Ücretsiz içeriklerin reklamını yapan bir web sitesi bulursanız, sağduyuyu kullanmalı ve ondan uzak durmalısınız - özellikle ücretsiz hizmet karşılığında tüm kişisel verilerinizi paylaşmayı teklif eden bir site. Yani “ücretsiz VPN indir”, “ücretsiz VPN indir” veya “VPN bedava indir” gibi klasik ifadelerle reklam veren bir site görürseniz o siteden uzak durun. Çünkü VPN ücretsizse ve kullanırsanız daha sonra pişman olabilirsiniz. En önemlisi, VPN ile ilgili yasalar ülkeye göre değişebilir.
Personal Internet Security System or "PISS" doesn't exist. It's a mindset that comes from knowledge. Stop looking for someone else's and handle your own. You have an Antivirus? Firewall? Great! But the real threat comes from YOU! The user. That takes knowledge. I attached briefing slides for the typical user with minimal IT knowledge. Sometimes we all need a reminder that we are the ones who is the greatest threat to our networks. It's not a country states or actor. But we are the ones who inadvertently let them walk in.
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.more on http://www.trendyupdates.com/
Understanding word press security wwc-4-7-17Nicholas Batik
WordPress is a powerful tool for presenting your information on the web, but with great power comes great responsibility – and great targets for people intending various criminal intent. This presentation illustrates some of the risks and ways to mitigate them.
Fast and Furious: Managing critical risks in a hyper-connected world - The co...OECD Governance
Managing critical risks in this environment poses significant challenges for policymakers. The OECD High Level Risk Forum conducts research to help policymakers understand and identify critical risks, better anticipate them and mitigate their consequences.
Through partnerships, evidence generation and strategic frameworks, the OECD supports stakeholders in implementing cutting edge approaches to the multiple challenges of risk. Based on a whole-of-society approach, public and private sector actors discover ways to build greater resilience together and to rebound more quickly from
unanticipated shocks.
These activities are grounded in the OECD Public Governance cluster and are served by the Directorate for Public Governance and Territorial Development. More information can be found at www.oecd.org/gov/risk/
Ücretsiz içeriklerin reklamını yapan bir web sitesi bulursanız, sağduyuyu kullanmalı ve ondan uzak durmalısınız - özellikle ücretsiz hizmet karşılığında tüm kişisel verilerinizi paylaşmayı teklif eden bir site. Yani “ücretsiz VPN indir”, “ücretsiz VPN indir” veya “VPN bedava indir” gibi klasik ifadelerle reklam veren bir site görürseniz o siteden uzak durun. Çünkü VPN ücretsizse ve kullanırsanız daha sonra pişman olabilirsiniz. En önemlisi, VPN ile ilgili yasalar ülkeye göre değişebilir.
Personal Internet Security System or "PISS" doesn't exist. It's a mindset that comes from knowledge. Stop looking for someone else's and handle your own. You have an Antivirus? Firewall? Great! But the real threat comes from YOU! The user. That takes knowledge. I attached briefing slides for the typical user with minimal IT knowledge. Sometimes we all need a reminder that we are the ones who is the greatest threat to our networks. It's not a country states or actor. But we are the ones who inadvertently let them walk in.
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.more on http://www.trendyupdates.com/
Understanding word press security wwc-4-7-17Nicholas Batik
WordPress is a powerful tool for presenting your information on the web, but with great power comes great responsibility – and great targets for people intending various criminal intent. This presentation illustrates some of the risks and ways to mitigate them.
Fast and Furious: Managing critical risks in a hyper-connected world - The co...OECD Governance
Managing critical risks in this environment poses significant challenges for policymakers. The OECD High Level Risk Forum conducts research to help policymakers understand and identify critical risks, better anticipate them and mitigate their consequences.
Through partnerships, evidence generation and strategic frameworks, the OECD supports stakeholders in implementing cutting edge approaches to the multiple challenges of risk. Based on a whole-of-society approach, public and private sector actors discover ways to build greater resilience together and to rebound more quickly from
unanticipated shocks.
