Devices that make up the Internet of Things (IoT) collect a monumental amount of data about their owners. In most cases, the data they gather benefits the owner of the device and performs some useful purpose for them. However, when viewed in aggregate, the data gathered can reveal an enormous amount of information about the devices’ owner that can be very invasive if this information were to fall into the wrong hands.
Over the course of several months, Charles Givre did an experiment in which he collected data from several IoT devices including a Nest Thermostat, the Automatic Car dongle, the Wink hub, and a few others in order to determine what could be learned about the owner of the devices. Givre approached this experiment like a law enforcement or intelligence investigation, beginning with a bit of seed knowledge about the target, and built a profile about the target using the data that was available via these devices’ APIs and the data they transmit over the internet.
This presentation is not about how to bypass the devices’ security features, hack them, or how to mess with people by randomly turning off their A/C; but rather focuses on the consequences of IoT devices collecting and storing data.
What Does Your Smart Car Know About You? Strata London 2016Charles Givre
In the last few years, auto makers and technology companies have introduced a variety of devices to connect cars to the Internet and use this connectivity to gather data about the vehicles’ activity, but these connected cars gather a considerable amount of data about their owners’ activities beyond what one might expect. In aggregate and combined with other datasets, this data represents a significant degradation of personal privacy as well as a potential security risk. As auto insurers and local governments start to require this data collection, consumers should be aware of the security risks as well as the potential privacy invasions associated with this unique type of data collection.
In a follow-up to his 2015 session at Strata + Hadoop World NYC, Charles Givre examines data gathered from sensors in automobiles. Charles focuses on what kinds of data cars are gathering and asks critical questions about whether the benefits this data provides outweigh the risks and cost to personal privacy—the inevitable result of this data collection.
The document discusses diagnosing issues with hreflang tags in sitemaps and on web pages for multilingual and localized websites. It outlines some common problems with hreflang tags such as conflicts in tags, broken or redirecting links, incorrect language and country codes, and issues around the European Union. The document then provides guidance on how to diagnose hreflang tag issues through tools like Google Search Console, Screaming Frog, and Excel to identify missing, non-canonical, or incorrectly coded tags. It emphasizes using data to identify and correct hreflang tag problems.
In this talk, I will walk through multiple tools/resources available to help you handle large datasets from log files to Google Analytics. These new techniques will empower you to find more valuable insights and help you avoid the annoyance of crashing Excel spreadsheets.
The document contains a list of URLs for various Argentinian web directories. There are over 100 directory URLs listed, covering a wide range of topics from general directories to more specialized directories for industries like agriculture, casinos, and shopping. The directories appear to be Argentinian resources for businesses to get listed and gain backlinks and exposure online.
The document discusses best practices for search on museum websites. It recommends using Google search for the website but also implementing internal search to better understand the museum's unique content. It provides examples of autocomplete, faceted search, highlighting search terms, and correcting spelling to improve the user search experience. Solr is recommended as an open source tool for implementing these search features.
YQL allows users to access data from web services through SQL-like queries. It presents data from various sources like Flickr, Yahoo services, and third party APIs as tables that can be joined and manipulated. The document provides examples of using YQL to retrieve and manipulate data from the mim API, including getting user profiles, followers, posts, and performing actions like inserting posts. It also demonstrates how YQL can be used to expose third party APIs and to combine data from multiple sources into a single mashup query.
This document lists over 300 article submission websites. Many of the websites contain links to submit an article, register an account, or recover a password. Some websites show error messages or are no longer active.
What Does Your Smart Car Know About You? Strata London 2016Charles Givre
In the last few years, auto makers and technology companies have introduced a variety of devices to connect cars to the Internet and use this connectivity to gather data about the vehicles’ activity, but these connected cars gather a considerable amount of data about their owners’ activities beyond what one might expect. In aggregate and combined with other datasets, this data represents a significant degradation of personal privacy as well as a potential security risk. As auto insurers and local governments start to require this data collection, consumers should be aware of the security risks as well as the potential privacy invasions associated with this unique type of data collection.
In a follow-up to his 2015 session at Strata + Hadoop World NYC, Charles Givre examines data gathered from sensors in automobiles. Charles focuses on what kinds of data cars are gathering and asks critical questions about whether the benefits this data provides outweigh the risks and cost to personal privacy—the inevitable result of this data collection.
The document discusses diagnosing issues with hreflang tags in sitemaps and on web pages for multilingual and localized websites. It outlines some common problems with hreflang tags such as conflicts in tags, broken or redirecting links, incorrect language and country codes, and issues around the European Union. The document then provides guidance on how to diagnose hreflang tag issues through tools like Google Search Console, Screaming Frog, and Excel to identify missing, non-canonical, or incorrectly coded tags. It emphasizes using data to identify and correct hreflang tag problems.
