This talk was given at the PKF (Payment Knowledge Forum) in London on September 30th as part of the 2014 summit.
For details about PKF see http://www.thepkf.org, for details about the 2014 summit see http://www.thepkf.org/lon_2014eventinfo.php. It was, once more, a very good event - highly recommended.
This presentation has three pieces: (1) How was the attack against Target executed and how could it have been stopped (2) Has the attacked changed the security landscape and if so how (3) Recommendations for going about securing computer systems
OS Security Evolution & Latest Attack Vectors By Jacob TorreyPriyanka Aash
This is part of CISOPlatform 'Best of the World Webcast' webinar series where original/breakthrough information security researchers present to you. So, the CISO can stay ahead of his time, ahead of his threats. Uncover some of the best interesting infosec threats in this sector.
2014 11 data at rest protection for base24 - lessons learned in productionThomas Burg
Until late 2013, all customers running BASE24 on the HP NonStop platform had to rely on compensating controls in the area of PCI 3.4.
With the advent on solutions enabling full compliance in the area of protection of data at rest for BASE24, it is important to pick a solution which fully satisfies your requirements and also makes sure BASE24 stays as stable and performant as it is.
This presentation explores some areas comForte has found to be rather relevant due its various proof of concepts and with the customers already in production with its product, SecurData/24.
BASE24 classic is a rock-solid system for processing ATM and credit card transactions. However, the technology behind BASE24 is decades old and for that reason BASE24 classic does not well integrate into modern Interprise IT environments, also there are shortcomings in compliance areas.
This presentations shows how BASE24 classic can easily be modernized - without having to touch any source code file and thus keeping the "Kernel" unchanged.
The attack on TARGET: how was it done - lessons learned for protecting HP Non...Thomas Burg
This presentation has three parts:
Part 1: The mechanics of the attack against Target where 40 million full records of a POS transaction were stolen
Part 2: The state of computer security with a focus on HP NonStop systems: the need for a new paradigm
Part 3: Recommendations to secure HP NonStop systems
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...Thomas Burg
In light of the recent security breaches against payment systems (most prominent: Target), running BASE24 securely is becoming even more important than before.
This presentation discusses properly the Verizon Data Breach Investigations Report (VDBR) with a focus on the relevance on securing BASE24 systems.
It also discusses the (sad!) state of computer security today, how this came about and what can be done about it.
From Russia with Love - modern tools used in Cyber AttacksThomas Burg
Cyber Attacks have come a long way since the first computer Virus "Brain" was created in 1986. This presentation looks at the changes and the consequences resulting for the state of computer security today.
CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar RazCODE BLUE
Today's threat landscape is all about Cyber. We have cyber threats, cyber security, cyber warfare, cyber intelligence, cyber espionage... Cyber is a synonym for the Internet, but sometimes, it's not -all- about the internet. Focusing defences on the Internet front leads to some wrong assumptions and the overlooking of much simpler, yet just-as-dangerous attack vectors.
OS Security Evolution & Latest Attack Vectors By Jacob TorreyPriyanka Aash
This is part of CISOPlatform 'Best of the World Webcast' webinar series where original/breakthrough information security researchers present to you. So, the CISO can stay ahead of his time, ahead of his threats. Uncover some of the best interesting infosec threats in this sector.
2014 11 data at rest protection for base24 - lessons learned in productionThomas Burg
Until late 2013, all customers running BASE24 on the HP NonStop platform had to rely on compensating controls in the area of PCI 3.4.
With the advent on solutions enabling full compliance in the area of protection of data at rest for BASE24, it is important to pick a solution which fully satisfies your requirements and also makes sure BASE24 stays as stable and performant as it is.
This presentation explores some areas comForte has found to be rather relevant due its various proof of concepts and with the customers already in production with its product, SecurData/24.
BASE24 classic is a rock-solid system for processing ATM and credit card transactions. However, the technology behind BASE24 is decades old and for that reason BASE24 classic does not well integrate into modern Interprise IT environments, also there are shortcomings in compliance areas.
This presentations shows how BASE24 classic can easily be modernized - without having to touch any source code file and thus keeping the "Kernel" unchanged.