These activities are grounded in the OECD Public Governance cluster and are served by the Directorate for Public Governance and Territorial Development. More information can be found at www.oecd.org/gov/risk/
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
presented by Geoff Huston, APNIC Chief Scientist, at the 2017 New Zealand Network Operators Group (NZNOG) meeting held in Tauranga, New Zealand from 26 to 27 January.
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
Damon Cortesi of Alchemy Security presents the most effective ways to plug the most common holes found in web services. Learn about XSS, SQL injection, and why you should care about these things now instead of later.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 4 of 10
This Webinar focuses on Boundary Defense Mechanisms
• Denying communications with known malicious IP addresses
• Rapidly deployment of filters on internal networks
• Deploying network-based IDS sensors on Internet and extranet DMZ systems
• Seeking unusual attack mechanisms
• Implementing Network-based IPS devices
• Implementing a secure Network Architecture
• Implementing two-factor authentication
• Designing internal network segmentation
• Designing and implementing network perimeter proxy servers
• Denying communications with known malicious IP addresses
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Last Week’s session - “IoT – Connected Car – Technology Trends & Opportunities” covered a trending topic that promises to disrupt the transportation industry, as we know it. Here are the key Lounge47 takeaways:
1. Connected Cars are vehicles that use any from a range of communication technologies to communicate a) with the driver b) with other cars on the road (vehicle-to-vehicle (V2V)) c) road infrastructure (vehicle-to-infrastructure (V2I)) and d) the “Cloud” 2. Status today? a) Only a fraction of future automated and connected vehicle technologies are available today b) Although individual aspects of the connected driving experience are established the integrated whole is not c) The public today only enjoys up to level 2 on a 5 level scale of 0 to full automation. Level 4 vehicles are however being tested 3. 2014 milestones: a) Google and Apple target the car dashboard with 'Android Auto' and 'Carplay' platforms b) Google makes autonomous cars real with its self driving car d) Automotive companies begin to take customer data protection seriously e) Vehicle-to-Vehicle (V2V) technology gets the regulatory nod 4. Questions: Is the car the new Tech battleground? Will there be an Apple car? What business models will prevail? Are Uber-like companies preparing the market for the self-driving car? Would Self-driving cars make owning a car a thing of the past? 5. Benefits: a) Savings in terms of increased people productivity b) reduced gasoline usage due to efficient driving c) reduced road infrastructure maintenance d) Increased safety 6. Challenges: a) Developing a UI/UX that minimizes driver distraction b) Customer Data security c) In-car and remote cyber crime d) Liability – where does it sit? 7.Opportunities: a) In-car data that could serve consumers, drivers themselves, marketers, hardware manufactures, car companies and insurance companies b) Aftermarket solutions c) IoT products & solutions. 47b market today set to grow to 270b USD by 2020. Revenue potential per connected car estimated to be 1400 USD/vehicle/year 8. Opportunities in India: The Indian market will take time to mature. In the short-term: a) Parking Management b) Connected Infrastructure (e.g. smart cities) c) Insurance – Usage Based Insurance, driving pattern monitoring & support d) Radio Taxi Service – e.g. Ola, Uber e) Transportation as a Service – Personal mobility, Goods mobility f) Service Stations - cloud-based diagnostics & preventive care g) Battery technologies – Charging stations offer opportunities. In summary - realization of the Connected Car vision and the benefits it brings hinges not on the technology challenges but on whether it will win consumer acceptance and trust.
www.lounge47.in
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
presented by Geoff Huston, APNIC Chief Scientist, at the 2017 New Zealand Network Operators Group (NZNOG) meeting held in Tauranga, New Zealand from 26 to 27 January.
