Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
This talk will address a fundamental challenge in information security: Authentication, or how to establish trust between a user and their collection of devices and internet services.
I will start by describing the current state of play: a regular user typically has at least one computer and a smartphone; each individual is then subscribed to tens or sometimes hundreds of Internet services which are accessed using these devices. Even these services are interconnected with trust relations, such as email accounts that receive password reset tokens. Some of these relations are not so obvious...
The complexity of this arrangement is rising so fast that it's getting harder for end users (even power users) to cope with all of its security implications. Most users will not have any strategy to manage their security, using the same password for all services and devices; but even most power users such as infosec professionals make mistakes that can be exploited.
I will illustrate the current scenario with a dissection of the Mat Honan hack and my own experience mapping the interconnections between my own devices and services.
I will then attempt to provide a strategy to schematize and improve the level of trust between users and devices / services, analysing ad-hoc strategies by power users and provide the tools to create a personal strategy.
Finally I’ll look into what the future of authentication, and what this Tangled Web might bring us: mutual authentication between devices, the future of two factor, the role of social networks, location based authentication, behaviour based trust, trust federation.
Security is now a c-level responsibility and can't just be outsourced to the IT manager. These are slides from a 90 hour session I run for some business owners and C-Levels in July 2016
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
This talk will address a fundamental challenge in information security: Authentication, or how to establish trust between a user and their collection of devices and internet services.
I will start by describing the current state of play: a regular user typically has at least one computer and a smartphone; each individual is then subscribed to tens or sometimes hundreds of Internet services which are accessed using these devices. Even these services are interconnected with trust relations, such as email accounts that receive password reset tokens. Some of these relations are not so obvious...
The complexity of this arrangement is rising so fast that it's getting harder for end users (even power users) to cope with all of its security implications. Most users will not have any strategy to manage their security, using the same password for all services and devices; but even most power users such as infosec professionals make mistakes that can be exploited.
I will illustrate the current scenario with a dissection of the Mat Honan hack and my own experience mapping the interconnections between my own devices and services.
I will then attempt to provide a strategy to schematize and improve the level of trust between users and devices / services, analysing ad-hoc strategies by power users and provide the tools to create a personal strategy.
Finally I’ll look into what the future of authentication, and what this Tangled Web might bring us: mutual authentication between devices, the future of two factor, the role of social networks, location based authentication, behaviour based trust, trust federation.
Security is now a c-level responsibility and can't just be outsourced to the IT manager. These are slides from a 90 hour session I run for some business owners and C-Levels in July 2016
This talk is a summarized view of the various other talks in my profile. It was given to TACOM HQ LCMC as part of the "Our Shared Responsibility" initiative.
This is a good topical overview with some technical information.
Electronic Authentication, More Than Just a PasswordNicholas Davis
A Presentation which discusses the three different types of electronic authentication: username/password (something you know), One Time Password (something you have) and Biometrics (Something you are). The benefits and drawbacks of each type of authentication are also addressed. A helpful presentation for those people looking to strengthen their authentication system, but who are unsure which technology fits their situation appropriately.
Password Cracking is a technique to gain the access to an organisation.
In this slide, I will tell you the possible ways of cracking and do a live example for Gmail Password Cracking.
Christopher Grayson discusses authentication, passwords, how to break password-based authentication schemes, and lastly introduces LavaPasswordFactory.
LavaPasswordFactory is a password list generation tool that also contains functionality for cleaning password lists based on password policies.
Getting ready to change ESPs, marketing automation providers, or CRM systems? According to Gartner, more than half of all data migration projects will exceed budget and timeline and/or harm the business, due to flawed strategy and execution. Let that sink in…
In the current environment, time is of the essence and failure is not an option! Join experts from FreshAddress and Devs United for a look at the steps smart businesses are taking to get data migration right the first time.
As if running a business isn't hard enough!
AVG (AU/NZ)'s Security Advisor, Michael McKinnon, presents 10 simple tips to secure your business from online threats.
A discussion of the problems with password security and how to make your passwords more secure. Also, we debunk some common myths about what makes a good password. (This was originally part one of a three part presentation on the need for and use of password managers.)
Breaches are everywhere! With the Windows Password Policy being outdated and ineffective, choose the nFront Password Filter to strengthen your company's password policy. Furthermore, many compliance requirements can be satisfied with the nFront Password Filter. Our software runs daily for over 4 million users in over 50 different counties.
This talk starts out by looking at how companies have tried to authenticate people using public information. It then looks at current authentication practices, and finishes by discussing how companies try to determine who you are without letting you know.
Presented at the 2016 B-Sides Orlando conference (bsidesorlando.org)
This talk is a summarized view of the various other talks in my profile. It was given to TACOM HQ LCMC as part of the "Our Shared Responsibility" initiative.
This is a good topical overview with some technical information.
Electronic Authentication, More Than Just a PasswordNicholas Davis
A Presentation which discusses the three different types of electronic authentication: username/password (something you know), One Time Password (something you have) and Biometrics (Something you are). The benefits and drawbacks of each type of authentication are also addressed. A helpful presentation for those people looking to strengthen their authentication system, but who are unsure which technology fits their situation appropriately.
Password Cracking is a technique to gain the access to an organisation.
In this slide, I will tell you the possible ways of cracking and do a live example for Gmail Password Cracking.
Christopher Grayson discusses authentication, passwords, how to break password-based authentication schemes, and lastly introduces LavaPasswordFactory.
LavaPasswordFactory is a password list generation tool that also contains functionality for cleaning password lists based on password policies.
