Category: Blog

Cyber Security Tid-bits

The technology behind cybersecurity


You can’t talk about cybersecurity without talking about technology and when engaging with policymakers it’s helpful for human rights defenders to understand the basic concepts of this domain but from a technical perspective water security actually mean popular conceptions of cybersecurity often focus on securing information and it underlying infrastructure information is the lifeblood of cyberspace from personal data to high-level state communication it flows through networks in huge quantities and is stored on devices and data centers it is subject to voluntary standards but without a central authority and in a rapidly changing environment these can be subject to change in cyberspace information is digital and intangible but it relies on an infrastructure which is physical from cables to servers routers to satellite connections data and metadata in cyberspace can be vulnerable at different points and be undermined in different ways it can be copied modified or made inaccessible or its origin could be faked a violation of authenticity violations of confidentiality integrity availability and authenticity can have different culprits it might be criminal activity a deliberate shutdown by government or even an accident these violations can undermine security in cyberspace but they also impact a range of human rights including privacy freedom of expression and freedom of information.

The border gateway protocol or BGP illustrates this well this refers to the set of rules which enables communications between large networks despite its central role in the functioning of the Internet it remains vulnerable to misuse or attack for example in 2008 Pakistan’s government ordered a local internet service provider to block YouTube in the country its attempts to do so resulted in a global outage of the video sharing website for two hours the ISP did this by exploiting a weakness in the border gateway protocol so that all traffic trying to get to YouTube went to the ISP instead as a result YouTube became unavailable vulnerabilities in the BGP routes can also be manipulated to intercept Internet traffic man-in-the-middle attacks work by redirecting large quantities of traffic to an unauthorized router if the data is unencrypted those controlling the Rueter can then monitor or tamper with it before sending it on its way without the owner of the data knowing anything has happened.

This undermines the principles of integrity and confidentiality but just as you can undermine these principles you can also preserve and strengthen them at the internet Engineering Task Force measures are under discussion to address weaknesses in BGP if finalized they could help make sure data goes to and originates in the right places and identify whether data is traveling on the right routes this makes it less likely that traffic will be inadvertently intercepted or blocked and will help make sure confidentiality integrity and availability and the human rights which depend on them are respected on a technical level security can also be built into products and services by design Apple and whatsapp’s adoption of default end-to-end encryption is a good example other tools include SSL TLS encryption of emails and certificate pinning in browsers the stakes couldn’t be higher today the internet isn’t just a communications network it’s a network for industrial control systems health care and in some countries even voting as our alliance on networked systems and technology increases the risks associated with insecure networks also increase the Internet of Things is about to usher in a whole new universe of connected objects this will pose huge challenges for both security and human rights.

A big part of the solution is technical as we’ve seen but it’s not the whole picture let’s look again at the incident in Pakistan after a few hours YouTube was restored at the global level by a technical fix but in Pakistan itself the censorship order didn’t go away and YouTube remain blocked there until the offending content was removed this shows that technical solutions are not enough security in cyberspace will only be possible with a holistic approach which means robust technical measures and standards bolstered by rights respecting policies and laws responsible business practices and education

As found on Youtube

Cybersecurity Quick Tips: Stop & Think Before You Click the Link

If every single person had the sixth sense to go “that doesn’t look right” I’d reckon we’d probably get rid of about 80% of our problems, it’s that 80% number again isn’t it And I say that because if we thought our passwords were bad if we thought that email looked dodgy, we’ve got rid of phishing attacks, social engineering attacks, password reuse issues, password stuffing, brute forcing, all that goes away.

And its a very simple thing to just go “this doesn’t look right, I need to behave differently.” In the UK we have this wonderful thing, the green cross code, fully across the road, stop, think, just stop, listen, think. What is it for cyber? Before you click that link you should go “this doesn’t look right, a man in Nigeria doesn’t want to give me $70 million dollars, I shouldn’t be looking at this, where is that? We need to stop, think before you click the link.

We need a buzz word phrase to get the population to then uplift and go “alright, now we’ll get rid of the big stuff.” .