In this talk, I will walk through multiple tools/resources available to help you handle large datasets from log files to Google Analytics. These new techniques will empower you to find more valuable insights and help you avoid the annoyance of crashing Excel spreadsheets.
The document contains a list of URLs for various Argentinian web directories. There are over 100 directory URLs listed, covering a wide range of topics from general directories to more specialized directories for industries like agriculture, casinos, and shopping. The directories appear to be Argentinian resources for businesses to get listed and gain backlinks and exposure online.
The document discusses best practices for search on museum websites. It recommends using Google search for the website but also implementing internal search to better understand the museum's unique content. It provides examples of autocomplete, faceted search, highlighting search terms, and correcting spelling to improve the user search experience. Solr is recommended as an open source tool for implementing these search features.
YQL allows users to access data from web services through SQL-like queries. It presents data from various sources like Flickr, Yahoo services, and third party APIs as tables that can be joined and manipulated. The document provides examples of using YQL to retrieve and manipulate data from the mim API, including getting user profiles, followers, posts, and performing actions like inserting posts. It also demonstrates how YQL can be used to expose third party APIs and to combine data from multiple sources into a single mashup query.
This document lists over 300 article submission websites. Many of the websites contain links to submit an article, register an account, or recover a password. Some websites show error messages or are no longer active.
Merlin: The Ultimate Data Science EnvironmentCharles Givre
Merlin is a virtual computing environment developed by data scientists for data scientists. Merlin is free and open source, and contains a suite of all the best open source data science tools including data visualization tools, programming languages, big data tools, databases, notebooks, IDEs, and much more. The goal of Merlin is to allow data scientists to do data science work, not sysadmin.
Study after study show that data scientists spend 50-90 percent of their time gathering and preparing data. In many large organizations this problem is exacerbated by data being stored on a variety of systems, with different structures and architectures. Apache Drill is a relatively new tool which can help solve this difficult problem by allowing analysts and data scientists to query disparate datasets in-place using standard ANSI SQL without having to define complex schemata, or having to rebuild their entire data infrastructure. In this talk I will introduce the audience to Apache Drill—to include some hands-on exercises—and present a case study of how Drill can be used to query a variety of data sources. The presentation will cover:
* How to explore and merge data sets in different formats
* Using Drill to interact with other platforms such as Python and others
* Exploring data stored on different machines
The Extract-Transform-Load (ETL) process is one of the most time consuming processes facing anyone who wishes to analyze data. Imagine if you could quickly, easily and scaleably merge and query data without having to spend hours in data prep. Well.. you don’t have to imagine it. You can with Apache Drill. In this hands-on, interactive presentation Mr. Givre will show you how to unleash the power of Apache Drill and explore your data without any kind of ETL process.
Data Exploration with Apache Drill: Day 2Charles Givre
Study after study shows that data scientists and analysts spend between 50% and 90% of their time preparing their data for analysis. Using Drill, you can dramatically reduce the time it takes to go from raw data to insight. This course will show you how.
The course material for this presentation are available at https://github.com/cgivre/data-exploration-with-apache-drill
Apache Drill and Zeppelin: Two Promising Tools You've Never Heard OfCharles Givre
Study after study shows that data preparation and other data janitorial work consume 50-90% of most data scientists’ time. Apache Drill is a very promising tool which can help address this. Drill works with many different forms of “self describing data” and allows analysts to run ad-hoc queries in ANSI SQL against that data. Unlike HIVE or other SQL on Hadoop tools, Drill is not a wrapper for Map-Reduce and can scale to clusters of up to 10k nodes.
Data Exploration with Apache Drill: Day 1Charles Givre
Study after study shows that data scientists and analysts spend between 50% and 90% of their time preparing their data for analysis. Using Drill, you can dramatically reduce the time it takes to go from raw data to insight. This course will show you how.
The course material for this presentation are available at https://github.com/cgivre/data-exploration-with-apache-drill
Introduction to Apache Drill - interactive query and analysis at scaleMapR Technologies
This document introduces Apache Drill, an open source interactive analysis engine for big data. It was inspired by Google's Dremel and supports standard SQL queries over various data sources like Hadoop and NoSQL databases. Drill provides low-latency interactive queries at scale through its distributed, schema-optional architecture and support for nested data formats. The talk outlines Drill's capabilities and status as a community-driven project under active development.
Dokumen tersebut membahas tentang pengawasan peredaran obat-obatan terlarang di pelabuhan dan perairan Indonesia. Dokumen tersebut menjelaskan peraturan yang berlaku, instansi terkait, dan kondisi yang diharapkan untuk meningkatkan pengawasan peredaran obat-obatan terlarang di pelabuhan dan perairan Indonesia.
