In the time when software is so complex and rapidly changing so, the users cannot trust their own computers and smartphones to protect their secrets from attackers, more and more solutions rely on hardware to be the last measure of protection. As a result, there are a number of manufacturers developing hardware wallets which are meant to protect cryptocurrency private keys.
This talk presents a wide range of attacks, which can be successfully applied to most popular hardware wallets on the market, from app isolation bypass to fault injection attacks on the microcontroller. Additionally the talk presents secure design requirements and countermeasures making life of an attacker much more difficult, which are applicable to all kings of secure hardware devices.
In the time when software is so complex and rapidly changing so, the users cannot trust their own computers and smartphones to protect their secrets from attackers, more and more solutions rely on hardware to be the last measure of protection. As a result, there are a number of manufacturers developing hardware wallets which are meant to protect cryptocurrency private keys.
This talk presents a wide range of attacks, which can be successfully applied to most popular hardware wallets on the market, from app isolation bypass to fault injection attacks on the microcontroller. Additionally the talk presents secure design requirements and countermeasures making life of an attacker much more difficult, which are applicable to all kings of secure hardware devices.
This was an ISACA presentation by Nsale Ronnie a top hacker in Africa working with Ernst and Young. He demonstrated how other governments are leading by far in the nature of their espionage through hardware.
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
VenkaSure Total Security+ offers complete protection for in-home and mobile users – including home or office networks, public Wi-Fi hotspots and cellular data networks.
VenkaSure Code Emulations proactively identify unknown malware in real-time. The complex Antivirus System acts as a single, unified scanning engine, providing comprehensive protection without compromising speed and stops zero-day threats as they emerge. VenkaSure Real-time Protection runs behind the scenes, inside the windows kernel, checking for malicious activity, preventing before it can execute. The Antivirus System also removes all traces of viruses, spyware, malware and other threats from process and registry.
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...Linaro
Session ID: SFO17-417
Session Name: The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SFO17-417
Speaker: Gernot Heiser
Track: LITE
★ Session Summary ★
A run-time bug in operating system software that enables car control can
result in loss of life or limb. Safety assessors require evidence that such
software is provably free from any bugs. These proofs are inevitably a
combination of software development best practices and a lot of test coverage.
But can we be sure that it is enough ? Really really sure ? What if we used
maths to absolutely guarantee that there are zero bugs in the operating system
core ? This session presents seL4 - a military grade open source project that
uses machine checked formal verification to prove that the C language
implementation of the seL4 kernel and it's resulting binaries are free from
bugs. This then permits running Linux safely in virtual machines on top of
seL4 - something that the Auto world demands.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-417/
Presentation: https://www.slideshare.net/linaroorg/using-math-to-prevent-linux-in-your-car-from-killing-you-the-open-source-sel4-kernel-sfo17417
Video: https://www.youtube.com/watch?v=heSmrHzHcuM
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
Keylogger can either be software or hardware device, which is designed to surveillance on user’s activity by tracing keystrokes.
https://how-to-remove.org/malware/keylogger/
https://www.facebook.com/Hilary-Park-1636750126622779/
https://twitter.com/hilarypark97
https://plus.google.com/u/0/102986887893246664116
https://www.pinterest.com/hilarypark97/
Telehack: May the Command Line Live ForeverGregory Hanis
Want to play a game? I bet I can root more boxes than you and stop you from gaining control. Telehack is a simulation of a stylized arpanet/usenet, circa 1985-1990. It is a full multi-user simulation, including 25,000 hosts and BBS’s the early net, thousands of files from the era, a collection of adventure and IF games, a working BASIC interpreter with a library of programs to run, simulated historical users, and more.
This was an ISACA presentation by Nsale Ronnie a top hacker in Africa working with Ernst and Young. He demonstrated how other governments are leading by far in the nature of their espionage through hardware.
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
VenkaSure Total Security+ offers complete protection for in-home and mobile users – including home or office networks, public Wi-Fi hotspots and cellular data networks.
VenkaSure Code Emulations proactively identify unknown malware in real-time. The complex Antivirus System acts as a single, unified scanning engine, providing comprehensive protection without compromising speed and stops zero-day threats as they emerge. VenkaSure Real-time Protection runs behind the scenes, inside the windows kernel, checking for malicious activity, preventing before it can execute. The Antivirus System also removes all traces of viruses, spyware, malware and other threats from process and registry.