As found on Youtube

Cybersecurity: Crash Course Computer Science #31

Hi, I’m Carrie Anne, and welcome to CrashCourse Computer Science! Over the last three episodes, we’ve talked about how computers have become interconnected, allowing us to communicate near-instantly across the globe. But, not everyone who uses these networks is going to play by the rules, or have our best interests at heart. Just as how we have physical security like locks, fences and police officers to minimize crime in the real world, we need cybersecurity to minimize crime and harm in the virtual world. Computers don’t have ethics. Give them a formally specified problem and they’ll happily pump out an answer at lightning speed. Running code that takes down a hospital’s computer systems until a ransom is paid is no different to a computer than code that keeps a patient’s heart beating. Like the Force, computers can be pulled to the light side or the dark side. Cybersecurity is like the Jedi Order, trying to bring peace and justice to the cyber-verse. INTRO The scope of cybersecurity evolves as fast as the capabilities of computing, but we can think of it as a set of techniques to protect the secrecy, integrity and availability of computer systems and data against threats.

Let’s unpack those three goals: Secrecy, or confidentiality, means that only authorized people should be able to access or read specific computer systems and data. Data breaches, where hackers reveal people’s credit card information, is an attack on secrecy. Integrity means that only authorized people should have the ability to use or modify systems and data. Hackers who learn your password and send e-mails masquerading as you, is an integrity attack. And availability means that authorized people should always have access to their systems and data.

Think of Denial of Service Attacks, where hackers overload a website with fake requests to make it slow or unreachable for others. That’s attacking the service’s availability. To achieve these three general goals, security experts start with a specification of who your “enemy” is, at an abstract level, called a threat model. This profiles attackers: their capabilities, goals, and probable means of attack – what’s called, awesomely enough, an attack vector.

Threat models let you prepare against specific threats, rather than being overwhelmed by all the ways hackers could get to your systems and data. And there are many, many ways. Let’s say you want to “secure” physical access to your laptop. Your threat model is a nosy roommate. To preserve the secrecy, integrity and availability of your laptop, you could keep it hidden in your dirty laundry hamper. But, if your threat model is a mischievous younger sibling who knows your hiding spots, then you’ll need to do more: maybe lock it in a safe.

In other words, how a system is secured depends heavily on who it’s being secured against. Of course, threat models are typically a bit more formally defined than just “nosy roommate”. Often you’ll see threat models specified in terms of technical capabilities. For example, “someone who has physical access to your laptop along with unlimited time”. With a given threat model, security architects need to come up with a solution that keeps a system secure – as long as certain assumptions are met, like no one reveals their password to the attacker.

There are many methods for protecting computer systems, networks and data. A lot of security boils down to two questions: who are you, and what should you have access to? Clearly, access should be given to the right people, but refused to the wrong people. Like, bank employees should be able to open ATMs to restock them, but not me… because I’d take it all… all of it! That ceramic cat collection doesn’t buy itself! So, to differentiate between right and wrong people, we use authentication – the process by which a computer understands who it’s interacting with. Generally, there are three types, each with their own pros and cons: What you know.

What you have. And what you are. What you know authentication is based on knowledge of a secret that should be known only by the real user and the computer, for example, a username and password. This is the most widely used today because it’s the easiest to implement. But, it can be compromised if hackers guess or otherwise come to know your secret. Some passwords are easy for humans to figure out, like 12356 or q-w-e-r-t-y. But, there are also ones that are easy for computers. Consider the PIN: 2580. This seems pretty difficult to guess – and it is – for a human. But there are only ten thousand possible combinations of 4-digit PINs. A computer can try entering 0000, then try 0001, and then 0002, all the way up to 9999… in a fraction of a second. This is called a brute force attack, because it just tries everything. There’s nothing clever to the algorithm. Some computer systems lock you out, or have you wait a little, after say three wrong attempts.