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
Damon Cortesi of Alchemy Security presents the most effective ways to plug the most common holes found in web services. Learn about XSS, SQL injection, and why you should care about these things now instead of later.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 4 of 10
This Webinar focuses on Boundary Defense Mechanisms
• Denying communications with known malicious IP addresses
• Rapidly deployment of filters on internal networks
• Deploying network-based IDS sensors on Internet and extranet DMZ systems
• Seeking unusual attack mechanisms
• Implementing Network-based IPS devices
• Implementing a secure Network Architecture
• Implementing two-factor authentication
• Designing internal network segmentation
• Designing and implementing network perimeter proxy servers
• Denying communications with known malicious IP addresses
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Similar to Safety & Security Risks in the Hyper-Connected World - IoT - Tamaghna Basu (20)
Last Week’s session - “IoT – Connected Car – Technology Trends & Opportunities” covered a trending topic that promises to disrupt the transportation industry, as we know it. Here are the key Lounge47 takeaways:
1. Connected Cars are vehicles that use any from a range of communication technologies to communicate a) with the driver b) with other cars on the road (vehicle-to-vehicle (V2V)) c) road infrastructure (vehicle-to-infrastructure (V2I)) and d) the “Cloud” 2. Status today? a) Only a fraction of future automated and connected vehicle technologies are available today b) Although individual aspects of the connected driving experience are established the integrated whole is not c) The public today only enjoys up to level 2 on a 5 level scale of 0 to full automation. Level 4 vehicles are however being tested 3. 2014 milestones: a) Google and Apple target the car dashboard with 'Android Auto' and 'Carplay' platforms b) Google makes autonomous cars real with its self driving car d) Automotive companies begin to take customer data protection seriously e) Vehicle-to-Vehicle (V2V) technology gets the regulatory nod 4. Questions: Is the car the new Tech battleground? Will there be an Apple car? What business models will prevail? Are Uber-like companies preparing the market for the self-driving car? Would Self-driving cars make owning a car a thing of the past? 5. Benefits: a) Savings in terms of increased people productivity b) reduced gasoline usage due to efficient driving c) reduced road infrastructure maintenance d) Increased safety 6. Challenges: a) Developing a UI/UX that minimizes driver distraction b) Customer Data security c) In-car and remote cyber crime d) Liability – where does it sit? 7.Opportunities: a) In-car data that could serve consumers, drivers themselves, marketers, hardware manufactures, car companies and insurance companies b) Aftermarket solutions c) IoT products & solutions. 47b market today set to grow to 270b USD by 2020. Revenue potential per connected car estimated to be 1400 USD/vehicle/year 8. Opportunities in India: The Indian market will take time to mature. In the short-term: a) Parking Management b) Connected Infrastructure (e.g. smart cities) c) Insurance – Usage Based Insurance, driving pattern monitoring & support d) Radio Taxi Service – e.g. Ola, Uber e) Transportation as a Service – Personal mobility, Goods mobility f) Service Stations - cloud-based diagnostics & preventive care g) Battery technologies – Charging stations offer opportunities. In summary - realization of the Connected Car vision and the benefits it brings hinges not on the technology challenges but on whether it will win consumer acceptance and trust.
www.lounge47.in
BIG DATA: LEVERAGING COMPETITIVE INTELLIGENCE IN RETAIL - Mandar Mutalikdesai...Lounge47
“Big Data: Leveraging Competitive Intelligence In Retail" focused on the next wave – enabling real time decisions and real-time responses through big data. Here are the Lounge47 key takeaways: 1. Large enterprises have this far used big data to focus on process improvement and variety of data (Process improvement 47%, Variety of data 26%, Volume of data 16%, Cost Saving & Efficiency 8%, Velocity of Data 3%) 2. Big data is not a new problem; at any point of time, our ability to produce data has always been greater than the sophistication of the tools available to process and make it usable 3. Companies like Uber and Amazon, with products like “Surge Pricing” or “Dynamic Pricing” are ushering in the paradigm of “fast data” to make instant decisions and gain a competitive advantage 4. “Fast Data” unlike “historical data, is live, interactive, automatically generated, and often self-correcting” – the volume and nature will be further accelerated through the Internet of Things (IoT) 5. In the retail vertical – data enablers that push micro decisions in real time and serve to answer – what inventory to hold? or what products to promote? - pose a powerful value proposition 6. A plethora of data products, web-based, Apps, API’s, reports could be built to help enterprises take decisions E.g. a “Color” report that tells a fashion retailer that their inventory should carry more items in blue 7. Data products could serve - ecommerce companies, sellers, brands – each stakeholder, with very specific requirements and specific problems to solve E.g. brands value reports on product discounts offered to flag policy violation 8. Solving the big data challenge would involve the following generic steps – data extraction and aggregation, cleaning, normalizing, standardizing, sorting, storing. Analytics. Visual data presentation, via dashboard interfaces, reports etc. 9. Big data sounds like a simple problem to solve however the challenges are many a) Data acquisition: crawling public websites could be limited if volume and speed of query impact service to users, thus slowing the data collection b) Data cleaning & standardization: raw data could be messy or have gaps c) Storage and retrieval d) Data Accuracy: Careful management of massive machination with minimal human audits to keep the margin of error suppressed 10. Some Big data products: Price comparison by the hour and across competition, color report on product inventory, Market & Business intelligence products, discount tracking of basket of products 11) Finding a “give-back” to encourage E-Commerce companies to part with private data would allow big data companies to build an ecosystem that is mutually beneficial to all stakeholders.