The attack on TARGET: how was it done - lessons learned for protecting HP Non...Thomas Burg
This presentation has three parts:
Part 1: The mechanics of the attack against Target where 40 million full records of a POS transaction were stolen
Part 2: The state of computer security with a focus on HP NonStop systems: the need for a new paradigm
Part 3: Recommendations to secure HP NonStop systems
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...Thomas Burg
In light of the recent security breaches against payment systems (most prominent: Target), running BASE24 securely is becoming even more important than before.
This presentation discusses properly the Verizon Data Breach Investigations Report (VDBR) with a focus on the relevance on securing BASE24 systems.
It also discusses the (sad!) state of computer security today, how this came about and what can be done about it.
From Russia with Love - modern tools used in Cyber AttacksThomas Burg
Cyber Attacks have come a long way since the first computer Virus "Brain" was created in 1986. This presentation looks at the changes and the consequences resulting for the state of computer security today.
CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar RazCODE BLUE
Today's threat landscape is all about Cyber. We have cyber threats, cyber security, cyber warfare, cyber intelligence, cyber espionage... Cyber is a synonym for the Internet, but sometimes, it's not -all- about the internet. Focusing defences on the Internet front leads to some wrong assumptions and the overlooking of much simpler, yet just-as-dangerous attack vectors.
Though the potential of the IoT is vast, adoption can easily be curtailed by security worries. No company wants their products to be a victim of a hack, yet many do not appear to consider security as a primary driver of design decisions. This presentation will look at IoT security and describe what product designers – regardless of platform – need to be aware of if they want to build a secure and successful device.
IoT security encompasses requirements that are new for many product designers – such as provisioning, authentication, OTA upgrades and link encryption – and weaknesses in any one could potentially be used to compromise the security of the end product. From physical attacks to analysis of communications channels, there are many possible attack vectors that need to be considered.
From hacked routers to refrigerators sending spam email, there have been a lot of scary news stories about Internet of Things (IoT) security, or lack of it. According to the 2014 Hewlett-Packard Internet of Things Research Study, 70% of Internet connected devices they surveyed didn’t even use encrypted network connections. The US Federal Trade Commission (FTC) recently weighed in on the issue too, releasing a report that outlines potential IoT security risks, ranging from unauthorized access and misuse of personal information, to facilitation of attacks on other systems and risks to personal safety.
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
Presentation by Haroon Meer at IDC in 2006.
The presentation begins with a discussion on google hacking. There is a brief discussion on Kernel-rootkits. The presentation ends with a discussion
on web application hacking.
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.
buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. ... Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables
The Hardcore Stuff I Hack:
This talk is going to give a run through of some of the technical challenges paul and his team have overcome over the years - in as much hardcore detail as possible
Reducing attack surface on ICS with Windows native solutionsJan Seidl
Presentation given at 4SICS conference in Stockholm, Sweden about using Windows built-in solutions like Software Restriciton Policies/App Locker, EMET and other minor things.
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008eLiberatica
This is a presentation held at eLiberatica 2008.
http://www.eliberatica.ro/2008/
One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions.
The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
HPE NonStop GTUG Berlin - 'Yuma' Workshop Thomas Burg
This is part 2 of a three part workshop. It focuses on how Infiniband adds RDMA as a communication means between HPE NonStop and RHEL Linux.
This drastically reduces latency and drastically improves throughput in NonStop Hybrid environments.
From a high level business view, this makes HPE NonStop a player in private cloud environments TODAY.
Comparing the TCO of HP NonStop with Oracle RACThomas Burg
HP NonStop is often (wrongly!) perceived as "expensive", specifically compared with the combination of "vanilla X86 hardware" and the Oracle RAC DB offering.
This presentation talks about an in-depth analysis HP did to compare the two offerings fair and square. You might be surprised at the results ...
More Related Content
Similar to The attack against target - how was it done and how has it changed the security landscape
Though the potential of the IoT is vast, adoption can easily be curtailed by security worries. No company wants their products to be a victim of a hack, yet many do not appear to consider security as a primary driver of design decisions. This presentation will look at IoT security and describe what product designers – regardless of platform – need to be aware of if they want to build a secure and successful device.
IoT security encompasses requirements that are new for many product designers – such as provisioning, authentication, OTA upgrades and link encryption – and weaknesses in any one could potentially be used to compromise the security of the end product. From physical attacks to analysis of communications channels, there are many possible attack vectors that need to be considered.