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...Linaro
Session ID: SFO17-417
Session Name: The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SFO17-417
Speaker: Gernot Heiser
Track: LITE
★ Session Summary ★
A run-time bug in operating system software that enables car control can
result in loss of life or limb. Safety assessors require evidence that such
software is provably free from any bugs. These proofs are inevitably a
combination of software development best practices and a lot of test coverage.
But can we be sure that it is enough ? Really really sure ? What if we used
maths to absolutely guarantee that there are zero bugs in the operating system
core ? This session presents seL4 - a military grade open source project that
uses machine checked formal verification to prove that the C language
implementation of the seL4 kernel and it's resulting binaries are free from
bugs. This then permits running Linux safely in virtual machines on top of
seL4 - something that the Auto world demands.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-417/
Presentation: https://www.slideshare.net/linaroorg/using-math-to-prevent-linux-in-your-car-from-killing-you-the-open-source-sel4-kernel-sfo17417
Video: https://www.youtube.com/watch?v=heSmrHzHcuM
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
Keylogger can either be software or hardware device, which is designed to surveillance on user’s activity by tracing keystrokes.
https://how-to-remove.org/malware/keylogger/
https://www.facebook.com/Hilary-Park-1636750126622779/
https://twitter.com/hilarypark97
https://plus.google.com/u/0/102986887893246664116
https://www.pinterest.com/hilarypark97/
Telehack: May the Command Line Live ForeverGregory Hanis
Want to play a game? I bet I can root more boxes than you and stop you from gaining control. Telehack is a simulation of a stylized arpanet/usenet, circa 1985-1990. It is a full multi-user simulation, including 25,000 hosts and BBS’s the early net, thousands of files from the era, a collection of adventure and IF games, a working BASIC interpreter with a library of programs to run, simulated historical users, and more.
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
As presented by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Basic security principles for information systems development/deployment. Information security is concerned with the confidentiality, integrity, and availability of information. From these three 'pillars', the following principles must be applied when implementing and maintaining an information system: Accountability.
This presentation covers common cryptographic attacks, secure cryptographic implementation requirements, an overview of FIPS 140-2 and secure crypto implementation guidelines
Making networks secure with multi-layer encryptionADVA
Stephan Lehmann's NetNordic session discussed the most effective encryption methods for safeguarding external network connections against unauthorized access. He debated how the latest technology for encryption at multiple layers can provide a comprehensive state-of-the-art security infrastructure for all connectivity applications, and explored how new solutions are ensuring that data is encrypted without impacting network performance.
BKK16-200 Designing Security into low cost IO T SystemsLinaro
….Trust and security are essential for the Internet of Things (IoT) to scale. As your product becomes successful, attraction will be high for it to be hacked and, as a consumer, you'll suffer with consequences if security is not baked into the system, at every level. With IoT, we now need to enable an appropriate level of security for low cost IoT designs done by people with little or no security expertise. In this presentation, you will learn how ARM, Linaro and the ARM partnership are securing these low cost IoT endpoints by providing device security, lifecycle security and communication security, without the need for in-depth security experts…
Network Security - Real and Present DangersPeter Wood
Peter Wood has analysed the results of all the network penetration tests conducted by the First Base team over the past year. This annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business.
Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.
Symantec Enterprise Security Products are now part of BroadcomSymantec
Symantec Enterprise Security Products are now part of Broadcom. The consumer division of Symantec Corp. is now NortonLifeLock Inc. -- a standalone company dedicated to consumer cyber safety.
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
Youth in foster care face unique risks to their identity.In this webinar we discuss the risks, as well as tips for better protection. Watch on demand here: https://symc.ly/2N8cELV.
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
Learn how to protect your data during Symantec's National Cyber Security Awareness Month webinar with the Identity Theft Resource Center and Infolock.To watch on demand https://symc.ly/2VMMWQX.
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
Symantec, TechSoup and the Michigan Small Business Development Center share how to apply added layers of security to your devices and online accounts. Watch on-demand recording here: https://symc.ly/33ifcxo.