While big data is an often used buzz word, and challenges like “new technology deployment” and the “collection, analysis and measurement of data” are being solved, the full power of this paradigm will be realized when organi
Consumer Internet Insights - Jeyandran VenugopalLounge47
Last Week’s - “Consumer Internet Insights" session sketched trends, opportunities and challenges in this space. Here are the Lounge47 key takeaways: 1. India has become the new “Land of Opportunity” - untapped potential, increased consumer/middle class spending, adoption-cycles shortening due to younger demographic willing to be early adopters, institutional investment in Startups increasing 2. “Cost to Try” is cheaper in India 3. Some stats – Population: 1.28b, Internet users: 1/6, Tablet users: 1/120. Mobile Internet users: 1/10, Social Media users: 1/13 4. Mobile growth presents a tremendous opportunity – Mobile Internet growing faster relative to rest of the world 5. Opportunities: a. Enabling Technologies for Mobile Platforms:
plugging a key function within a growing ecosystem e.g. search engine for apps, App personalization & recommendations, performance, analytics and insights, cross platform app development, prototyping tools, design to code technologies, democratization of app development (e.g. andromo, appgeyser), enterprise mobility (e.g. Kony), regional language focus b. Advertising Platforms: programmatic buying platforms,
demand- side platforms that can optimize Ad buy ROI’s, unified solutions for multichannel ad spend management to optimize impressions for targeted spending objectives, SMB businesses – managing marketing spends, fraud management c. Personalization Technology: Given current vastness of Internet how to enable
users to get relevant and contextual information and explore interests – how, what, where and when of personalization needs to be thought through and pin-pointed technologies like machine learning, large scale data analytics and data mining used to enhance efforts d. Natural Language Processing (NLP), Speech (processing and synthesis), Image and Video Processing: Given that semantic web initiatives have not taken off, self expression through blogging e.g. Tumblr, rich media as opposed to text, deep learning networks for image and video understanding – a new and hot field e. Big Data Analytics as an enabler is the other big area for opportunity 6. Challenges: Cyber security - active threat groups for example have increased +4x since 2011.
Also, social implications should be considered carefully e.g. Google glass.
Creating creative content for social media - Balraj KN, Cartoonist, Illustrat...Lounge47
“Creating Original Content for Social Media" - focused on thoughts and insights around using the medium of cartoons to communicate and promote ideas, products and Startups more effectively. Here are the Lounge47 key takeaways: 1. Do not try to include too many messages in one piece. Keep messages simple. Use images to express them 2. Consumers have low attention span. Cartoons could serve as an effective medium of communication. When cartoons can communicate with no text, they are most powerful 3. To produce effective cartoons, founders need to get crisp on pain point, solution, products, brand, customer, positioning etc. Images should reflect this clarity 4. Riding on current affairs and trends enhances effectiveness 5. Most Social media users fall into the category of content sharers (rather than content creators); think through what would motivate them to repost 6. When using themes and humor, develop a sense of self-censorship 7. Lower your expectations of quality and get started. Quality at first may not be good however with experience and time it will improve.