Getting ready to change ESPs, marketing automation providers, or CRM systems? According to Gartner, more than half of all data migration projects will exceed budget and timeline and/or harm the business, due to flawed strategy and execution. Let that sink in…
In the current environment, time is of the essence and failure is not an option! Join experts from FreshAddress and Devs United for a look at the steps smart businesses are taking to get data migration right the first time.
As if running a business isn't hard enough!
AVG (AU/NZ)'s Security Advisor, Michael McKinnon, presents 10 simple tips to secure your business from online threats.
A discussion of the problems with password security and how to make your passwords more secure. Also, we debunk some common myths about what makes a good password. (This was originally part one of a three part presentation on the need for and use of password managers.)
Breaches are everywhere! With the Windows Password Policy being outdated and ineffective, choose the nFront Password Filter to strengthen your company's password policy. Furthermore, many compliance requirements can be satisfied with the nFront Password Filter. Our software runs daily for over 4 million users in over 50 different counties.
This talk starts out by looking at how companies have tried to authenticate people using public information. It then looks at current authentication practices, and finishes by discussing how companies try to determine who you are without letting you know.
Presented at the 2016 B-Sides Orlando conference (bsidesorlando.org)
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
2. Congratulations on you new job
• In you new job you have been asked to come up with a password
policy for a financial institution.
• In groups of 3 to 4 discuss the different scenarios whereby authentication will
be required.
• Devise a password policy.
• Ask Questions
3. Threats
• Brute-force attacks
• Account Hijacking
• Social Engineering
• Spamming
• Man in the middle
• Unauthorised access
• Networking sniffing
4. Enforcing Strong Passwords
Guidelines
• Password Length (Min 8 characters)
• Max Password Length (Not Limited)
• Multiple Character Sets (Required)
• Allowing Any Keyboard Character
• Not allowing dictionary words
• Not allowing username in password
• Difficulty remembering Passwords
• Passphrase
5. Brute-force Math
• Future Proof (Moore’s Law)
• Password constructed from 26 letters & 6 letters long.
# passwords = nX = 266 = 308,915,776
• 309 million passwords will take a good cracking program 30 minutes to compute every
combination.
• So this will take on average 15 minutes to crack this password
6. Brute-force Math
• If we allow lower and upper case characters we increase from 26 to 52 the pool of characters and
increase the password length to 8.
• # passwords = nX =528 = 53,459,728,531,456
• 53.5 trillion possibilities
If we allow numbers and keyboard symbols the character set increases to 94.
• # passwords = nX =948 = 6,095,689,385,410,816
• 6 quadrillion possibilities
• Beyond the reach of the ordinary hacker.
• What about the future?
7. Default Passwords
• Review your systems to identify default accounts.
• Change default account passwords.
• This includes hardware & software.
• Also Test and UAT accounts review.
• Password & Account Generation
• Customer Service
• Predictable password generation
• Sequential account names
• Oblivious Accounts (admin, test, UAT etc…)
• http://default-password.info/
8. Credential Harvesting
• Opens the door for Brute-force, Social Engineering & Spamming Attacks.
• What information does your application provide to an unauthenticated user? (Verbose Failure
Messages)
• Gmail (Credential Harvesting)
• So what if the username is not returned?
• Can we register for an account and will this tell us if the username is already in use.
• Passing Credentials at login
• Always in a POST
• After Login
(http://www.temp.com/mail.aspx?name=tom)
9. Idle Accounts
• Easy Target
• How to handle Idle Accounts
• Put Account on hold for a time period
• Actively monitor account
• Email account user of activity
• Do not automatically activate online account with customer data.
• Automated account creation should not be sequenced or predictive.
10. Password Storage
• 3 methods for storing passwords
• 1. Plaintext :-(
• 2. Ciphertext :-|
• 3. One-way hash ;-)
• Employees don’t know passwords.
• If the database is hacked all passwords are not compromised.
• http://md5-hash-online.waraxe.us/
• http://md5.web-max.ca/
11. Changing Passwords
• Allow users to change passwords themselves
• Intuitive interface
• Remind / Force Password change
• Must know old password before change.
• New password entry twice
• Conformation via mail or other
• Expire session after password change
• Require new login with new credentials
12. Forgot My Password
• Security Questions (Poor)
• What is your pet’s name
• In what year was your father born
• In what county where you born?
• What is the color of your eyes?
• What is your favorite sport?
• In what city were you born?
• What is your favorite color?
• What is your address, phone number?
13. Security Questions
• Top 20 pet names are Max, Buddy Molly ?.
• City you were born
• Top 20 largest cities easily found.
• Schools Attended
• 25,000 to 30,000 high schools in US
• Favourite movie
• IMBD.com top 100
• Mothers maiden name
• 25,000 surnames in US
• Favourite colour
• 100 common colours
• Should be treated as securely as passwords. (Stored Securely)
14. Beyond Passwords
• Something you know
• Something you have (RSA Key)
• Something you are
• Fingerprint, Hand
• Voice
• Facial scan
• Iris Scan
• Retina Scan
15. Review
• Enforce Strong Passwords
• Avoid easily guessed credentials
• Prevent credential harvesting
• Secure password storage
• Implement a password aging policy
• Changing password policy
• Security questions
• Always, Always, Always, encrypt traffic from the login page.
• Put username and password in a POST message. Why?
16. Review
• Non Unique Usernames Problem.
• Multistage Login Problem.
• Remember me functionality.
• Correct validation of credentials
• Log Monitor & Notify
• All Authentication events should be logged
• Anomalies in authentication should be processed in real-time
• User out-of-band communications
• User in-band communications