From hacked routers to refrigerators sending spam email, there have been a lot of scary news stories about Internet of Things (IoT) security, or lack of it. According to the 2014 Hewlett-Packard Internet of Things Research Study, 70% of Internet connected devices they surveyed didn’t even use encrypted network connections. The US Federal Trade Commission (FTC) recently weighed in on the issue too, releasing a report that outlines potential IoT security risks, ranging from unauthorized access and misuse of personal information, to facilitation of attacks on other systems and risks to personal safety.
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
Presentation by Haroon Meer at IDC in 2006.
The presentation begins with a discussion on google hacking. There is a brief discussion on Kernel-rootkits. The presentation ends with a discussion
on web application hacking.
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.
buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. ... Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables
The Hardcore Stuff I Hack:
This talk is going to give a run through of some of the technical challenges paul and his team have overcome over the years - in as much hardcore detail as possible
Reducing attack surface on ICS with Windows native solutionsJan Seidl
Presentation given at 4SICS conference in Stockholm, Sweden about using Windows built-in solutions like Software Restriciton Policies/App Locker, EMET and other minor things.
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008eLiberatica
This is a presentation held at eLiberatica 2008.
http://www.eliberatica.ro/2008/
One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions.
The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Similar to The attack against target - how was it done and how has it changed the security landscape (20)
HPE NonStop GTUG Berlin - 'Yuma' Workshop Thomas Burg
This is part 2 of a three part workshop. It focuses on how Infiniband adds RDMA as a communication means between HPE NonStop and RHEL Linux.
This drastically reduces latency and drastically improves throughput in NonStop Hybrid environments.
From a high level business view, this makes HPE NonStop a player in private cloud environments TODAY.
Comparing the TCO of HP NonStop with Oracle RACThomas Burg
HP NonStop is often (wrongly!) perceived as "expensive", specifically compared with the combination of "vanilla X86 hardware" and the Oracle RAC DB offering.
This presentation talks about an in-depth analysis HP did to compare the two offerings fair and square. You might be surprised at the results ...
HP NonStop applications: Modernization from the Ground-up and the User-inThomas Burg
Presentation for use by comForte and Carr Scott Software for user gatherings discussing comForte’s unique capabilities to help customers modernize their ‘Tandem’ legacy applications and why you can re-invest with confidence in your HP NonStop platform.
You may be compliant, but are you really secure?Thomas Burg
Presented by Greg Swedosh from Knightcraft Technology (www.knightcraft.com) at NonStop Bootcamp 2014.
This presentation explains why being PCI compliant does *not* equal being secure. While this is a general statement, the presentation does focus on the HP NonStop platform.
Excerpt from a summary slide:
Without a strong commitment to security by the executive team, being compliant only provides a false sense of security.
It often just becomes about ticking boxes and “filling gaps”.
Where there is no serious commitment to security, an organization will always be significantly more vulnerable.
comForte CSL: a messaging middleware framework for HP NonStopThomas Burg
The comForte CSL product is a flexible and powerful messaging middleware framework for the HP NonStop platform. This presentation describes the product on several levels:
(1) Elevator pitch (Why/How/What?)
(2) Technical Use Cases (Geeky!)
(3) Business Cases
(4) How to modernize a legacy COBOL application
(5) Competing products
This short presentation gives an overview about the comForte SecurTape product. SecurTape implements backup tape encryption for the HP NonStop computing platform. It uses software only.
Survival of the Fittest: Modernize your NonStop applications todayThomas Burg
Many CIOs and IT leaders view applications running on HP NonStop systems as inflexible and/or expensive. After all, these systems have been around 35+ years after all – so OLD indeed they are. And aren’t these systems kind of like mainframes (so sure enough they are EXPENSIVE) ? Finally, the people working on the platform are using special emulators getting to the systems (INFLEXIBLE?) ?
The reality is more complex and is discussed controversially using themes such as “Total Cost of Ownership”, the platform being “open” or “standard”. Let’s try to stay with the facts here:
-yes, the systems have been around for a long time
-So have been some applications running on it
-Some applications have not seen changes in the last 10 years
-the Gartner’s of the world don’t like them (if nothing else, because they don’t run on X86 hardware)
This presentation discusses that it is up to YOU, the NonStop platform owner to modernize your applications in order to make sure they are *not* inflexible, *not* expensive to operate etc. It also shows that application/platform modernization is often easier than you think.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The attack against target - how was it done and how has it changed the security landscape
1. DISCLAIMER:
This presentation reflects the opinions and recommendations of the authors only and does not in any way represent the views or endorsements of any other parties. HP NonStop is a trademark of Hewlett-Packard Development Company, L.P. All other trademarks are the property of their respective owners. copyright (2014) comForte 21 1
2. To be able to look at this presentation offline and without the speakers audio, slide notes have been added to some slides and are shown here, on the right.