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
View this webinar from Symantec and NCSAM partners, the National PTA, Connect Safety and the National Cyber Security Alliance, to learn how to protect the devices you use day to day.
Watch on demand here: https://symc.ly/2nLyXyB
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
On January 1, 2020, one of the strictest privacy laws in the US, the California Consumer Privacy Act (CCPA), will come into effect. What should governance, risk and compliance executives know in order to prepare for CCPA? Watch the on demand recording here: https://symc.ly/2Pn7tvW.
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
Experts from Symantec and MITRE explore the latest research and best practices for detecting targeted ransomware in your environment.
Watch on-demand webinar here: https://symc.ly/2L7ESFI.
This webinar will explore the less-discussed topics of a mobile security strategy that everyone should understand – before it’s too late. Watch on-demand here: https://symc.ly/2z6hUsM.
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
This webinar to shares insight into how an Advanced Threat Assessment does root analysis to uncover unknown, unique threats happening in your environment. Watch here: https://symc.ly/2W52MoA
Learn if you’ve got the right security strategy, and investment plan, to protect your organization and ensure regulatory compliance with the General Data Protection Regulation (GDPR). Watch now here: https://symc.ly/2VMNHIm
2019 Symantec Internet Security Threat Report (ISTR): The New Threat Landscape presented by Kevin Haley, Director Product Management, Security Technology & Response, Symantec. Watch webinar recording here: https://symc.ly/2FJ9T18.
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
Gain valuable insight whether you’re well on your way to Zero Trust implementation or are just considering it. Watch the original webinar here https://www.symantec.com/about/webcasts?commid=347274.
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
First-hand insights on the newest cloud-delivered endpoint security solutions. Hear from Joakim Liallias, Symantec and special guest speakers Sundeep Vijeswarapu from PayPal and top industry analyst Fernando Montenegro, 451 Research. Listen here: https://symc.ly/2UY2TlS.
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
Learn how Symantec Endpoint Protection & Response (EDR) and the MITRE ATT&CK framework can expose and thwart persistent adversaries like APT28 otherwise known as Fancy Bear. Watch Webinar here: https://symc.ly/2WyPD8I
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
Symantec Freak Vulnerability Infographic
1. @threatintel | www.symantec.com
#FREAK
FREAK TARGETS WEAK CRYPTO
LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME
SECURE CONNECTIONS
CLIENT
PRECAUTIONS
User: Use non-vulnerable browser (Chrome, Firefox)
Admin: Disable support for weak cipher suites such as export
grade encryption
REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE
SOME BROWSERS
CAN BE FORCED
TO USE WEAK
EXPORT GRADE
KEYS
MAN-IN-THE-MIDDLE ATTACK
FORCE DOWNGRADE ENCRYPTION FROM
STRONG TO EXPORT GRADE (<= 512 BIT)
EXPORT GRADE ENCRYPTION <= 512 BIT KEYS
512 BIT TOO WEAK
7 HOURS
IS ALL IT TAKES TO
CRACK A 512 BIT
ENCRYPTION KEY
(Using < 100 typical PC’s)
TIMELINE OF SSL/TLS INSECURITY
1990s
512 bit export grade encryption key size was considered acceptable
for public use but still allowed governments to decrypt
communications if needed.
2000s (EARLY)
Relaxation of controls on non-military grade cryptography.
1024 bit keys widely used and considered safe.
2013
Certificate Authority/Browser Forum increases the key size for Root
CA certs. Baseline requirements jump from 1024 bits to 2048 bits.
This should provide security headroom…for a while.
2014
• HEARTBLEED – SSL information leak vulnerability affecting many
SSL implementations.
• POODLE – SSL encryption downgrade dance can allow attackers
to force weaker encryption on SSL connections which can then
be cracked/hijacked.
• FREAK – Discovery of FREAK vulnerability, affecting many server
implementations and browsers, could allow for multiple attack
scenarios.
SOME SERVERS
STILL SUPPORT
EXPORT GRADE
CIPHER SUITES
SERVER
RAPIDLY INCREASING PROCESSING
POWER MEANS WHAT WAS
CONSIDERED SECURE IN THE 90s IS
NO LONGER SECURE NOW
MOORE’S LAW
Sources:
https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status
https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers
http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat