The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

•Download as PPTX, PDF•

0 likes•262 views

The document discusses vulnerabilities in connected devices and critical infrastructure that could be hacked. It argues that while some believe others will fix security issues, the reality is that consumers and organizations must take action themselves. The Cavalry is working to address issues like automotive cybersecurity through a 5-star framework, connecting researchers to lawmakers, vendors and purchasers to inform them about vulnerabilities and the need for secure by design practices. Individuals can support these efforts by getting involved in legal/policy work, connecting different stakeholders, or spreading awareness as community leaders. The overall message is that grassroots action is needed to improve cybersecurity.

Technology

I AM THE CAVALRY
http://iamthecavalry.org
@iamthecavalry
SHOULDN’T YOU BE ALSO?

CLAUS CRAMON HOUMANN
Head of IT & Infosec Consultant
The Analogies contributor
Twitter: @claushoumann

AGENDA
•Vulnerabilities in connected devices (that
matter)
• Someone will fix it for us
• Or not. Maybe we should be the Cavalry?
• What are we doing
• What you can do

Chapter 1
VULNERABILITIES IN
CONNECTED DEVICES
(THAT MATTER)

SECURE?
HOW THEN ABOUT CRITICAL
NATIONAL INFRASTRUCTURE?

OUCH!
Stating the obvious:
Everything connected is vulnerable and
can/will be hacked

Computers have security issues
Cars have computers
Security issues in cars are safety issues
S L I D E O F S O M E R E C E N T O N E S
- T H E Z U B I E : H T T P : / / W W W . A U T O B L O G . C O M / 2 0 1 4 / 1 1 / 0 8 / C A R -
R E M O T E D L Y - H A C K E D - I S R A E L - C Y B E R - S E C U R I T Y /
- M E D I C A L D E V I C E S

IT’S UP TO US
TO MOUNT UP AND BE
THE CAVALRY

HUMAN LIFE VS. DIGITAL LIFE
Human
Life
Intellectual
Property
PII PHI PCI
http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
Mobile
Malware
Moving researchers left

5-Star Framework
Addressing Automotive Cyber Systems
5-Star Capabilities
 Safety by Design – Anticipate failure and plan mitigation
 Third-Party Collaboration – Engage willing allies
 Evidence Capture – Observe and learn from failure
 Security Updates – Respond quickly to issues discovered
 Segmentation & Isolation – Prevent cascading failure
Connections and Ongoing Collaborations
Automotive
Engineers
Security
Researchers
Policy
Makers
Insurance
Analysts
Accident
Investigators
Standards
Organizations
https://www.iamthecavalry.org/auto/5star/

AND MORE IN OTHER AREAS
COMING
We try to connect researchers to
1. Lawmakers to inform of meaningful changes to laws to enforce
secure by default
2. Vendors/producers to inform of secure ways to build securely by
design and of identified vulnerabilities
3. Purchasers of devices (example: Pacemakers, car distributors) to
explain to them why they need to contractually demand security – if
there is demand vendors will supply

CONNECTIONS/CONNECTORS
WANTED
Breakers and Builders
Legal and Policy
Citizens, Connectors
Parents/Guardians
Community Leaders/Bloggers/Podcasters/etc.

MOUNT UP AND BE THE
CAVALRY
YOU DON’T ACTUALY
NEED A HORSE

NEVER DOUBT THAT A SMALL GROUP
OF THOUGHTFUL, COMMITTED
CITIZENS CAN CHANGE THE WORLD;
I T ’ S T H E O N LY T H I N G
THAT EVER HAS.
- MARGARET MEAD
( A N A ME R I C A N C U LT U R A L A N T H R O P O L O G I S T )

SECURITY OF
CONSEQUENCE
http://iamthecavalry.org
@iamthecavalry

The document discusses how futurist Craig Rispin can help people through keynote speaking, advisory boards, mentoring groups, and high-tech high-touch scenario planning. It references topics like the fourth industrial revolution, startup valuations over $1 billion, jobs being transformed by automation, and New Zealand's goal to be carbon-neutral by 2050. The document contains snippets from various videos and articles on emerging technologies and their impacts.

10 technologies4automarketers2tap09 2005

Ralph Paglia

The document discusses ten emerging technologies in 2005 that auto marketers could use to connect with customers, such as social media platforms that were just beginning to gain popularity like blogs, forums, and podcasts. It encourages auto companies to experiment with these new online tools to learn more about customers and promote their brand in innovative ways. Legal disclaimers are included noting that the content is copyrighted and cannot be reproduced without permission.

How Robots Work

itraore11

Robots come in different forms and can serve various functions like helping with homework, household chores, and jobs that assist governments and industries. While robots are designed primarily to be helpful by taking over difficult and dangerous tasks, they require complex technology and careful programming to function properly and ensure any robot power is not misused or aimed to harm humans. The student learned most of the information about robots from online sources like Google and Wikipedia.

Innovative design presentation

Fashionistaaa27

The document is a proposal from Andrea Ramdeen to Professor Klinkowstein for an innovative business. It includes additional research in the form of three articles about driving safety and distractions. The articles discuss how driving accidents have increased due to changes in cars and the economy. They also explore how driving simulators were used to test the skills of elderly drivers and the biggest distractions for drivers, which are often due to human behavior.

Secure America Now - CPAC 2011

SecureAmericaNow

The document discusses several public opinion polls regarding security issues and perceptions of threats. It finds that while economic issues are the top concern, terrorism and security threats are still significant concerns. President Obama receives weak ratings on his handling of security and defense policies. There is also a view that Iran poses a major threat and that its potential nuclear weapons program is a serious concern for the United States.

Integrated Logistic Support Adages

Tomas Ternstrom

This document discusses three principles of reliability, availability, and maintainability. It references Murphy's law that anything that can go wrong will go wrong. It also notes an adage that if something can go wrong at the worst possible time, it will. Finally, it quotes Douglas Adams saying that things that cannot possibly go wrong are usually impossible to access or repair when they do go wrong.

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015

Claus Cramon Houmann

1) The I Am The Cavalry organization aims to ensure connected technologies that could impact public safety and lives are secure and trustworthy. 2) As technology connectivity grows faster than security improvements, the Cavalry argues that citizens must take action to drive positive change sooner. 3) The Cavalry's mission is to connect security researchers, industry, policymakers and others to collaborate on solutions like the "5 Star" framework to help manufacturers design secure products and respond quickly to vulnerabilities.

Tracking vulnerable JARs

David Jorm

The document discusses tracking vulnerable JAR (Java archive) files. It notes that many Java applications rely on large numbers of library dependencies, and over 26% of downloads from a popular repository contain known flaws. The author describes a solution used at Red Hat that involves generating a manifest of all JARs used in products, matching this against a database of known vulnerabilities, and enforcing checks for vulnerable files during the build process. This solution uses three components: a tool to generate JAR manifests, a shared vulnerabilities database, and a plugin to check for vulnerabilities during the maven build process.

This document discusses advanced persistent threats (APTs) and analyzes recent APT attack techniques to propose effective countermeasures. It describes the lifecycle of a generic APT attack and analyzes several popular past APTs, including Stuxnet and Flame. The document also discusses steps for detecting APTs, mounting proper responses, and developing secure networks against APT attacks. Additionally, it briefly introduces advanced volatile threats (AVTs) and argues why enterprises should prepare for them.

Defending Enterprise IT - beating assymetricality

Claus Cramon Houmann

Presentation infra and_datacentrre_dialogue_v2

Claus Cramon Houmann

Threats from cyber attacks are increasing and becoming more sophisticated. Existing security tools and even next-generation tools are often ineffective at detecting advanced persistent threats. It is an asymmetrical conflict where defenders must focus on fundamentals like training employees, prioritizing security over compliance, and implementing defense-in-depth across endpoints, networks, data in transit, cloud systems, and internal systems to build a more defensible infrastructure and gain situational awareness of attacks. Continuous improvement is needed to counter evolving adversary techniques.

Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...

Claus Cramon Houmann

This document discusses the importance of security over compliance and provides strategies for building an effective security posture. It argues that compliance focuses on past threats and does not ensure true security. Several models for security are presented, including defense in depth with layered protections across systems, following the cyber kill chain to disrupt attacks, and building a defensible security posture. Real security that goes beyond minimum compliance is needed to effectively defend against evolving threats.