That’s a common and reasonable strategy, and it does make it harder for less sophisticated attackers. But think about what happens if hackers have already taken over tens of thousands of computers, forming a botnet. Using all these computers, the same pin – 2580 – can be tried on many tens of thousands of bank accounts simultaneously. Even with just a single attempt per account, they’ll very likely get into one or more that just happen to use that PIN. In fact, we’ve probably guessed the pin of someone watching this video! Increasing the length of PINs and passwords can help, but even 8 digit PINs are pretty easily cracked. This is why so many websites now require you to use a mix of upper and lowercase letters, special symbols, and so on – it explodes the number of possible password combinations.

An 8-digit numerical PIN only has a hundred million combinations – computers eat that for breakfast! But an 8-character password with all those funky things mixed in has more than 600 trillion combinations. Of course, these passwords are hard for us mere humans to remember, so a better approach is for websites to let us pick something more memorable, like three words joined together: “green brothers rock” or “pizza tasty yum”.

English has around 100,000 words in use, so putting three together would give you roughly 1 quadrillion possible passwords. Good luck trying to guess that! I should also note here that using non-dictionary words is even better against more sophisticated kinds of attacks, but we don’t have time to get into that here. Computerphile has a great video on choosing a password – link in the dooblydoo. What you have authentication, on the other hand, is based on possession of a secret token that only the real user has. An example is a physical key and lock. You can only unlock the door if you have the key. This escapes this problem of being “guessable”. And they typically require physical presence, so it’s much harder for remote attackers to gain access. Someone in another country can’t gain access to your front door in Florida without getting to Florida first. But, what you have authentication can be compromised if an attacker is physically close. Keys can be copied, smartphones stolen, and locks picked. Finally, what you are authentication is based on… you! You authenticate by presenting yourself to the computer. Biometric authenticators, like fingerprint readers and iris scanners are classic examples.

These can be very secure, but the best technologies are still quite expensive. Furthermore, data from sensors varies over time. What you know and what you have authentication have the nice property of being deterministic – either correct or incorrect. If you know the secret, or have the key, you’re granted access 100% of the time. If you don’t, you get access zero percent of the time. Biometric authentication, however, is probabilistic.There’s some chance the system won’t recognize you… maybe you’re wearing a hat or the lighting is bad. Worse, there’s some chance the system will recognize the wrong person as you – like your evil twin! Of course, in production systems, these chances are low, but not zero.

Another issue with biometric authentication is it can’t be reset. You only have so many fingers, so what happens if an attacker compromises your fingerprint data? This could be a big problem for life. And, recently, researchers showed it’s possible to forge your iris just by capturing a photo of you, so that’s not promising either. Basically, all forms of authentication have strengths and weaknesses, and all can be compromised in one way or another. So, security experts suggest using two or more forms of authentication for important accounts. This is known as two-factor or multi-factor authentication. An attacker may be able to guess your password or steal your phone: but it’s much harder to do both. After authentication comes Access Control. Once a system knows who you are, it needs to know what you should be able to access, and for that there’s a specification of who should be able to see, modify and use what. This is done through Permissions or Access Control Lists (ACL), which describe what access each user has for every file, folder and program on a computer.

“Read” permission allows a user to see the contents of a file, “write” permission allows a user to modify the contents, and “execute” permission allows a user to run a file, like a program. For organizations with users at different levels of access privilege – like a spy agency – it’s especially important for Access Control Lists to be configured correctly to ensure secrecy, integrity and availability. Let’s say we have three levels of access: public, secret and top secret. The first general rule of thumb is that people shouldn’t be able to “read up”. If a user is only cleared to read secret files, they shouldn’t be able to read top secret files, but should be able to access secret and public ones. The second general rule of thumb is that people shouldn’t be able to “write down”. If a member has top secret clearance, then they should be able to write or modify top secret files, but not secret or public files. It may seem weird that even with the highest clearance, you can’t modify less secret files.