It is recommended to viewthe presentation in ‘full screen single page at a time’ view, giving you the slide (as presented) in the upper left and the slide notes (to be used when viewing the PDF or slide share view) on the right side.
copyright (2014) comForte 21 2
3. Thomas is…
•somewhat of a geek,playing with computers at the age of 13 and now making a living off it
•Learning about computer security since about 2000 – classes, reading, …. Learning every day … CISSP 2007
•active on LinkedIn
•Privately: active on Facebook (but never posting images of people), Writing his own blog
•investing in Bitcoins (!?) . In fact, I mined bitcoins at home and it looks like it ramped up my energy bill. Fortunately I only invest small scale, otherwise I’d be VERY worried about loosing my bitcoins –more on this later
•I am also the CTO of comForte –more about the company at the end
copyright (2014) comForte 21 3
4. •Understand how the Target Hack (and, probably, theHome Depot attack and several others) was done
•Understand that computer security is, at this point in time, not exactly effective. So we’ll talk about
•Why do the bad guys seem to win? In other words, why is securing computer systems HARD
•Some old principles which are still important
•A new model …
•What comForte can do for you
copyright (2014) comForte 21 4
5. •OK, I told you about me andabout my goals for today –time for you to answer some questions…
•Who in the audience works for ….
•a vendor of computer software (maybe even security software!?)
•a consulting company (small or large, one-man shows allowed)
•A real “customers” or “users” (having the budget for the sponsors to go after):
•Retailers
•Banks
•Other Fis
•Result of quiz: a somewhat even distribution of all of the folks above
copyright (2014) comForte 21 5
7. The URL shown is a rather detailed write-up of the breach –including how the stolen credit card numbers are monetized in the “carder underground”. Highly recommended reading.
The diagram “how the hackers broke in” is also from the article –we will now look at the steps in more detail.
Download URL is http://www.businessweek.com/printer/articles/189573- missed-alarms-and-40-million-stolen-credit-card- numbers-how-target-blew-it
copyright (2014) comForte 21 7
8. This is the POS acquiring infrastructure at TARGET, showing only the core systems required for the processing of POS transactions.
The system on the right is a HP NonStop system, see http://www.hp.com/go/nonstopfor more information about the computing platform. We use the term “NonStop system” in the diagram for brevity.
If these were the only systems, the breach at TARGET could not have happened in the same way.
Note: the speakergot some heat from a HP NonStop guy because he did not like “breach” and “HP NonStop” in the same sentence –especially if the breach did not happen “on” HP NonStop. Point well taken –however don’t think your NonStop is safe (we’ll get to this bit later).
copyright (2014) comForte 21 8
9. This diagram shows more systems which are part of the larger TARGET infrastructure: Two internal servers are used to process the “backoffice” data collected at the Point of sale systems. Also, an HVAC system (Heating, Ventilation, Air conditioning) is remote-controlled via an external consultant.
copyright (2014) comForte 21 9
10. In the first step of the attack, the “bad guys” took over a web site an employee of the HVAC company was accessing. By doing so, they were able to obtain his username and password for that –unrelated –web site.
Unfortunately, the employee used the same password to access the TARGET network for remote HVAC maintenance –and thus the attackers were inside the TARGET network.
copyright (2014) comForte 21 10
11. They then were able to ‘take over’ an internal server present at every TARGET store with direct connectivity to the POS systems running Microsoft Windows.
copyright (2014) comForte 21 11
12. In the next step, they used the internal server to install specifically crafted malware onto the Windows POS system.
copyright (2014) comForte 21 12
13. At this point in time, the malware installed on the POS system was collecting the full data for each and every POS transaction. They used a well-known technique called “memory scraping” to access the data sent from the POS device “through” the Windows POS system to the NonStop system processing the POS data.