Key message: Start doing. Now. Don’t wait for the “creative” hire at some point in the future.
Who will pay for IoT and why? - Atanu Roy Chowdhury, Senior Product Manager a...Lounge47
“WHO WILL PAY FOR IoT AND WHY? " was a thought-provoking session. Here are the Lounge47 key takeaways: 1.IoT is a self-organizing system of Internet connected peripheral systems providing new and improved converged services 2.The value of the digitally charged thing in IoT comes from an extension of the local function with new digital services. Thing(s) + IT=Local function + measurements (historical, instantaneous) leading to new services and supercharged functions 3.The IoT hype is about the opportunity to monetize services from 50b connected devices by 2020 4.IoT devices can be classified by human desires - to know (omniscence), for human connection (telepathy), to protect & be protected (safekeeping), to be healthy & vital ( immortality), to move effortlessly (teleportation), to create, make and play (expression) 5.The IoT difference: Edgeware driving value, the “ecosystem of devices” paradigm and the possibilities for entrepreneurship 6.PC to Mobile industry to IoT is transitioning the traditional “top down” to a more collaborative approach 7.Value to the customer: a.high resolution real-time information b.M2M silos interconnected for greater visibility c.Interoperated and leveraged common infrastructure d.low cost solution solving specific consumer pain points e.improved traceability, resource utilization, health and safety 8.Value to developer: a.can handle multiple business models b.can handle multiple deployment models c.can create new products and services to diversify revenues d. Services in addition to devices can be created by developers 8. The actors in the IoT ecosystem – those that, discover new services, deliver supercharged services, create supercharged services, create Smart Things 9.Technical best practices: a.cost of data acquisition is not homogeneous b.diversity in sensors, devices and vendors is endemic c.business requirements can exceed technology reach d.device failures will happen, plan to handle them e. ensure that products are certified f.security is not an afterthought 10.Business best practices: a.device costs are a function of volumes, functionality and robustness b.there is a creepiness factor to IoT solutions c.new services require training d.market potential is hard to guesstimate e.Know your competition f.understand local regulations and tax regimes g.Process changes will be resisted h.Disgruntled customers seldom return 11. Different Business Models should be considered.
In summary, IoT offers significant opportunities, but the successful players will be those that emphasize and deliver value relative to existing services rather than just offer new functionality with undeterminable value.
“K-12 EDUCATION - CHALLENGES & OPPORTUNITIES FOR STARTUPS" was a session striking in its simplicity, honesty and practicality. Here are the key Lounge47 take aways: 1. Identify a “real” pain point (eg. Assessment drudgery faced by teachers) and provide a “real” solution 2. Study the website of the institution and align your presentation to meet the vision of the institute 3. Reach out to the Administration Officer (AO) within the educational institute to understand the institute better, the key players and their challenges. Key skill required : Listening 4. Leverage existing relationships e.g. The person that sells transportation buses to the school, whose recommendation would set you up for better success 5. Identify the decision maker – this is more likely to be the person in the organization that has “veto power” – the person who can say “no” to decisions 6. Educational institutes are capital intensive organizations. Capex (capital expenditure, eg. classrooms) takes first priority over Opex. Given this, entrepreneurs have a better chance of success with established institutes. 7. Lead time for Opex decisions is 1 to 4 years. Understand this reality, do not get disheartened if your idea does not get the nod. Call back repeatedly to check status 8. A normal day of school can be hectic. The entrepreneur should understand this and pick a time of the day and time of the year carefully, to ensure that the decision maker has the mental bandwidth to give your proposal full attention. And remember that the truest test of the success of your Startup is not VC funding but a paying customer.
