Data Security and Leakage prevention
#mm18nl | @RicTempesta
In 2015
56% of apps included at least one SQL injection
Source: https://thehackernews.com/2015/12/programming-language-security.html
34. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Most of the people will use the
same password both for PayPal
and your Magento store.
35. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Protecting passwords with BlindHash
Clear password SHA-256 hashed password
Fully encrypted password
https://www.blindhash.com/
Offline attacks complete protection
36. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Example #2: Full control
A common pitfall
37. Data Security and Leakage prevention
#mm18nl | @RicTempesta
A Magento merchant
Discovered something strange on his website.
Someone was able to change the pages content.
But no database/filesystem changes
were detected.
38. Data Security and Leakage prevention
#mm18nl | @RicTempesta
<?php
namespace SomeVendorBlock;
...
class SomeClass extends Template
{
...
public function getWelcomeText()
{
$name = $this->request->getParam(‘name’);
return __(‘Hello %1’, $name);
}
...
}
What we found:
39. Data Security and Leakage prevention
#mm18nl | @RicTempesta
<?php
/** @var SomeBlockClass $block */
?>
...
<?= $block->getWelcomeText() ?>
...
What we found:
40. Data Security and Leakage prevention
#mm18nl | @RicTempesta
http://mysite/my/awesome/module?name=Riccardo
Everything is fine if we use it in the expected way:
41. Data Security and Leakage prevention
#mm18nl | @RicTempesta
http://mysite/my/awesome/module?name=%3Cscript%3Eale
rt%28%27hello%20world%27%29%3C%2Fscript%3E
But, what if we replace it with a JavaScript code?
<script>alert('hello world')</script>
This code will run in your HTML document:
42. Data Security and Leakage prevention
#mm18nl | @RicTempesta
XSS injection:
Request containing the JavaScript
Response containing the Javascript
43. Data Security and Leakage prevention
#mm18nl | @RicTempesta
XSS injection (example):
Response containing the Javascript
Email with a link containing
the malicious JavaScript code
Click on the link
48. Data Security and Leakage prevention
#mm18nl | @RicTempesta
https://bit.ly/mm18demo
49. Data Security and Leakage prevention
#mm18nl | @RicTempesta
https://bit.ly/mm18demo-xss
50. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Video #3
51. Data Security and Leakage prevention
#mm18nl | @RicTempesta
In 2015
86% of apps included at least
one XSS vulnerability
Source: https://thehackernews.com/2015/12/programming-language-security.html
52. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Prevent and protect…
53. Data Security and Leakage prevention
#mm18nl | @RicTempesta
When you say «Magento», you
are not talking about a
software, you are talking about
a community.
No community can exist
without contributions.
When you say “Magento”:
54. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Detecting malwares
If you think you have been hacked:
https://github.com/gwillem/magento-malware-scanner
by Willem de Groot
ClamAV can be helpful for known PHP/JS malwares:
:~$ clamscan -r --bell -i /my/magento/path
55. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Our company’s contribution
to Magento 2 security:
● Two Factor Authentication
● Google reCaptcha
● Malicious IP filter
● Malware upload filter
● Admin IP restriction
● Magento IPS/IDS Shield
Our free contribution to security
56. Data Security and Leakage prevention
#mm18nl | @RicTempesta
Our company’s contribution
to Magento 2 security:
● Two Factor Authentication
● Google reCaptcha
● Malicious IP filter
● Malware upload filter
● Admin IP restriction
● Magento IPS/IDS Shield
Our free contribution to security
I can proudly say:
“They will be part of Magento 2.3”
57. Data Security and Leakage prevention
#mm18nl | @RicTempesta
MSP Notifier framework:
● Real Time notifications on:
● Telegram
● E-Mail
● Slack
● …
● Events based notifications
Another free contribution to security
58. Data Security and Leakage prevention
#mm18nl | @RicTempesta
MSP Notifier framework:
● Real Time notifications on:
● Telegram
● E-Mail
● Slack
● …
● Events based notifications
Another free contribution to security
59. Data Security and Leakage prevention
#mm18nl | @RicTempesta
I hope you enjoyed my speech
THANK YOU!
60. Data Security and Leakage prevention
#mm18nl | @RicTempesta
THANK YOU!
KEEP CALM
AND
KEEP HACKING
Github:
MageSpecialist
Twitter:
@RicTempesta
Please do not hack my accounts...