Dokumen ini membahas rencana dan pelaksanaan anggaran Kementerian Perhubungan tahun 2011, khususnya terkait Direktorat Jenderal Perhubungan Laut. Beberapa poin kuncinya adalah telah diterbitkannya Pedoman Operasional Kegiatan tahun 2011, pengelolaan anggaran tahun 2011, dan pelaksanaan kegiatan pengarahan untuk pejabat pengelola keuangan. Juga disebutkan bahwa sejumlah kegiatan sudah dikontrakkan
Keputusan Menteri Perhubungan mengatur organisasi dan tata kerja Pangkalan Penjagaan Laut dan Pantai yang meliputi tugas, fungsi, struktur organisasi, dan tata kerja pimpinan dan pegawai pangkalan penjagaan laut dan pantai.
Struktur organisasi Kantor Administrasi Pelabuhan Utama Tanjung Priok tahun 2002 terdiri dari Bagian Tata Usaha dan beberapa bidang yang membawahi seksi-seksi terkait untuk menjalankan fungsi pengawasan dan pengaturan lalu lintas pelayaran di pelabuhan.
Analyzing Real-World Data with Apache Drilltshiran
This document provides an overview of Apache Drill, an open source SQL query engine for analysis of both structured and unstructured data. It discusses how Drill allows for schema-free querying of data stored in Hadoop, NoSQL databases and other data sources using SQL. The document outlines some key features of Drill, such as its flexible data model, ability to discover schemas on the fly, and distributed execution architecture. It also presents examples of using Drill to analyze real-world data from sources like HDFS, MongoDB and more.
El análisis de contenido no estructurado y la creciente demanda de indicadores que sinteticen rápidamente los eventos a medida que transcurren, son dos grandes tendencias que involucran, no solamente conocimientos técnicos sino de negocio que puedan agregar valor a las empresas, instituciones y personas que lo requieren.
Apache Storm es uno de los paradigmas que nacieron pensando en la era del tiempo real. Describiremos un caso de negocio que presenta el reto de capturar información y entregar conocimiento accionable lo más rápido posible. Trataremos sobre asuntos de negocio, de tecnología y filosofía con relación a la información.
This document discusses Apache Drill, an open source SQL query engine for analyzing data in non-relational data stores like JSON, CSV, and Hadoop data formats. It provides an overview of Drill's key features such as its ability to query diverse data sources with a simple SQL interface without requiring schemas, its SQL-on-Everything model, high performance through columnar storage and execution, and its ability to scale from a single machine to large clusters. The document also demonstrates how to install Drill, configure data sources, and run queries against sample Yelp data to analyze reviews, users, and businesses.
Apache Drill is the next generation of SQL query engines. It builds on ANSI SQL 2003, and extends it to handle new formats like JSON, Parquet, ORC, and the usual CSV, TSV, XML and other Hadoop formats. Most importantly, it melts away the barriers that have caused databases to become silos of data. It does so by able to handle schema-changes on the fly, enabling a whole new world of self-service and data agility never seen before.
Ted Dunning presents information on Drill and Spark SQL. Drill is a query engine that operates on batches of rows in a pipelined and optimistic manner, while Spark SQL provides SQL capabilities on top of Spark's RDD abstraction. The document discusses the key differences in their approaches to optimization, execution, and security. It also explores opportunities for unification by allowing Drill and Spark to work together on the same data.
The document discusses the International Ship and Port Facility Security (ISPS) Code. The ISPS Code was established as an international framework for cooperation between governments, agencies, local administrations, shipping and port industries to detect security threats and take preventative measures against security incidents. It sets out responsibilities for all involved parties at national and international levels to enhance maritime security. The goals are to ensure effective information collection and sharing related to security, provide a security assessment methodology, and ensure adequate and proportional security measures are in place.
Apache Drill: Building Highly Flexible, High Performance Query Engines by M.C...The Hive
SQL is one of the most widely used languages to access, analyze, and manipulate structured data. As Hadoop gains traction within enterprise data architectures across industries, the need for SQL for both structured and loosely-structured data on Hadoop is growing rapidly Apache Drill started off with the audacious goal of delivering consistent, millisecond ANSI SQL query capability across wide range of data formats. At a high level, this translates to two key requirements – Schema Flexibility and Performance. This session will delve into the architectural details in delivering these two requirements and will share with the audience the nuances and pitfalls we ran into while developing Apache Drill.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Country domination - Causing chaos and wrecking havocTiago Henriques
This document discusses using the search engine Shodan to find exposed devices and systems online. It provides example search queries that can be used on Shodan to find devices by port, banner contents, or country. It also discusses how information can be gathered from devices using SNMP and how Nmap can be used with Shodan search results to take screenshots of websites with no authentication. The document suggests some potentially concerning searches related to SCADA systems and critical infrastructure.