The final step now is to get the data sent out from the internal TARGET network and the attackers needed to be careful not to raise an alarm by using new connections (an outgoing FTP connection to an unknown host on the Internet would almost certainly have raised alarms immediately).
This final step is called “exfiltration”.
copyright (2014) comForte 21 13
14. For exfiltration, the attackers were able to take over another internal server which was already shown on an earlier slide. That server was not in the “critical network zone” and hence not monitored for outgoing data as closely as each TARGET store itself.
copyright (2014) comForte 21 14
15. In the final step, the attackers sent the data from the POS Windows systems to the Internal server on the right where they collected it for a while.
They then sent the data to a few servers on the Internet and then downloaded the data to their own systems.
copyright (2014) comForte 21 15
16. Summary:five steps, each time hopping from machine to the next. One should note the complexity of the attack –this is not a simple attack but one that requires careful advance planning as well as a lot of details during the ‘execution’ stage.
copyright (2014) comForte 21 16
17. As companies improve their defenses, attacks are requiring more and more steps to succeed. This is why “defense in depth” is such an important concept –the defender only need to prevent a single step of the attack to thwart it. Here are a few measures which all could have prevented the specific attack carried out successfully against TARGET:
• Preventing distribution and installation of the malware onto the POS systems:
•Better segmentationof in-store network
•Strong authentication for vendor access
•Actually looking at the incident logs of the advanced attack tool (“Fireeye”, see business week article for details)
•Setting Fireeyeto “block” rather than “alert”
• Using end-to-end encryption between the POS reading device and the acquiring system.
• Detecting and blocking the outbound traffic in which the confidential data was transferred to servers outside of Target's store network.
(Itshould be noted that these measures are by no means a comprehensive security architecture, they are the few pieces of a whole defense-in-depth strategy that would have made the difference)
copyright (2014) comForte 21 17
18. •Who knows what an APT is
•Who knew all the gory details of this attack
•Who knows what DLP is
•Who knows what Data Centric Security is
Resultsof quiz:
•Who knows what an APT is (few. APT stands forAdvanced Persistent Threat –see presentation http://www.slideshare.net/thomasburg/from-russia- with-love-modern-tools-used-in-cyber-attacks on slide share)
•Who knew all the gory details of this attack (about a third of the audience)
•Who knows what DLP is (few. It standsfor Data Loss Prevention –in a nutshell this is about avoiding data being leaked via technical means)
•Who knows what Data Centric Security is (veryfew. This will be talked about later)
copyright (2014) comForte 21 18
20. Let’s first look at the security landscape before ca. 2005:
•The defenders had appropriate tools (Antivirus, Firewalls)
•The attackers were mostly harmless and well-meaning
copyright (2012) comForte 21 20
21. Only five years later –but big changes in the ‘realworld’ (!). We’ll talk about CEO perceptions later.
•The attackers are plenty, skilled and motivated
•No real change on thedefender side
•The defenders are very often busy with something else, understaffed and underfunded
copyright (2012) comForte 21 21
22. Only another four years later!
•The attackers are plenty, skilled and motivated –much more so (APT)
•Again,No real change on thedefender side
•Still, The defenders are very often busy with something else, understaffed and underfunded
Questionfrom the title “How has the attack on target changed the computer security landscape”. Answer: technically, not at all. Perception: next slide
copyright (2012) comForte 21 22
23. This discussion on LinkedIn started with a rather insightful blog entry (more on this below) and turned out into very interesting reading –I’d recommend to look at the whole thread (which keeps growing, 45 comments as of 29Sep2014).
Link to discussion: https://www.linkedin.com/groups/Current-State-PCI- 66587.S.5917749052983771136?view=&gid=66587&item=5917749052983771136&type=member&commentID=discussion%3A5917749052983771136%3Agroup%3A66587&trk=hb_ntf_COMMENTED_ON_GROUP_DISCUSSION_YOU_FOLLOWED#commentID_discussion%3A5917749052983771136%3Agroup%3A66587
The aforementioned blog entry is at http://www.tenable.com/blog/the-current-state-of-pci. copyright (2014) comForte 21 23
24. Quoted, with permission from http://www.tenable.com/blog/the-current-state-of-pci.
Highly recommended reading!