Intelligence Driven Security

MarketingArrowECS_CZ

Next Generation Advanced Malware Detection and Defense

Luca Simonelli

Security Challenges in Emerging Technologies

Praveen Vackayil

This document discusses emerging security challenges with new technologies. It begins with an overview of how information security has evolved from a focus on confidentiality to also emphasize integrity and availability. Four emerging technologies are then examined: robotics, 3D printing, the Internet of Things, and wearables. Each section identifies applications of the technology and discusses associated security risks. For example, robotic systems could be hacked and manipulated to cause physical harm. The document emphasizes that security must be considered from the early design stages of new technologies and provides approaches to help secure different areas.

Malware in the Wild: Evolving to Evade Detection

Lastline, Inc.

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Lastline, Inc.

Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing number of the analog things with which we used to interact every day have been replaced with connected devices. The increasingly-complex systems that drive these devices have one thing in common – they must all communicate to carry out their intended functionality. Such communication is handled by firmware embedded in the device. And firmware, like any piece of software, is susceptible to a wide range of errors and vulnerabilities.

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Lastline, Inc.

This document summarizes a presentation given by Dr. Engin Kirda on reacting to advanced cyberattacks in real-time using Lastline's detection platform. The presentation discusses how malware has become more sophisticated, evasive, and targeted. Lastline takes a unique approach to detection by using full system emulation in their sandbox environment, which allows them to detect malware that evades traditional antivirus solutions and virtualized sandboxes. The Lastline platform components work together to analyze suspicious files, correlate events into high-level incidents, share threat intelligence, and help automatically mitigate breaches across an organization's network in real-time.

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna

Lastline, Inc.

This document discusses evasive malware and techniques for detecting it. It begins with an introduction of the author and their background in malware research. It then covers how malware has evolved over time to target systems and evade detection. Various techniques used by malware to evade static and dynamic analysis are described. The document argues that eliciting dormant code and introducing honey-users could help with detection. It concludes that visibility is key to tracking evasive malware and more advanced analysis methods are needed.

Threat Hunting with Splunk

Splunk

This document provides an overview of threat hunting using Splunk. It begins with an introduction to threat hunting and why it is important. The presentation then discusses key building blocks for driving threat hunting maturity, including search and visualization, data enrichment, ingesting data sources, and applying machine learning. It provides examples of internal data sources that can be used for hunting like IP addresses, network artifacts, DNS, and endpoint data. The presentation demonstrates hunting using the Microsoft Sysmon endpoint agent, walking through an example attack scenario matching the Cyber Kill Chain framework. It shows how to investigate a potential compromise by searching across web, DNS, proxy, firewall, and endpoint data in Splunk to trace suspicious activity back to a specific user.

[Lithuania] I am the cavalry

OWASP EEE

I Am The Cavalry is an organization that aims to improve cyber safety for connected technologies that can impact public safety and human life. Their mission is to ensure these technologies are trustworthy. They do this by collecting research on vulnerabilities, connecting researchers with industry and policymakers, and catalyzing positive action. Their goal is to address issues sooner than would otherwise happen through education, outreach, and advocating for "safety by design", security updates, and other principles. They have started collaborating with medical device companies and aim to expand to other areas like automotive to help establish security best practices.

Thecavalryisus owasp eee-oct2015_v2

Aurelijus Stanislovaitis

All systems fail; there is no system without flaw. Each connection and dependency exposes the flaws to potential accidents and adversaries, resulting in system failure. Unknown flaws represent potential risks to public safety and human lives. Security research explores new systems reveal these flaws. But research alone does not deliver safer systems. Recent stunt hacks have left us with a hangover. As the media hype dies down, the publicity bubble is replaced by a vacuum that calls for action. In the absence of a clear, technically literate direction, this vacuum is exposed to opportunists with an agenda, push a product, or perpetuate the situation. That is not the result this research deserves. This presentation will pick up where most security research leaves off, and sketch a roadmap to resolution. We consider the road forward to be our group of volunteers, "I am the Cavalry", working together to promote and encourage not repeating the same mistakes that we've been making in enterprise security the last 30 odd years. I am the Cavalry is about collaboration between researchers, thinkers, lawyers, lawmakers and vendors/producers of connected devices to make devices worthy of our trust Bio: Claus Cramon Houmann I am the Cavalry member Former Head of IT at a small Bank in Luxembourg Community Manager at Peerlyst Independent Consultant in IT / Information Security Addicted to Infosec