Merlin: The Ultimate Data Science EnvironmentCharles Givre
Merlin is a virtual computing environment developed by data scientists for data scientists. Merlin is free and open source, and contains a suite of all the best open source data science tools including data visualization tools, programming languages, big data tools, databases, notebooks, IDEs, and much more. The goal of Merlin is to allow data scientists to do data science work, not sysadmin.
Study after study show that data scientists spend 50-90 percent of their time gathering and preparing data. In many large organizations this problem is exacerbated by data being stored on a variety of systems, with different structures and architectures. Apache Drill is a relatively new tool which can help solve this difficult problem by allowing analysts and data scientists to query disparate datasets in-place using standard ANSI SQL without having to define complex schemata, or having to rebuild their entire data infrastructure. In this talk I will introduce the audience to Apache Drill—to include some hands-on exercises—and present a case study of how Drill can be used to query a variety of data sources. The presentation will cover:
* How to explore and merge data sets in different formats
* Using Drill to interact with other platforms such as Python and others
* Exploring data stored on different machines
The Extract-Transform-Load (ETL) process is one of the most time consuming processes facing anyone who wishes to analyze data. Imagine if you could quickly, easily and scaleably merge and query data without having to spend hours in data prep. Well.. you don’t have to imagine it. You can with Apache Drill. In this hands-on, interactive presentation Mr. Givre will show you how to unleash the power of Apache Drill and explore your data without any kind of ETL process.
Data Exploration with Apache Drill: Day 2Charles Givre
Study after study shows that data scientists and analysts spend between 50% and 90% of their time preparing their data for analysis. Using Drill, you can dramatically reduce the time it takes to go from raw data to insight. This course will show you how.
The course material for this presentation are available at https://github.com/cgivre/data-exploration-with-apache-drill
Apache Drill and Zeppelin: Two Promising Tools You've Never Heard OfCharles Givre
Study after study shows that data preparation and other data janitorial work consume 50-90% of most data scientists’ time. Apache Drill is a very promising tool which can help address this. Drill works with many different forms of “self describing data” and allows analysts to run ad-hoc queries in ANSI SQL against that data. Unlike HIVE or other SQL on Hadoop tools, Drill is not a wrapper for Map-Reduce and can scale to clusters of up to 10k nodes.
Data Exploration with Apache Drill: Day 1Charles Givre
Study after study shows that data scientists and analysts spend between 50% and 90% of their time preparing their data for analysis. Using Drill, you can dramatically reduce the time it takes to go from raw data to insight. This course will show you how.
The course material for this presentation are available at https://github.com/cgivre/data-exploration-with-apache-drill
Introduction to Apache Drill - interactive query and analysis at scaleMapR Technologies
This document introduces Apache Drill, an open source interactive analysis engine for big data. It was inspired by Google's Dremel and supports standard SQL queries over various data sources like Hadoop and NoSQL databases. Drill provides low-latency interactive queries at scale through its distributed, schema-optional architecture and support for nested data formats. The talk outlines Drill's capabilities and status as a community-driven project under active development.
Dokumen tersebut membahas tentang pengawasan peredaran obat-obatan terlarang di pelabuhan dan perairan Indonesia. Dokumen tersebut menjelaskan peraturan yang berlaku, instansi terkait, dan kondisi yang diharapkan untuk meningkatkan pengawasan peredaran obat-obatan terlarang di pelabuhan dan perairan Indonesia.
Dokumen ini membahas rencana dan pelaksanaan anggaran Kementerian Perhubungan tahun 2011, khususnya terkait Direktorat Jenderal Perhubungan Laut. Beberapa poin kuncinya adalah telah diterbitkannya Pedoman Operasional Kegiatan tahun 2011, pengelolaan anggaran tahun 2011, dan pelaksanaan kegiatan pengarahan untuk pejabat pengelola keuangan. Juga disebutkan bahwa sejumlah kegiatan sudah dikontrakkan
Keputusan Menteri Perhubungan mengatur organisasi dan tata kerja Pangkalan Penjagaan Laut dan Pantai yang meliputi tugas, fungsi, struktur organisasi, dan tata kerja pimpinan dan pegawai pangkalan penjagaan laut dan pantai.
Struktur organisasi Kantor Administrasi Pelabuhan Utama Tanjung Priok tahun 2002 terdiri dari Bagian Tata Usaha dan beberapa bidang yang membawahi seksi-seksi terkait untuk menjalankan fungsi pengawasan dan pengaturan lalu lintas pelayaran di pelabuhan.
