A short overview of content theft I presented at Sectalks Perth back in November 2017. Thanks to the sectalks crowd especially @NHardy and @s4gi_ for their assistance.
Cybersecurity legislation in Singapore (2017)Benjamin Ang
Reviewing the Personal Data Protection Act (PDPA), Computer Misuse and Cybersecurity Act (CMCA), and the draft Cybersecurity Act Cybersecurity Bill of Singapore, correct up to November 2017
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.
Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.
Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
Slides from webinar offered by Acme Packet and the SIP School on securing unified communications borders with Acme Packet. To watch recorded webinar or download slides, visit : http://tiny.cc/securingUC
Cybersecurity legislation in Singapore (2017)Benjamin Ang
Reviewing the Personal Data Protection Act (PDPA), Computer Misuse and Cybersecurity Act (CMCA), and the draft Cybersecurity Act Cybersecurity Bill of Singapore, correct up to November 2017
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.
Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.
Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
Slides from webinar offered by Acme Packet and the SIP School on securing unified communications borders with Acme Packet. To watch recorded webinar or download slides, visit : http://tiny.cc/securingUC
Security For Business: Are You And Your Customers Safewoodsy01
This presentation takes a look at issues affecting cyber-security. It also covers some of SHBO Technologies\' capabilities of supporting and protecting clients.
Cloud security From Infrastructure to People-wareTzar Umang
Understand Cloud Security in every level from infrastructure to people ware via understanding threats, hardening your servers and creating policies that will users be guided on securing themselves.
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
SecureWeb3 Case Study: Building a Future-Ready Cybersecurity Strategy. Discover how our product management approach leveraged customer analysis, stakeholder engagement, competitive analysis, and data-driven insights to develop a comprehensive cybersecurity solution for the decentralized future. From enhanced blockchain security to trustworthy Web3 identity verification, we prioritized scalability, user experience, and privacy to meet market demands and exceed customer expectations.
Oct 23rd 2014 Offices of Arthur Cox - Presentation by Paul C Dwyer CEO of Cyber Risk International outlining a high level overview of the holistic cyber threat landscape in 2014
Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast
The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
Gowlings partner Paul Armitage discusses what is and isn’t unique about contracting for cloud services; key terms to look for and the differences between cloud and traditional IT services contacts; what to look for in a cloud services provider and its contract; storing data in the cloud; and tips and best practices for cloud services procurement.
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
Equipped with PRISM, a live database of over 40,000 International Revenue Share test numbers, XINTEC is your perfect ally in the fight against International Revenue Share Fraud (IRSF) attacks.
International Revenue Share test numbers are numbers provided by a reseller to test that a revenue share destination and number range can be connected from a calling location. These test numbers are extremely valuable if used in a “hot list“ to alert CSP’S of a possible or pending lRSF attack.
Please browse through the slideshow for more information.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Security For Business: Are You And Your Customers Safewoodsy01
This presentation takes a look at issues affecting cyber-security. It also covers some of SHBO Technologies\' capabilities of supporting and protecting clients.
Cloud security From Infrastructure to People-wareTzar Umang
Understand Cloud Security in every level from infrastructure to people ware via understanding threats, hardening your servers and creating policies that will users be guided on securing themselves.
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
SecureWeb3 Case Study: Building a Future-Ready Cybersecurity Strategy. Discover how our product management approach leveraged customer analysis, stakeholder engagement, competitive analysis, and data-driven insights to develop a comprehensive cybersecurity solution for the decentralized future. From enhanced blockchain security to trustworthy Web3 identity verification, we prioritized scalability, user experience, and privacy to meet market demands and exceed customer expectations.
Oct 23rd 2014 Offices of Arthur Cox - Presentation by Paul C Dwyer CEO of Cyber Risk International outlining a high level overview of the holistic cyber threat landscape in 2014
Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast
The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
Gowlings partner Paul Armitage discusses what is and isn’t unique about contracting for cloud services; key terms to look for and the differences between cloud and traditional IT services contacts; what to look for in a cloud services provider and its contract; storing data in the cloud; and tips and best practices for cloud services procurement.
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
Equipped with PRISM, a live database of over 40,000 International Revenue Share test numbers, XINTEC is your perfect ally in the fight against International Revenue Share Fraud (IRSF) attacks.
International Revenue Share test numbers are numbers provided by a reseller to test that a revenue share destination and number range can be connected from a calling location. These test numbers are extremely valuable if used in a “hot list“ to alert CSP’S of a possible or pending lRSF attack.
Please browse through the slideshow for more information.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Similar to The enterprise of subscription tv piracy (20)
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Essentials of Automations: Optimizing FME Workflows with Parameters
The enterprise of subscription tv piracy
1. The enterprise of
subscription TV piracy
A mid level overview of (DVB) Digital Video Broadcasting content theft
Presented at Sectalks (Perth)
November 7 2017
By Sabastion F
2. Introduction
The purpose of this presentation is to provide an end to end awareness
of encrypted satellite and cable tv piracy. Also includes bit of technical
history and where it is heading with the current advancement of
technology.