Fall2015SecurityShow

Adam Heller

This document provides a summary of a presentation on cybersecurity evolution and awareness. It discusses emerging technology trends like the internet of things, big data, and predictive analytics. It also covers social media risks and security services to reduce risk through a five step approach of identifying, protecting, detecting, responding to, and recovering from cyber attacks. The presentation aims to prepare organizations for future cybersecurity challenges through education and implementing best practices.

Group 4 why smart object maybe a dumb idea

Bluepie1

The document summarizes the key points made during a group discussion on data security and privacy concerns regarding internet-connected vehicles and other internet of things devices. The group identified that: 1) Two hackers were able to remotely hack a Jeep over the internet, endangering the driver; 2) Many vehicle manufacturers connect onboard computers in insecure ways, leaving them vulnerable to hackers; 3) This poses serious safety and privacy risks that require new regulations and isolated critical systems to address.

Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...

Dana Gardner

The document summarizes a panel discussion on cybersecurity standards and supply chain risks. The panelists discussed the need for standards to address increasing complexity in technology and supply chains. Specifically, they noted that existing security controls are not effective due to complexity, and standards are needed to integrate security into system development processes and manage risks throughout the technology lifecycle and supply chain. Trustworthiness, assurance, and resilience must be priorities going forward.

Biggest info security mistakes security innovation inc.

uNIX Jim

The document discusses five common information security mistakes organizations make: 1) over-relying on network defenses and not focusing enough on application security, 2) believing technology alone will solve security issues without proper training and processes, 3) making assumptions about people's abilities and behaviors, 4) thinking secure software is too costly, and 5) focusing only on recent threats instead of long-term strategies. It provides examples to illustrate these mistakes and recommends organizations do a self-assessment, create an internal security team, ask tough questions, and educate employees to avoid these issues.

Cybersecurity: Connectivity, Collaboration and Security Controls

Kristian Alisasis Pura

Cybrary's navigating a security wasteland

Devendra kashyap

1. The document summarizes an interview with Malcolm Harkins, Chief Security and Trust Officer at Cylance, about preventing malware infections and how organizations struggle to keep up with prevention methods and identifying risks. 2. Harkins notes that organizations suffer from alert fatigue and are unable to keep up with the constant "whack-a-mole" of security issues. He suggests deploying lightweight prevention agents that can work both online and offline. 3. When asked about how customers struggle, Harkins says they need solutions to reduce risks, lower security costs, and decrease friction between security and business operations. Most organizations find it difficult to continuously manage all the new technologies, software, and third parties joining

Software Backdoors, Chiaravalle

Adam Chiaravalle

The document discusses software backdoors and their ethical implications. It begins by defining a backdoor as an intentional security flaw that allows unauthorized access. It then examines why backdoors are concerning, providing examples like the Clipper Chip and the San Bernardino case. Both sides of the argument are presented, with concerns over backdoors including precedent for misuse and the case for including enabling surveillance. The document concludes by discussing ethical viewpoints like egoism and Kantianism as they apply to the issues raised around software backdoors.

Viewers also liked

AusCERT 2016: CVE and alternatives

David Jorm

APT - Project

Dev Lavaniya

Defending Enterprise IT - beating assymetricality

Claus Cramon Houmann

Presentation infra and_datacentrre_dialogue_v2

Claus Cramon Houmann

Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...

Claus Cramon Houmann

Intelligence Driven Security

MarketingArrowECS_CZ

Next Generation Advanced Malware Detection and Defense

Luca Simonelli

Security Challenges in Emerging Technologies

Praveen Vackayil

Malware in the Wild: Evolving to Evade Detection

Lastline, Inc.

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Lastline, Inc.

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Lastline, Inc.

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna

Lastline, Inc.