I am starting up - How do I start coding? - Gautham Pai, an "Entrepreneur, Fo...Lounge47
This session gave practical steps to go from resisting programming to doing it. Here are the key Lounge47 takeaways: 1. Coding is not all that difficult; one needs to be curious and experimental. 2. There are many entrepreneurs who started out with no coding skills but ended up building great products. 3. Demand for programmers outstrips supply. Learning to code is a great way to control your destiny while controlling your burn. 4. Your Startup idea is great training ground. Combine your own research with speaking to peers and mentors to refine your path. 5. Don’t aim to build the perfect product but just enough to communicate your Startup idea, build a team and get investors interested. 6. “Learn to get things done” rather than “Learning for the heck of it”. Don’t get attached to one technology. Starting up has never been easier or cheaper. Computing power, free software, free storage and free analytics – all of these can be leveraged to power your dreams.
Bare Essentials - A practical guide to building a lean Startup - Karthik Rama...Lounge47
“Bare Essentials – A Practical Guide to Building a Lean Startup”, was followed with an extended Q & A session. Background: The 'Lean Startup' term was popularized by entrepreneur Eric Reis on his blog “Startup Lessons Learned” and in his 2011 best selling book - ”The Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses”. From last week’s talk and discussion, here are the key Lounge47 takeaways: 1) Lean Startup philosophy prescribes “experimentation over elaborate planning, customer feedback over intuition, and iterative design over traditional upfront big design” 2) Rather than develop a conventional business plan, build a business model after executing key steps - a. Develop hypotheses b. Test hypotheses by getting feedback from potential users, purchasers and partners c. Develop product “iteratively and incrementally with minimum waste of resources”, including time. Basically, Build, Measure & Learn quickly 3) Lean Startup founders discuss their ideas and seek feedback rather than operate in secrecy or “stealth mode” 4) Popular terms - MVP (Minimum Viable Product): a minimum version of product that “cuts the fat, not the essence”; Pivot (a sudden shift in strategy) affecting any and all critical moving parts of the business.
The Lean Startup is more a mindset and approach – there is no recipe book and founders have to make judgment calls for their Startups. The Q&A addressed such specific issues.
“Do's & Dont's of Funding” was last Saturday's session. It was a run-down of case study briefs to demonstrate the realities of funding. Here is the Lounge47 Summary: 1) Do not be in a hurry to get funded. Bootstrap as much as you can 2) Understand the “funding” paradigm. VC initial agreement to fund (term sheet) do not automatically translate into success; it just signifies the beginning of even harder work. 3) Research, seek professional advice, pick a VC carefully, and keep your pitch understandable and credible. 4) Your VC pitch is about selling you, your company and your product. Let passion tell your story 5) Prepare for your ask. And, be able to communicate a detailed plan of your spend 6) Think through profit, scalability, predictability, sustainability and de-risking your Startup upfront 7) Consider other funding sources like ex-entrepreneurs or executives 8) Getting the attention of the funding community is difficult; get resilient 9) If your Startup is generating receipts, you will gain leverage on funding, and in some cases, it may lead to self-sustenance without funding. 10) Do's: Focus on the business model, have self-belief, be detailed and thorough, drill down on use cases, be disruptive, focus on cash flows, be realistic. Dont's: don't rush things, don’t screw up after funding.
Protecting intellectual property (ip) at startups - Ravi Vaikuntachar, Manage...Lounge47
“Protecting Intellectual Property at Startups” was a highly interactive
one with questions from entrepreneurs leading to much learning for all. Some key takeaways from the
session: 1) IP is not a “ghost” to be feared, but a “friend” to be nurtured 2) Familiarize yourself with all
aspects of IP relevant to your business and your idea. Just being informed helps you manage about 70% of
the risk 3) The vision of the Startup should lead to an IP strategy that allows easy answers to key questions
like – Should I patent or not? Which markets should I file patents in? etc. 4) Myths around IP should be
shattered (example: unclear explanations of ideas to obfuscate full disclosure can leave Startups with a
lack of protection) 5) The philosophy of patent protection should be understood – Governments give
inventors a monopoly for a certain period of time in return for full disclosure from the inventors so that
the next inventor/entrepreneur can execute and push the envelope for the general benefit of society 6)
Misuse of patents can kill a company. Founders should do an initial patent search to ensure that they are
not in violation. 7) Patent services companies are highly skilled (and expensive) but Startups may want to
consider hiring these services because shortcuts often lead to significant exposure 8) Startups that are
bootstrapping, can consider a provisional patent filing 9) Intellectual property is not just patents -
Copyrights, Trademarks and Trade Secrets offer protections that should be considered as well. Indian
entrepreneurs should take IP seriously to build credible businesses.