copyright (2014) comForte 21 24
25. Quoted, with permission from http://www.tenable.com/blog/the- current-state-of-pci.Highly recommended reading!
It is paraphrased nicely in the discussion by Mark Faithfull, Interim Technology Leader, Founder & CEO www.textsquirt.com :
(quoted)
The key section of the article by Jeff Mann is this: The PCI DSS, as a set of security requirements, does not presume that organizations will not be breached, but rather tries to set organizations up for detecting the compromise early, and hopefully minimizing the damage.This is the key message we need to evangelise-to move PCI from being a 'compliance' based project and instead get business leaders thinking more in terms of: We will get breached-we better get ourselves organisedso we can spot it the day it happensTo this end, the PCI framework does provide a lot of helpful guidance for businesses who don't have that security infrastructure in place at the moment. The most telling fact about the recent high profile breaches is the length of time intruders are in the merchant systems before these big breaches are discovered, which to me means the 'business as usual' of living the PCI life is not in place in these organisations.
copyright (2014) comForte 21 25
26. Quoted (with permission)from a LinkedIn discussion in the “PCI Network -The World's Largest Payment Card Industry Group” group
The discussion started with the following blog entry http://www.tenable.com/blog/the-current-state-of-pci –highly recommended reading
Link to discussion: https://www.linkedin.com/groups/Current-State-PCI- 66587.S.5917749052983771136?view=&gid=66587&item=5917749052983771136&type=member&commentID=discussion%3A5917749052983771136%3Agroup%3A66587&trk=hb_ntf_COMMENTED_ON_GROUP_DISCUSSION_YOU_FOLLOWED#commentID_discussion%3A5917749052983771136%3Agroup%3A66587
copyright (2014) comForte 21 26
27. So far we looked at changes in the industry. The speaker believes that while the ATTACK SCENARIOS have radically changed (“improved” from the point of view of the attacker) –the DEFENSE SCENARIOS have not. We’ll look at the ‘defense scenarios’ in second.
The speaker has been thinking about this question for years, maybe decades. He still isn’t sure, but he feels he is closing in (?). So, here is the most important slide of this presentation. Why are the bad guys winning? (drum roll, slide still blank)
(1)There is a HUGE difference between the perception of computer security among the non-computer-security-geeks (about 99.999 % of the general population) and the computer- security-geeks. The problem is that you have to see the problem you have to be very geeky. There are excellent classes on this by SANS, they will turn you from the 99.999 % to the 0.0001 % within a week –I did this 10 years ago and became a convert. The class SEC401: Security Essentials BootcampStyleis a class I can not recommend too much –it does take a week and it does cost about US$ 5000 –but it is worth every $. See www.sans.org for details.
(2)Anyway: here is how most people perceive computer security (image shows): Most importantly, they don’t care. They have a life and other things to worry about. Also, overall it can’t be that bad –my company has not been hacked yet. I have not been hacked yet. The industry will take care. …
copyright (2014) comForte 21 27
28. So here is what the “security geeks” are perceiving… Drum roll… Image appears
I spent the last 14 years of my life learning about computer security. I am still learning every day. Why do I think this way?
(1)In most life scenarios, getting “99 % right” is good. In computer security it can be disastrous
(2)There is no silver bullet. Repeat after me: there is no silver bullet. It is hard.
(3)Translation of “it is hard”:
(1)It will be expensive. Ramp up the budget
(2)It is beyond products (although some vendors might tell you so)
(3)It is an arms race. New attacks are coming out every day
(4)Most of us have a life and other things to do than securing their computers…
Back to the bitcoin story: If I had EUR 100,000 k in Bitcoins…. I’d sell them real fast
But let’s say I couldn’t –what would I do?Here’s what:
-Buy a new computer. Most probably not Windows or Mac
-Set up a bitcoin wallet
-Take it off the Internet and never connect it again (!!!)
-Move data only through freshly formatted USB sticks
-Side note : Modern bitcoin wallets allow to do just that
copyright (2014) comForte 21 28
30. Let’s take a moment tothink aboutthe message so far. Shouldn’t we simply give up hope?
copyright (2013) comForte 21 30
31. Ignore the issue or…
Hope that it does not happen to you or …
Do something
Nope–there are ways to cope
copyright (2012) comForte 21 31
32. About 20 years ago, users would connect to “big iron” (mainframe type of computers) using dedicated terminals which had no other functionality than to access the system.