Threat Hunting with Splunk

Splunk

Viewers also liked (13)

AusCERT 2016: CVE and alternatives

APT - Project

Defending Enterprise IT - beating assymetricality

Presentation infra and_datacentrre_dialogue_v2

Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...

Intelligence Driven Security

Next Generation Advanced Malware Detection and Defense

Security Challenges in Emerging Technologies

Malware in the Wild: Evolving to Evade Detection

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna

Threat Hunting with Splunk

Similar to The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

[Lithuania] I am the cavalry

OWASP EEE

Thecavalryisus owasp eee-oct2015_v2

Aurelijus Stanislovaitis

Fall2015SecurityShow

Adam Heller

Group 4 why smart object maybe a dumb idea

Bluepie1

Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...

Dana Gardner

Biggest info security mistakes security innovation inc.

uNIX Jim

Cybersecurity: Connectivity, Collaboration and Security Controls

Kristian Alisasis Pura

Cybrary's navigating a security wasteland

Devendra kashyap

Software Backdoors, Chiaravalle

Adam Chiaravalle

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

EnergySec

Data Science Salon: Are you sure you're an ethical technologist?: Build your ...

Formulatedby

This document discusses developing an ethical imagination for technologists. It argues that technologists should be part of the tech ethics conversation. An ethical imagination involves envisioning the complex consequences of technology on people and considering a wide range of impacts. Training an ethical imagination is an ongoing process of regularly examining your assumptions through discussion, debate, and understanding regulation and case studies. The document provides examples of potential harms from technologies like self-driving cars and recommendations for establishing thresholds for accuracy on marginal cases before releasing technologies.

[Report] Consumer Perceptions of Privacy in the Internet of Things

Altimeter, a Prophet Company

1) The document is a research report that summarizes a survey of over 2,000 American consumers on their perceptions of privacy regarding connected devices and the Internet of Things. 2) The survey found that consumers have significant concerns about how companies use and share their data from connected devices, and are anxious about third parties accessing their information without consent. 3) While exposure and adoption of connected technologies varies, the survey showed strong discomfort across all age groups regarding companies' collection and sale of personal data without transparency or consent.

Digital Forensics for Artificial Intelligence (AI ) Systems.pdf

Mahdi_Fahmideh

The criticality-of-security-in-the-internet-of-things joa-eng_1115

Devaraj Sl

This document discusses the growing use of smart devices and the lack of security and privacy controls built into many of these devices. It notes that while technologies are new, security concepts from decades past can still be applied. However, device manufacturers are often not considering security and privacy during design. This poses risks as these internet-connected devices collect and store personal data without user consent or knowledge. The document calls for security and privacy to be prioritized and built into devices through techniques like encryption, access controls and data minimization. It argues many common excuses for not implementing these controls are false. Information security professionals need to be aware of emerging smart devices and establish appropriate policies for their use.

GR - Security Economics in IoT 150817- Rel.1

Clay Melugin

This document discusses the importance of security for Internet of Things (IoT) devices and provides an overview of the economics of security. It notes that while developers intend to create helpful products, a lack of security could enable hacking and data breaches with significant financial liability. The document outlines components of economic risk from breaches, including damages, fines, and loss of company value. It provides a framework for calculating the potential costs of security incidents to help developers prioritize reasonable security measures and mitigate financial risks from their IoT products.

Securing the Fog

The Security of Things Forum

Connected Car Security and the Future of Transportation

Liz Slocum

1 p 14-0714 wearable technology part 2 blue paper

4imprint

The document discusses the challenges that wearable technology poses for companies, particularly in the areas of data protection, privacy, and system security. As wearable usage increases, companies will need to upgrade security measures to protect corporate data and intellectual property, determine ownership of data collected via wearables, and ensure privacy and confidentiality are maintained. Companies will also need to evaluate their network capabilities to handle the increased bandwidth demands of multiple wearable devices per employee. The document advises companies to consider these implications and establish appropriate policies before widely adopting wearable technologies in the workplace.