IoT-Where is the Money? - Chandrashekar Raman, Engagement Manager, IoT Strate...Lounge47
“Internet of Things (IoT) – Where is the Money?” - This talk highlighted the need for innovative business and technical models. Top 5 key takeaways from the session: 1) Analyze business models from the perspective of targeting “control points” (allows disproportionate share of value e.g. platform), “network externalities” (users generate more users e.g. facebook) and “virtuous cycle” (self-propogating value system e.g. Twitter: tweets generating more, value, tweeters and users) 2) Fog computing (solutions at the edge of the network) should be considered for "time sensitive" or "mission critical" solutions 3) IoT Stats 2013: $1.7B funding, 186 deals, 30% up YOY, 75% up on exits, largely in platforms; Cisco estimates 50B connected devices by 2020, economic value of 19 trillion added in next decade 4) Manufacturing and Smart Cities most immediate opportunities in Enterprise space 5) Key Challenges are security and time-sensitive networking. In summary, IoT Startups focused in a hot space need to pick clever business models relative to the competition.
Driving Social Change Through Entrepreneurship - Ashok Panikkar, Director Met...Lounge47
“Driving Social Change Through Entrepreneurship” was an intense session that made the following key points: 1. Social entrepreneurs must evolve to the point where they understand themselves better in terms of their true motivations – that is when they can be responsible to the people whose lives they impact 2. Just good intentions are not enough, and “conscious risks” rather than “calculated risks” lead to more powerful solutions 3. Understanding deep context of the problem area is important in order to
avoid solutions that create other or bigger problems 4. A mindset is required that tools, skills and expertise be acquired through collaboration and learning, rather than by relying on expertise gained earlier 5. Entrepreneurship could solve social problems faster than governments or organizations, and the time is right in India today. In summary, find your “inner genius” and act, rather than just be another expert in the
landscape..
Financial Sector - Opportunities for DisruptionLounge47
“Financial Sector – Opportunities for Disruption” was a session tailor-made for finance enthusiasts and experts. Some key takeaways: 1. The size of the financial sector in India is relatively small but is growing rapidly relative to any other financial market 2. There are a number of pain points that need to be addressed 3. Barriers to entry come in many forms - regulations, high Capex costs etc – however, there are
ways to lower these barriers with collaborative approaches 4. Given these trends, there are great opportunities now more than before, to bring value propositions into this sector.
Learnings from Scaling (Businesses), Gunaseelan Radhakrishnan, EntrepreneurLounge47
Learnings from Scaling” imparted the wisdom that great success is within reach if a Startup plans to scale. When the prototype is complete, and the value of the product has been demonstrated to a few customer prospects, it is also the right time to think through scale and more importantly, prepare for it. Key takeaways - 1. Say 'No' more often than “Yes” to keep razor focus 2. Develop a work culture that fosters execution 3. Set aggressive goals, however, be in touch with market forces and rally teams to achieve them 4. Create good process and a flexible organization rather than rely on ad-hoc measures 5. Identify star performers and reward with prominence rather than monetary benefits.
Skills & Myths of an Innovative EntrepreneurLounge47
“Skills & Myths of an Innovative Entrepreneur” managed to educate and motivate. Innovation requires the
“intuitive mind” and the “rational mind” to work in tandem, bringing the forces of hard work, keen
observation, tedious research (reading & experiencing), understanding of trends and gaps to identify a problem and re-frame it into one worth solving. This becomes a viable Startup idea. The session also tackled Myths like “You are born innovative”, “Entrepreneurs are gamblers”, “Good ideas automatically
attract funding” and so on – commonly held beliefs. The most motivating message we were left with – everybody can be innovative, one just needs to develop the skills and behavior to be that – an innovative entrepreneur.