Analyzing Real-World Data with Apache Drilltshiran
This document provides an overview of Apache Drill, an open source SQL query engine for analysis of both structured and unstructured data. It discusses how Drill allows for schema-free querying of data stored in Hadoop, NoSQL databases and other data sources using SQL. The document outlines some key features of Drill, such as its flexible data model, ability to discover schemas on the fly, and distributed execution architecture. It also presents examples of using Drill to analyze real-world data from sources like HDFS, MongoDB and more.
El análisis de contenido no estructurado y la creciente demanda de indicadores que sinteticen rápidamente los eventos a medida que transcurren, son dos grandes tendencias que involucran, no solamente conocimientos técnicos sino de negocio que puedan agregar valor a las empresas, instituciones y personas que lo requieren.
Apache Storm es uno de los paradigmas que nacieron pensando en la era del tiempo real. Describiremos un caso de negocio que presenta el reto de capturar información y entregar conocimiento accionable lo más rápido posible. Trataremos sobre asuntos de negocio, de tecnología y filosofía con relación a la información.
This document discusses Apache Drill, an open source SQL query engine for analyzing data in non-relational data stores like JSON, CSV, and Hadoop data formats. It provides an overview of Drill's key features such as its ability to query diverse data sources with a simple SQL interface without requiring schemas, its SQL-on-Everything model, high performance through columnar storage and execution, and its ability to scale from a single machine to large clusters. The document also demonstrates how to install Drill, configure data sources, and run queries against sample Yelp data to analyze reviews, users, and businesses.
Apache Drill is the next generation of SQL query engines. It builds on ANSI SQL 2003, and extends it to handle new formats like JSON, Parquet, ORC, and the usual CSV, TSV, XML and other Hadoop formats. Most importantly, it melts away the barriers that have caused databases to become silos of data. It does so by able to handle schema-changes on the fly, enabling a whole new world of self-service and data agility never seen before.
Ted Dunning presents information on Drill and Spark SQL. Drill is a query engine that operates on batches of rows in a pipelined and optimistic manner, while Spark SQL provides SQL capabilities on top of Spark's RDD abstraction. The document discusses the key differences in their approaches to optimization, execution, and security. It also explores opportunities for unification by allowing Drill and Spark to work together on the same data.
The document discusses the International Ship and Port Facility Security (ISPS) Code. The ISPS Code was established as an international framework for cooperation between governments, agencies, local administrations, shipping and port industries to detect security threats and take preventative measures against security incidents. It sets out responsibilities for all involved parties at national and international levels to enhance maritime security. The goals are to ensure effective information collection and sharing related to security, provide a security assessment methodology, and ensure adequate and proportional security measures are in place.
Apache Drill: Building Highly Flexible, High Performance Query Engines by M.C...The Hive
SQL is one of the most widely used languages to access, analyze, and manipulate structured data. As Hadoop gains traction within enterprise data architectures across industries, the need for SQL for both structured and loosely-structured data on Hadoop is growing rapidly Apache Drill started off with the audacious goal of delivering consistent, millisecond ANSI SQL query capability across wide range of data formats. At a high level, this translates to two key requirements – Schema Flexibility and Performance. This session will delve into the architectural details in delivering these two requirements and will share with the audience the nuances and pitfalls we ran into while developing Apache Drill.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Country domination - Causing chaos and wrecking havocTiago Henriques
This document discusses using the search engine Shodan to find exposed devices and systems online. It provides example search queries that can be used on Shodan to find devices by port, banner contents, or country. It also discusses how information can be gathered from devices using SNMP and how Nmap can be used with Shodan search results to take screenshots of websites with no authentication. The document suggests some potentially concerning searches related to SCADA systems and critical infrastructure.
This document summarizes a talk about the security risks posed by commonly exposed data from Internet of Things (IoT) devices. The speaker discusses how status, identification, location, automation, and action data are often exposed from devices like webcams, routers, light bulbs, and fitness trackers. The speaker demonstrates how an Amazon Dash device could be used to trigger actions on a Belkin WeMo light bulb based on network activity data. The talk cautions that the large scale of data ingress and egress from IoT devices enables risks like privacy violations and device compromise if security issues are not addressed.
LarKC Tutorial at ISWC 2009 - Second Hands-on ScenarioLarKC
The aim of the EU FP 7 Large-Scale Integrating Project LarKC is to develop the Large Knowledge Collider (LarKC, for short, pronounced “lark”), a platform for massive distributed incomplete reasoning that will remove the scalability barriers of currently existing reasoning systems for the Semantic Web. The LarKC platform is available at larkc.sourceforge.net. This is the first of two hand-ons that introduce participants to working with directly LarKC code.