But, it guarantees that there’s no accidental leakage of top secret information into secret or public files. This “no read up, no write down” approach is called the Bell-LaPadula model. It was formulated for the U.S. Department of Defense’s Multi-Level Security policy. There are many other models for access control – like the Chinese Wall model and Biba model. Which model is best depends on your use-case. Authentication and access control help a computer determine who you are and what you should access, but depend on being able to trust the hardware and software that run the authentication and access control programs. That’s a big dependence. If an attacker installs malicious software – called malware – compromising the host computer’s operating system, how can we be sure security programs don’t have a backdoor that let attackers in? The short answer is… we can’t. We still have no way to guarantee the security of a program or computing system.

That’s because even while security software might be “secure” in theory, implementation bugs can still result in vulnerabilities. But, we do have techniques to reduce the likelihood of bugs, quickly find and patch bugs when they do occur, and mitigate damage when a program is compromised. Most security errors come from implementation error. To reduce implementation error, reduce implementation. One of the holy grails of system level security is a “security kernel” or a “trusted computing base”: a minimal set of operating system software that’s close to provably secure. A challenge in constructing these security kernels is deciding what should go into it. Remember, the less code, the better! Even after minimizing code bloat, it would be great to “guarantee” that code as written is secure. Formally verifying the security of code is an active area of research.

The best we have right now is a process called Independent Verification and Validation. This works by having code audited by a crowd of security-minded developers. This is why security code is almost always open-sourced. It’s often difficult for people who wrote the original code to find bugs, but external developers, with fresh eyes and different expertise, can spot problems. There are also conferences where like-minded hackers and security experts can mingle and share ideas, the biggest of which is DEF CON, held annually in Las Vegas. Finally, even after reducing code and auditing it, clever attackers are bound to find tricks that let them in. With this in mind, good developers should take the approach that, not if, but when their programs are compromised, the damage should be limited and contained, and not let it compromise other things running on the computer. This principle is called isolation. To achieve isolation, we can “sandbox” applications.

This is like placing an angry kid in a sandbox; when the kid goes ballistic, they only destroy the sandcastle in their own box, but other kids in the playground continue having fun. Operating Systems attempt to sandbox applications by giving each their own block of memory that others programs can’t touch. It’s also possible for a single computer to run multiple Virtual Machines, essentially simulated computers, that each live in their own sandbox. If a program goes awry, worst case is that it crashes or compromises only the virtual machine on which it’s running. All other Virtual Machines running on the computer are isolated and unaffected. Ok, that’s a broad overview of some key computer security topics.

And I didn’t even get to network security, like firewalls. Next episode, we’ll discuss some specific example methods hackers use to get into computer systems. After that, we’ll touch on encryption. Until then, make your passwords stronger, turn on 2-factor authentication, and NEVER click links in unsolicited emails! I’ll see you next week. .

As found on Youtube

The State of Cybersecurity

You hello we’m John Ford with silicon angle news co-host of the Q we are right here regarding ground in Santa Clara Ca Centrify head office with Tom campus CEO of Centrify and param kept Akari that’s the co-founder and senior other IC internet protocol address which is the Institute of critical infrastructure technologies right here to mention security discussion guides welcome to the cubes regarding ground thank you great become right here great to see you again Tom yeah positively about we understand your success and apparently gum cloud is hot we had been simply in DC with Amazon Web solutions public sector summit and it’s gotten more to the point in which cyber is regarding front discussion in political discussion regarding commercial part plus incidents happening daily simply simply this past thirty days HBO Game of Thrones has been out i jacked and went we guess that’s ransomware theoretically attack the tie profile but situation after situation of visible in market yeah fine regarding commercial part public sector part no one understands exactly what’s happening why is security evolving slow now why is it going faster can you dudes mention hawaii of the security market.