“Angel Investment Insights” were one investor’s opinion about one specific network - Indian Angel Network (IAN). Angel funds and the “quality of money” that they bring is an important aspect for a Startup to consider. Key takeaways from the presentation 1) India has a number of rural and social problems – IAN “Impact”, a sub group of IAN encourages Startups that address these problems 2) IAN takes up to 30 % equity for its investments starting at 25lakhs ($40000) 3) IAN takes 5% equity when it only mentors and does not fund a Startup.
SUCCESSFUL APPS - THE HYGIENE FACTORS: SUDHIR GOEL Lounge47
Here are the takeaways from our speaker at last Saturday’s meeting on “Successful Apps - The Hygiene Factors” - 1) An App idea must serve a specific need, preferably be a “pain killer” rather than a “vitamin” 2) Aim to generate revenue. If you plan to be a charity, get out of the Startup business 3) Seek feedback from people (not family & friends) using a quick and dirty prototype, and ensure that the App is intuitive to your audience. Test and Test again 4) Keep budgets low, evaluate your own strengths and skills, and combine the needs of your business with the right blend of employment and outsourcing 5) Fail quickly and cheaply. Have contingencies planned, pivot or quit if need be, but quickly 6) Founders should recognize that just tech does not sell, marketing and monetizing Apps is a huge challenge
CHAIPOINT.COM -THE POWER OF EXECUTION -TEJUS CHANDRA, CFO, MOUNTAIN TRAIL FOODSLounge47
“Chaipoint.com – The Power of Execution” was a session that dissected the Chaipoint case-study - a retail outlet and delivery chain that sells mainly freshly brewed Chai (tea), to the white-collared Indian worker. The Startup launched in 2010 and now serves more than 1m cups of tea and adds 3-4 retail outlets a month. The company took a simple, well-understood concept of “Chai” and achieved it's current scale through relentless execution. Key takeaways: 1) An idea without execution only remains an idea;
Intellectualize, but start executing quickly to enable market validation and fine-tuning 2) Aim for profitability right from the beginning 3) How quickly you assimilate your learning into your process is also a reflection of your potential scale 4) Defining process and detail that can be used to train employees should be a key focus 5) Appropriate use of Information Technology and adaptation over time should be a hygiene factor 6) Open communication channels with employees and a flatter organization leads to quicker problem resolution as they arise.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
3. Disclaimer!
The content of this presentation and techniques showed
here are for educational purpose only The organizers and
presenters do not encourage the attendees to use this
knowledge learned here for any malicious and illegal
purpose.
If the attendees use this knowledge for any kind of real
hacking or illegal activity which violates the law, then we,
the organizers and the presenters will not be responsible for
that or any further consequences.
12. Web Cams &Video Chat
Clickjacking -
A new threat to all browsers (IE, Firefox,
Safari, Opera, Chrome etc) except non-
interactive browsers like Lynx.
Hijacking your click. Clicking on something
hidden to the users.
Enable webcam, microphone.
Get your credentials.
Mostly a flash and iframe based vulnerability.
Discussed in OWASP - 2008
13. Why Hacking?
Hacking for fun & profit
Capture The Flag
0’day
Underground economy
Bug Bounty
16. What do they want?
Credentials
PII information
PCI Data
Intellectual Property
OSINT
17.
18. Why heart bleed?
TLS HearBeat Extension.
The vulnerability lies in the implementation of TLS
Heartbeat extension. There is common necessity
in an established ssl session to maintain the
connection for a longer time. The HeartBeat
protocol extension is added to TLS for this reason.
The HTTP keep-alive feature does the same but HB
protocol allows a client to perform this action in
much higher rate.
The client can send a Heart-Beat request message
and the server has to respond back with a
HearBeat response .
20. • We can leak 64 kb of memory and that
could easily have usernames/password,
private keys etc.
• Constant HB request could be made to
the server leaking (random memory)
any amount of data from the server .