This document discusses mobile app analytics and testing. It provides an overview of different approaches to developing mobile apps, mobile analytics tools, and considerations for deploying a mobile analytics solution. It also discusses challenges with testing mobile apps and different testing methods. Throughout the document, examples are given for tagging mobile apps with analytics SDKs and attendees are invited to share their experiences with mobile analytics and testing.
This document discusses blackhat analytics techniques such as dark tracking and intentionally distorting web analytics data. It begins with defining blackhat analytics and providing examples of early blackhat techniques from pre-2010. It then discusses classifications of good and bad analytics data and potential penalties for violations. It notes an increase in online competitiveness and revenue at stake could lead to more malicious analytics practices. The document warns of increased scrutiny from organizations like Google's planned privacy "Red Team" and potential class action lawsuits in response to privacy issues.
This document discusses Apple Pay and Touch ID security. It summarizes that Apple Pay uses tokenization to securely store payment credentials in the Secure Enclave instead of actual credit card details. Touch ID fingerprints are also stored encrypted in the Secure Enclave and are never sent to Apple. The document also demonstrates how to use debugging and hooking techniques on a jailbroken device to analyze the internals of how Apple Pay and Touch ID work.
Zfort Group is a software development company located in Kharkiv, Ukraine that has been providing outsourcing solutions since 2000. They offer a variety of B2B IT solutions and services including mobile and web development. They have a large portfolio of completed eCommerce projects using technologies like Magento, PHP, and JavaScript. Their main advantages include a reliable reputation, low costs compared to in-house development, and expertise across many industries.
You Spent All That Money And Still Got OwnedJoe McCray
This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions
such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC). The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.
The key areas are:
* IPS Identification and Evasion
* WAF Identification and Bypass
* Anti-Virus Bypass
* Privilege Escalation
* Becoming Domain Admin
This document summarizes Jerry's presentation on phishing detection. It discusses:
1. Jerry's website for his work on phishing detection and his contact information.
2. The evolving techniques used by phishers and challenges in detecting phishing sites that change rapidly.
3. Jerry's proposed approach called "PhishBox" which uses crawlers to extract features from sites and uses these to classify sites as legitimate or phishing through validation and detection models.
This document provides information to help stay safe online and on computers. It discusses various types of malware like viruses, ransomware, and spyware that can infect devices. It recommends keeping software, browsers, and device drivers updated, being cautious of unsolicited downloads, and using antivirus software. The document also warns about common scams like tech support scams, IRS scams, and romance scams. It provides tips on using strong and unique passwords, enabling two-factor authentication, and being wary of phishing attempts. Overall, the document outlines best practices for online security and protecting personal information from malware and scams.
Blackhat Analyics 4: May the 25th be with you!Phil Pearce
Phil Pearce provides a summary of key points about the General Data Protection Regulation (GDPR) and steps for compliance. Some of the major changes under GDPR include higher fines for non-compliance, expanded definitions of personal information, and requirements for consent. Phil outlines settings to make in Google Analytics and Google Tag Manager to comply with GDPR, including disabling remarketing and IP anonymization. He also discusses privacy policy updates, supplier contracts, and automated health checks to monitor compliance.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages.
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications.
https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
This document discusses penetration testing approaches from the past compared to today. It notes that in the past, penetration testing was easier because networks had fewer security controls like firewalls and patches. The document then provides tips and techniques for identifying security controls like load balancers, intrusion prevention systems, and web application firewalls that may be in place on modern networks. It also discusses ways to potentially bypass these controls like using encryption, proxies, or virtual private networks.
Alban Diquet, Data Theorem
Thomas Sileo, Data Theorem
Over the last two years, we've received and analyzed more than three million SSL validation failure reports from more than a thousand of iOS and Android apps available on the Stores, and used all around the world. From mobile banking to music apps, each report was triggered because an unknown or unexpected certificate was being served to the app, preventing it from establishing a secure connection to its server via SSL/TLS.
We've analyzed each of these reports to understand what caused the SSL connection to fail, and then grouped similar failures into various classes of SSL incidents. Throughout this presentation, we will describe the analysis we've made and present our findings.
First, we will provide a high-level overview of where, how, and why SSL incidents are occurring across the world for iOS and Android users, and describe the various classes of incidents we've detected. Some of these types of incidents, such as corporate devices performing traffic inspection, are well-known and understood, although we will provide new insights into how widespread they are.
Then, we will take a closer look at a few notable incidents we detected, which have been caused by unexpected, or even suspicious actors. We will describe our investigations and what we found.
Lastly, we will provide real-world solutions on how to protect apps against traffic interception and attacks, as a mobile developer.