Today, PCs are used to connect to HP NonStop systems and administer them. The big problem with this is that many core security principles are based on so-called “user authentication” –making sure the NonStop knows which user name is currently connecting.
Historically, there have been many means on using this information for “Authorization” –namely deciding who can do what (and who can NOT do what).
This has worked well over the years –but most attacks including the on TARGET show that attackers are able to “0wn” (Hacker lingo for “own”) any PC or midrange server in the organization. An “0wned” PC is effectively remote-controlled by the bad guys –and with that user authentication is broken and should not be relied on as strongly as so far.
This knowledge is widely spread in the security community –but unfortunately it is not that widely spread in non-security realm.
copyright 2014 comForte 21
33
33. https://en.wikipedia.org/wiki/Tootsie_Roll , supposedlythis is “Hard on the outside, chewy on the inside”
Imagecredits: See Wikipedia link above and/or https://upload.wikimedia.org/wikipedia/commons/thumb/0/02/Tootsie-Roll-WU.jpg/220px-Tootsie-Roll-WU.jpg [[Tootsie-Roll-WUCC BY-SA 3.0Evan-Amos-Own work]]
Badly broken!!! (Look at Target attack…)
copyright (2014) comForte 21 34
34. See also http://technodrone.blogspot.com/2014/07/m- snickers-and-security-in-cloud.htmlor http://networkingnerd.net/2014/07/15/security- dessert-models/
Or see http://www.computer.org/csdl/mags/sp/2005/05/j5004. pdf-a white paper from 2005 (sic!)
Image credit: see https://en.wikipedia.org/wiki/File:Snickers_wrapped.jpg copyright (2014) comForte 21 35
35. IMHO, "we", the IT geeks and/or the industry have horribly failed in making executives aware of what is at stake. Also, I am *not* aware of a proper translation of "IT risk" and "protective technical measures" into "value from C-level view".
That said, I just came upon a most wonderful white paper from IBM,
Elevating the Discussion on Security Management
The Data Centric Paradigm
downloadable at https://www.google.fi/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCEQFjAA&url=http%3A%2F%2Fwww.researchgate.net%2Fpublication%2F4257215_Elevating_the_Discussion_on_Security_Management_The_Data_Centric_Paradigm%2Flinks%2F0deec51b8afeb363fe000000&ei=LxQoVPDHIcHkaoL7gKgJ&usg= AFQjCNGAqVHURFbcqxwnCt54C5tWDPDj6w&bvm=bv.76247554,d.d2s(if you find an easier link, let me know at t.burg@comforte.com )
This is the best on this topic I have read in about a decade. Finally there might be hope for C-levels folks to "get it" ???
copyright (2014) comForte 21 36
36. Comments on that paper very welcome ...
copyright (2014) comForte 21 36
40. We focus on HPNonStop platform. In fact, we just wrote a book about the platform –you can get it at http://www.comforte.com/ns4dummies
Along with many products for this platform, we have a product for data-centric-security (You didn’t think you’d be getting away without a sales pitch, did you ).
It is about enabling existing (“legacy”) applications to replace PANs with tokens on HP NonStop. It is relatively new but do we have folks in production. Wearing my vendor hat for a moment, I think that we are best equipped within the NonStop market to make this possible for legacy applications. Why is that:
-We have been doing this for a couple of years by now
-We have an open architecture, allowing you to use our own tokenization engine (which is blazingly fast!). Or any (!) Enterprise tokenization engine.
For more information about the product, please go to www.comforte.com/securdataor (recommended even more) look at our Youtubevideo series at http://youtu.be/-bnxPrdS0-0
copyright (2014) comForte 21 40
41. If you think you are secure –think again. You are not. Sorry. Please do not kill the messenger. It is all about getting the perception right –and to spend money wisely and to see this as a process…
We need to move from Tootsie roll security model (“hard on the outside, chewy on the inside”) to Snickers security model (“crunchy on the inside” –data driven!).
comForte:
-HP NonStop for Dummies, just out –get it at http://www.comforte.com/ns4dummies
-Lots of expertise around HP NonStop system
-Product for data-centric security for HP NonStop (“SecurData”, click on Image). It also helps with PCI compliance . For more information about the product, please go to www.comforte.com/securdataor (recommended even more) look at our Youtubevideo series at http://youtu.be/-bnxPrdS0-0
-And,of course http://www.comforte.com
copyright (2014) comForte 21 41