We will be touching on common InfoSec elements including
• Reverse & social engineering
• Criminal organizations
• Investigations
• Operational security, from both vendor and content providers
3. Disclaimer
• I am NOT
• A lawyer
• A criminal profiler, investigator or any member of law enforcement
• An employee or advocate for any content protection service
• Commissioned to conduct research on any content protection
systems
• IMPORTANT
This presentation is not an endorsement or meant to encourage the attempted
circumvention of encrypted DVBS content. It is designed to explain piracy and
anti piracy techniques used in the realm of piracy and cybersecurity as well as
social drivers that support this industry.
4. Your Presenter
Who Am I
• A telecommunications and IT technician
• Work in the telecommunications industry for a large part of my
career and specializing in satellite communications and network
infrastructure.
• According to my partner - On the spectrum and have a overactive
tendency for reverse engineering. Which includes the kids toys.
• Currently working towards a career in information security
5. Summary of what were going to cover
• Basics of satellite broadcasting
• General overview of DVB content encryption and decryption
• Introduce the players
• The common criminal enterprise
• Counter measures
• The effects of DVB content piracy
6. Public acceptance of content theft
Homer: [reading the "So You've Decided to Steal Cable"
pamphlet] So you've decided to steal cable. Myth: Cable piracy
is wrong. Fact: Cable companies are big faceless corporations,
which makes it okay.
7. Captain Midnight Vs HBO - 1986
The HBO uplink hijack on Galaxy 1 was to protest against charges for access to
scrambled satellite channels by HBO
9. Receiving Equipment
• Satellite Antenna / Dish
• Satellite receiver with a (CAM) conditional access module or
embedded decryption module
• Subscription smartcard
• Television
10. Encrypting the content
• DVB or Digital Video Broadcasting uses Common Scrambling
Algorithm (CSA) to encrypt or scramble the channels.
11. Decrypting the content
• The CSA algorithm uses 64 bit decryption. Different proprietary
decryption systems also implement additional encryption such as
RSA, AES and 3DES during the key exchange.
12. The players
Team 1
1) Pay TV Provider
2) Content protection service
3) Subscriber ( you)
4) Installation technician
14. The players
Team 3
1) Law Enforcement
2) Internal and external investigators
3) Content protection services – OPSEC
4) Security research teams
5) Anti Piracy organizations such as CASBAA & ASTRA
15. The Criminal Enterprise
• Criminal enterprises heavily invest in stealing research or
purchasing solutions for which they can easily implement.
• The target service is usually one that has the largest exploitable
audience with the highest quality content including first release
movies, sports and ppv. Bundling stolen content from multiple pay
tv services from different satellites is also common.
• They sell the equipment to access to the stolen content for a
fraction of the cost, planning for fast and high number of sales,
basic ROI.
• Generally these criminal groups will be run by a single figure,
sometimes a larger syndicate will fund the activity provided there is
a guarantee of isolation from prosecution when they are caught.
16. The Criminal Enterprise
• Depending on the legal penalties in the country for piracy, the
business model could be to make 3Mil$ over the life of the
activity and then take a 1Mil$ fine and minor or suspended jail
time when convicted.
• The money from piracy in larger syndicates go into supporting
other illegal activities such as drugs, prostitution etc..
• The whole activity will be structured in some form of a
legitimate business, with multiple supporting companies both
with legal and illegal intent.
• Some organizations would make 15-25k a weekend selling new
or reprogramming smart cards after counter measures were
initiated by content providers.
18. Exploit the technology
• Card Cloning
Ongoing cost to replace card or reprogram after key updates or
implementation of anti piracy counter measures. Pirates often omit
details from the card to ensure it does not update during a counter
measure from the content provider.
19. Exploiting the technology
• IKS (Internet Key sharing) – Ongoing subscription by sharing the
control word and IPTV streaming.
IKS CW
Server
INTERNET
DVB
Descrambler
Tuner
Satellite
Input
MPEG-2
Decoder
DVB
Descrambler
Tuner
Satellite
Input
MPEG-2
Decoder
IPTV
Server
INTERNET
Streaming client
Streaming client
Streaming client
Streaming client
Streaming client
Streaming client
20. Exploiting the technology
• Streaming technology with ongoing subscription fee
• Live stream via social media
• Embedded STB with 3rd party plugins
21. Developing counter measures
For effective counter measures to be developed requires the
collaboration of several groups
• Pay TV Content provider engineering and anti fraud departments
• Content encryption provider engineering group
• State & international Law enforcement
• Private investigation of key criminal individuals and groups
• Infiltration of online forums
• Examples of the cards, devices and IP addresses of IKS servers and
clients
22. Counter Measures
• By purchasing a cloned pirate smartcard during investigations and
extracting the details, content providers can turn off large quantities
of cloned pirate cards by simply turning off the original card
• Other counter measures can be targeted at specific emulated chip
sets and not effect the paying subscriber base
23. Counter Measures
• To assist identifying Illegal streaming sources, counter measures like
this one identifies the user of the box by displaying the serial number
of the smartcard, decoder or UID which can then be immediately de
activated
24. Counter Measures
• Streaming by social media can be a little simpler such as this recent
case where the user streamed it under his own social media account.
25. Where is this all going
• The subscription TV industry has made some fundamental mistakes
since the 80s which can be used as lessons as new IOT technology
evolves.
• Cyber security professionals are now becoming an integral part of the
analysis, investigation and forensic aspects of the subscription
industry to improve encryptions systems, protecting the client
contents and battle the ongoing illegal content redistribution.
• Satellite subscription TV piracy is a cat and mouse game.