CloudCamp Chicago - June 17, 2015 The Internet of ThingsCloudCamp Chicago
CloudCamp features short lightning talks, an "unpanel" with audience participation and questions, and small breakout clusters around beers and pizza.
Theme: "Internet of Things (IoT)"
Agenda:
5:30 pm Drinks and Introductions
6:00 pm: Opening Remarks
6:10 pm: Lightning Talks:
"The Internet of (Insecure) Things" - Chandler Howell, Engineering Manager at Nexum @chandlerhowell
"Chicago Public Library MakerLab: Intriging the General Public" - Jorge Garcia, Maker Navigator for the CPL MakerLab @yorickgarcia
"Connecting Vehicles on Google Cloud Platform" - David Patterson, Senior Principal at Maven Wave Partners
IoT in Healthcare - Harold Clampitt, CEO & Founder at American RFID Solutions, LLC @haroldclampitt
"IoT Perspectives from the Trenches" - Steven Loving, Director of Business Development at Infobrite
iPads and SMART Boards - Making the Most of Bothkarlaholt
This document provides an agenda and overview for a session on integrating iPads and SMART Boards in the classroom. The session covers using the SMART Notebook app, the Extreme Collaboration add-on for polling and student responses, controlling the SMART Board with an iPad using apps like TeamViewer and Splashtop, creating and using QR codes, and displaying the iPad on the SMART Board. Attendees participate in demonstrations of these tools and discuss ideas for using them in their own classrooms.
Hacking our chairmans inbox - Charl van der Walt - SensePostHarry Gunns
The document discusses security lessons learned from red team exercises conducted against a UK-based security operations center (SOC) called SecureData. It describes how attackers were able to compromise SecureData's network by hosting a Metasploit payload on a domain generated through DNS, using an AutoDDE-enabled Word document to execute the payload on a victim machine, and then harvesting credentials and conducting lateral movement. It also outlines how SecureData's security monitoring was able to detect many of the attackers' activities, such as the use of DGA domains, scripting processes launching from Office apps, and lateral movement between systems. The document concludes with some remaining questions about SecureData's defenses.
Get more from Analytics with Google BigQuery - Javier Ramirez - Datawaki- BBVACIjavier ramirez
Talk about the integration of Google Analytics and BigQuery, delivered at Dare2Data event (BBVACI). The video is available at https://www.youtube.com/watch?v=ZdMJf0btAbc
Similar to Strata NYC 2015 What does your smart device know about you? (20)
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)Rebecca Bilbro
To honor ten years of PyData London, join Dr. Rebecca Bilbro as she takes us back in time to reflect on a little over ten years working as a data scientist. One of the many renegade PhDs who joined the fledgling field of data science of the 2010's, Rebecca will share lessons learned the hard way, often from watching data science projects go sideways and learning to fix broken things. Through the lens of these canon events, she'll identify some of the anti-patterns and red flags she's learned to steer around.
We are pleased to share with you the latest VCOSA statistical report on the cotton and yarn industry for the month of May 2024.
Starting from January 2024, the full weekly and monthly reports will only be available for free to VCOSA members. To access the complete weekly report with figures, charts, and detailed analysis of the cotton fiber market in the past week, interested parties are kindly requested to contact VCOSA to subscribe to the newsletter.
We are pleased to share with you the latest VCOSA statistical report on the cotton and yarn industry for the month of March 2024.
Starting from January 2024, the full weekly and monthly reports will only be available for free to VCOSA members. To access the complete weekly report with figures, charts, and detailed analysis of the cotton fiber market in the past week, interested parties are kindly requested to contact VCOSA to subscribe to the newsletter.
Discover the cutting-edge telemetry solution implemented for Alan Wake 2 by Remedy Entertainment in collaboration with AWS. This comprehensive presentation dives into our objectives, detailing how we utilized advanced analytics to drive gameplay improvements and player engagement.
Key highlights include:
Primary Goals: Implementing gameplay and technical telemetry to capture detailed player behavior and game performance data, fostering data-driven decision-making.
Tech Stack: Leveraging AWS services such as EKS for hosting, WAF for security, Karpenter for instance optimization, S3 for data storage, and OpenTelemetry Collector for data collection. EventBridge and Lambda were used for data compression, while Glue ETL and Athena facilitated data transformation and preparation.
Data Utilization: Transforming raw data into actionable insights with technologies like Glue ETL (PySpark scripts), Glue Crawler, and Athena, culminating in detailed visualizations with Tableau.
Achievements: Successfully managing 700 million to 1 billion events per month at a cost-effective rate, with significant savings compared to commercial solutions. This approach has enabled simplified scaling and substantial improvements in game design, reducing player churn through targeted adjustments.