Digital Transformation and Data Protection

Serter Ozturk

This expedited timeline has created vehicles with advanced capabilities but few protections! Governments are very sensitive about car safety and cyber security issues. For 2017, connectivity is already prioritized on lawmakers’ agendas. It is obvious that the automotive industry’s growth trajectory does not leave much time for reflection. Data privacy and cybersecurity will become a strong selling point for car buyers. The key will be providing a smooth communication in an easy to understand way despite such protective features.

AI and Machine Learning In Cybersecurity | A Saviour or Enemy?

SahilRao25

Similar to The cavalry is us i tdays-luxembourg 2014.11.20 v1.0 (20)

[Lithuania] I am the cavalry

Thecavalryisus owasp eee-oct2015_v2

Fall2015SecurityShow

Group 4 why smart object maybe a dumb idea

Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...

Biggest info security mistakes security innovation inc.

Cybersecurity: Connectivity, Collaboration and Security Controls

Cybrary's navigating a security wasteland

Software Backdoors, Chiaravalle

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

Data Science Salon: Are you sure you're an ethical technologist?: Build your ...

[Report] Consumer Perceptions of Privacy in the Internet of Things

Digital Forensics for Artificial Intelligence (AI ) Systems.pdf

The criticality-of-security-in-the-internet-of-things joa-eng_1115

GR - Security Economics in IoT 150817- Rel.1

Securing the Fog

Connected Car Security and the Future of Transportation

1 p 14-0714 wearable technology part 2 blue paper

Digital Transformation and Data Protection

AI and Machine Learning In Cybersecurity | A Saviour or Enemy?

More from Claus Cramon Houmann

Keynote at the Cyber Security Summit Prague 2015

Claus Cramon Houmann

- The document discusses a major hack that showed existing security tools and next-generation tools have limitations and can be bypassed. It notes how easily malware can detect sandboxes and analyzes new attack surfaces like the Internet of Things. It advocates for building defenses in key "hot zones" like endpoints, networks, data in transit, and cloud infrastructure. It provides best practices around gaining situational awareness, operational excellence, and deploying appropriate countermeasures. The overall message is that security must be a strategic priority requiring budget, skills, vigilance and alliance between security and IT teams.

Keynote Information Security days Luxembourg 2015

Claus Cramon Houmann

The unspeakable-pitfalls of mobile security

Claus Cramon Houmann

Defensive strategies

Claus Cramon Houmann

The document discusses building a defense-in-depth strategy to enhance cybersecurity. It recommends relying on multiple layers of security rather than a single solution. These layers should include both threat prevention and detection capabilities. It also stresses the importance of reducing the time attackers can spend inside systems if prevention fails. The document then provides examples of defensive strategies and next-generation tools that can be used as part of a defense-in-depth approach.

Mitigating the clicker

Claus Cramon Houmann

Css 2013 claushoumann Building comprehensively for IT Security

Claus Cramon Houmann

More from Claus Cramon Houmann (6)

Keynote at the Cyber Security Summit Prague 2015

Keynote Information Security days Luxembourg 2015

The unspeakable-pitfalls of mobile security

Defensive strategies

Mitigating the clicker

Css 2013 claushoumann Building comprehensively for IT Security

Recently uploaded

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

A Comprehensive Guide to DeFi Development Services in 2024

Intelisync

DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum. In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance. In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape. At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology. Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

GraphRAG for Life Science to increase LLM accuracy

Tomaz Bratanic

Building Production Ready Search Pipelines with Spark and Milvus

Zilliz

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

Best 20 SEO Techniques To Improve Website Visibility In SERP

Pixlogix Infotech

Introduction of Cybersecurity with OSS at Code Europe 2024

Hiroshi SHIBATA

I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems. The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS. Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application. I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.

Generating privacy-protected synthetic data using Secludy and Milvus

Zilliz

During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.

Trusted Execution Environment for Decentralized Process Mining

LucaBarbaro3

“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...

Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/ Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit. The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers. Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.

Nordic Marketo Engage User Group_June 13_ 2024.pptx

MichaelKnudsen27

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Dandelion Hashtable: beyond billion requests per second on a commodity server

Antonios Katsarakis

This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).

GNSS spoofing via SDR (Criptored Talks 2024)

Javier Junquera

In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security. This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing. The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.