Yeah well you understand we think first you must examine the landscape we mean our public and private sector companies are being pummeled daily by nation-states mercenaries cyber criminals script kids cyber jihadis and they’re exploiting vulnerabilities being inherent in our antiquated legacy systems being put together by you understand with the Frankenstein you understand system plus devices and systems and apps being built without security by design and we’re seeing the results as you stated right we’re seeing an inundation of breaches on a daily basis and many more that we cannot hear about we’re seeing weaponized information Susan being weaponized and utilized against us to make us question the integrity of our democratic procedure and and we’re seeing now arise and consider exactly what could be the outcome of a cyber kinetic event which fundamentally in worst situation situation could have a losing life so we think as we mention cyber and exactly what its we’re attempting to achieve as a community we fundamentally have a duty to raise the discussion making sure it’s perhaps not an option but its important yeah no look we mean right here we are in a situation in which the industry is investing near 80 billion dollars a year and it’s growing 10per cent but the range attacks are increasing much more than 10per cent and as parm you understand we literally had an election impacted by cybersecurity it’s regarding front page with HBO etc and we think that we’re now in a situation in which we should rethink exactly how we do security in as enterprises and it’s also people and it seemed you thought that simply HBO dual federal government.

You talked about that simply the chaos goes on in America you very nearly cannot understand what you cannot understand and with with the whole news period going all around this but this Quebec this idea of critical infrastructure we love that name you have inside title we CIT Institute of critical infrastructure because truly the federal government has has critical infrastructure there’s been bridges and roadways and whatnot they’ve had the DNS servers has been some critical infrastructure to the airports and whatnot but the company’s of could of limpa trust used to be leading door and their information center now a cloud no perimeter we’ve mentioned this regarding cube before you start to alter the idea with critical infrastructure therefore we guess Parham what’s a grid of literature should mean from a public and commercial perspective.

Tom you’ll mention it and exactly what’s the priorities the organizations and federal government to figure out exactly what’s the order of operations getting to the bottom of making sure really safe yeah it’s interesting it’s a great question you understand whenever people think about critical infrastructure as legacy technology or legacies you understand it’s roadways bridges dams but if you examine the Department of Homeland protection they have 16 sectors they are tasked with protecting includes healthcare finance power communications right so as we see technology start to become more and more ingrained in all these different sectors and we’re perhaps not simply discussing information we’re discussing ICS information systems a digital attack against anyone of these critical infrastructure sectors can have varieties of outcomes whether you’re discussing a commercial sector organization or the federal government.

You understand among what we constantly mention is it’s really the value of elevating the discussion as we talked about early in the day and and placing security before profits we think fundamentally we’ve gotten to the situation because a lot of organizations do a cost-benefit analysis therefore you understand exactly what maybe in medical sector and fundamentally it’ll be cheaper for me become breach pay my fines handle potentially also losing to brand name you understand it’s up to my brand name and terms of brand name value and that’ll be cheaper than investing exactly what we must to protect my clients and their information and that’s the incorrect method to examine it we think now as we had been discussing this week the cost of all this goes greater which will assist but we think we must start seeing as fundamental brain change and exactly how we are prioritizing security as we talked about early in the day it’s perhaps not an option it must be a requisite yeah we think exactly what we’re seeing now’s in years past the hackers would get at some bits of information but now we’re seeing with HBO with Sony they can strip-mine a whole business write about business we mean exactly the money they’re doing with ransomware would seem slightly greater profile ransomware we mean there’s a specific business outcome right here.

It’s perhaps not searching good they get out of business oh positively so Centrify we just recently sponsored a study and nowadays if you announce you got breach and you must announce because you must inform your investors you must inform your customers your stock drops normally 5per cent in everyday so we’re discussing billions of dollars of market capitalization that can disappear completely with the breach too so we’re beyond it’s like oh they sold some information we’ll distribute a we’ll distribute a page to our customers and we’ll give them free experience for a year or something like that now it’s like your internet protocol address all content and in John we think you raised an excellent point too regarding the government it’s nevertheless about the infrastructure being real things and naturally with online of Things it’s now connected to the online so it’s really frightening that a bridge can flip open by some man in Ukraine or Russia you understand fiddling it with it however with enterprises it’s less and less real the shop and we’re now going through this massive change to the cloud and more of your internet protocol address is managed and operate it’s the complete d perimeter ization that makes things more complicated something you talked about the commercial aspect of it with the connection because this is a real issue with self traffic vehicles this is anyone’s brain we’re simply addressing us content addressing Ford’s occasion yesterday in San Francisco again it sees problem unpacking in vehicles therefore commercial commercial IOT starts up again the area but this kind of brings the question down to customers.