Community Engagement: Enhanced ability to engage with player communities by leveraging precise data insights, despite having a small community management team.
This presentation is an invaluable resource for professionals in game development, data analytics, and cloud computing, offering insights into how telemetry and analytics can revolutionize player experience and game performance optimization.
Generative Classifiers: Classifying with Bayesian decision theory, Bayes’ rule, Naïve Bayes classifier.
Discriminative Classifiers: Logistic Regression, Decision Trees: Training and Visualizing a Decision Tree, Making Predictions, Estimating Class Probabilities, The CART Training Algorithm, Attribute selection measures- Gini impurity; Entropy, Regularization Hyperparameters, Regression Trees, Linear Support vector machines.
4. Stuff my Company Wants me to Say
§ The techniques I demonstrated here are the results of my own research. I have no
knowledge of anyone using or not using the techniques demonstrated here.
§ The data I gathered all belongs to me and was gathered from devices that I own.
Please remember that unauthorized access to someone else’s computer or network
IS A CRIME.
§ The views presented here represent only my own and not those of my company or
anyone else.
§ I have no financial interest in any of the products you are seeing here, nor do I have
any connection with their parent companies, aside from having purchased their
products.
§ Always drink upstream from the herd. (Just seeing if you are actually reading this)
5. The Experiment
§ Using data collected from “smart”
devices, see what could be learned
about the owner.
§ I start out knowing only that the
target owns a Wink hub.
§ I limit the data to that which can be
gathered via automated means.
6. Conclusions
“Smart” devices collect and broadcast a lot of
information beyond what you might expect. In
aggregate, this information can reveal a great deal
about the device’s owner.
22. What we’ve learned from the Wink Hub:
§ The target’s FacebookID and Twitter handle
§ What other devices the target has:
§ Nest Thermostat
§ Nest Protect
§ Refuel Propane Tank Doodad
§ Ring Doorbell
§ Where the target lives (?)
§ When the target added these devices to the network
32. Network Information
"wan_ip": "98.233.236.XX"
The following results may also be obtained via:
http://whois.arin.net/rest/nets;q=98.233.236.XX?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
Comcast Cable Communications, Inc. DC-CPE-31 (NET-98-233-0-0-1) 98.233.0.0 - 98.233.255.255
Comcast Cable Communications, Inc. JUMPSTART-5 (NET-98-192-0-0-1) 98.192.0.0 - 98.255.255.255
33. What we’ve learned from the Nest:
The target uses Comcast for their
internet service
41. What we learned so far from the Nest:
§ The target uses Comcast for their internet service
§ The target lives in Pikesville, Maryland
§ The target owns an iPhone, iPad and Wink hub
51. The Automatic Car Dongle
WTH does it do?
§ Puts your car’s data to work
§ Decodes check engine light
diagnostics
§ Improves driving with real-time
feedback
§ 24/7 Crash Response
§ See your driving in their dashboard
58. What we learned from the Automatic:
§ The target owns a 2010 Mazda 3 and a 2005
Honda Odyssey
§ Complete vehicle history (If you want to pay…)
§ Target removed a Hyundai Santa Fe in May and
replaced it with the Honda minivan.
59.
60. Allows you to build a spreadsheet
of all your trips…automatically.
61. Also, IFTTT is only protected by
your username/password.
64. Trips per day
Monday Tuesday Wednesday Thursday Friday Saturday Sunday
84
3
102
126
111110
98
65.
66. What we learned from the Automatic:
§ The target owns a 2010 Mazda 3 and a 2005
Honda Odyssey
§ Complete vehicle history (If you want to pay…)
§ Target removed a Hyundai Santa Fe in May and
replaced it with the Honda minivan.
§ Target doesn’t roll on Saturdays…
72. Privacy Policy Sample
§ “We will never sell or share your personally identifiable information, like name,
where you drive, or VIN.”
§ “We want you to get the most value out of your Automatic experience and may
present offers from trusted partners to provide a solution that we think would make
your car ownership or driving experience better. For example, we might partner with
a tire manufacturer that is willing to extend your tire warranty if you choose to share
your data related to tire wear. These opportunities will always be user “opt-in” only.”
§ “Our products and services (and our business) may change from time to time. As a
result, at times we may need to make changes to this Privacy Policy. We reserve
the right to update or modify this Privacy Policy at any time and from time to time
without prior notice. However, if we make any material changes we will notify you by
email or by a notice on our website. “
76. Data Ownership You own the data generated
Data Reuse Your data may be used with
personally identifying information
removed to derive aggregate
statistics about…
Data Removal You may request that your data be
removed from our system by emailing
XXX. It will be removed within 48
hours of receiving the request.
Data Resale Your data may be sold to …