TrustArc Webinar - 2024 Global Privacy Survey

TrustArc

How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024? In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores. See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe. This webinar will review: - The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey - The top challenges for privacy leaders, practitioners, and organizations in 2024 - Key themes to consider in developing and maintaining your privacy program

Digital Marketing Trends in 2024 | Guide for Staying Ahead

Wask

https://www.wask.co/ebooks/digital-marketing-trends-in-2024 Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.

leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...

alexjohnson7307

dbms calicut university B. sc Cs 4th sem.pdf

Shinana2

JavaLand 2024: Application Development Green Masterplan

Miro Wengner

Recently uploaded (20)

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

A Comprehensive Guide to DeFi Development Services in 2024

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

GraphRAG for Life Science to increase LLM accuracy

Building Production Ready Search Pipelines with Spark and Milvus

Taking AI to the Next Level in Manufacturing.pdf

Best 20 SEO Techniques To Improve Website Visibility In SERP

Introduction of Cybersecurity with OSS at Code Europe 2024

Generating privacy-protected synthetic data using Secludy and Milvus

Trusted Execution Environment for Decentralized Process Mining

“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...

Nordic Marketo Engage User Group_June 13_ 2024.pptx

HCL Notes and Domino License Cost Reduction in the World of DLAU

Dandelion Hashtable: beyond billion requests per second on a commodity server

GNSS spoofing via SDR (Criptored Talks 2024)

TrustArc Webinar - 2024 Global Privacy Survey

Digital Marketing Trends in 2024 | Guide for Staying Ahead

leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...

dbms calicut university B. sc Cs 4th sem.pdf

JavaLand 2024: Application Development Green Masterplan

The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

1. I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?

2. CLAUS CRAMON HOUMANN Head of IT & Infosec Consultant The Analogies contributor Twitter: @claushoumann

3. I CARE Therefore I joined the Cavalry

4. AGENDA •Vulnerabilities in connected devices (that matter) • Someone will fix it for us • Or not. Maybe we should be the Cavalry? • What are we doing • What you can do

5. Chapter 1 VULNERABILITIES IN CONNECTED DEVICES (THAT MATTER)

6. SECURE?

7. SECURE?

8. SECURE? HOW THEN ABOUT CRITICAL NATIONAL INFRASTRUCTURE?

9. OUCH! Stating the obvious: Everything connected is vulnerable and can/will be hacked

10. Chapter 2 SOMEONE WILL FIX IT FOR US

11.

12. Chapter 3 OR NOT……. .

13.

14.

15. Computers have security issues Cars have computers Security issues in cars are safety issues S L I D E O F S O M E R E C E N T O N E S - T H E Z U B I E : H T T P : / / W W W . A U T O B L O G . C O M / 2 0 1 4 / 1 1 / 0 8 / C A R - R E M O T E D L Y - H A C K E D - I S R A E L - C Y B E R - S E C U R I T Y / - M E D I C A L D E V I C E S

16. IT’S UP TO US TO MOUNT UP AND BE THE CAVALRY

17. Chapter 4 WHAT WE ARE DOING

18. HUMAN LIFE VS. DIGITAL LIFE Human Life Intellectual Property PII PHI PCI http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/ Mobile Malware Moving researchers left

19. 5-Star Framework Addressing Automotive Cyber Systems 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Connections and Ongoing Collaborations Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/

20. AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply

21. Chapter 5 WHAT YOU CAN DO

22. CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.

23. MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE

24. NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; I T ’ S T H E O N LY T H I N G THAT EVER HAS. - MARGARET MEAD ( A N A ME R I C A N C U LT U R A L A N T H R O P O L O G I S T )

25. SECURITY OF CONSEQUENCE http://iamthecavalry.org @iamthecavalry

Editor's Notes

SOURCE: http://www.startribune.com/business/225601262.html
A superhero to the rescue! We all love superheroes, right?
Security researchers are also working on the issue, in our shared domain. Goal: More informed decision-making, not supplant their judgment with ours

The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (13)

Similar to The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

Similar to The cavalry is us i tdays-luxembourg 2014.11.20 v1.0 (20)

More from Claus Cramon Houmann

More from Claus Cramon Houmann (6)

Recently uploaded

Recently uploaded (20)

The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

Editor's Notes