you dudes have more organizations or governments exactly how do they be resilient exactly how are they exactly how do they place steps in spot because you understand simply chatting to some one who operates a major port in US and issues there are maritime right therefore you mention automobile infrastructure container vessels demonstrably worried about terrorism other things bad things happen but simply the basic IT infrastructure is Neanderthal it’s like 30 years old yeah so you have legacy infrastructure as you talked about but organizations have legacy how do you balance in which you are exactly how do you understand the progress club of your security exactly how do you understand things you must put in place exactly how do you get to resilience yeah we but see we think there also must be a rethink of security because the traditional methods people did it had been protecting the perimeter having anti-virus fire walls at cetera but things have really changed so now exactly what we’re seeing is identification became the the atop attack vector planning so if you examine all these hacks and breaches it’s the stealing of usernames and passwords so people are doing a good job of therefore the hackers are social engineering the users so kind of a focus requires the change of securing the old perimeter to targeting securing the user is it really John Fourier attempting to access email can we leverage biometrics in this and attempting to move to the concept of zero trust model and in which you must can’t trust the system can’t trust the ip but you must factor in a lot of different Africa eyes simply follow a tale about blockchain did we have a lot of blockchain immutable constantly encrypted no-pocalypse which are yeah this is regular wall whenever they shop them.

Like now we have that encrypted information fine this is the hackers are fast therefore again right back to organizations because they have to place they have shareholder issues or they have some business governance issues in the times of moving train exactly how does the federal government offer support exactly how do organizations place it in spot one thing you’ll do yeah well from there’s a few things you’ll examine first you understand as a think-tank we are active on money while working with users of both majority majority edges who’re earnestly proposing bipartisan legislation which provides meaningful motion ahead to secure and address some of the issues you’re discussing senator Markey recently released the cyber shield act with creates a kind of rating right for an unit kind of like the Energy Star and in power sector therefore simply this week we stated he released a paper in support of an amendment by Senator Lindsey Graham which really addresses the inherent vulnerabilities in our election systems right therefore there’s a lot of good work being done and that really goes to the core of exactly what we do and reason that we’re partnering together we see we see is in the business of educating and advising we released research we make it easily available we cannot think in commoditizing information we think in liberating it therefore we get into hand as people possible and we get this objective research and utilize it as a stepping stone to educate and to advise and it could be through conferences could be through events because we through conversations with the news but we think this educational procedure is really critical to start to alter the brain assuming we can increase that we think exactly what really must be done with security is better information sharing and it’s it’s with other governments and enterprises being under attack sharing that information as opposed to just having it for themselves and their advantage and also exactly what’s needed is better knowledge of exactly what are top methods that must be done to better protect both federal government and enterprises because we want to shift gears and mention cyber connected and which is approaching in November an industry occasion you dudes are sponsoring.

Centrify would you dudes are also involved in spreading the content program Jenna dependent occasion is targeted on industry perhaps not as an gentrifying group we want to place you in spot before we get to the sent the cyber connect occasion yeah you talked about the elections exactly what’s the basic that we’m Silicon Valley so i’ll ask the question because you’re in trenches down in DC what’s the basic sentiment in DC now because we had been explaining to my son the other day of like yeah the questions most likely hacked everyone so theoretically the election falen for that marketplace Basket evacs therefore maybe they did hack your self so it’s we’m simply hand waving that but it most likely makes feeling the question is exactly how genuine is the hacking risk in minds of the folks in DC around Russia and potentially Asia in this area.

We think the the risk is positively genuine but we think there’s become a huge difference between news on both edges politicizing the discussion there’s a huge difference between somebody planning and really you understand changing your vote from one part to the other additionally the discussion about the weaponization of information and exactly what we do understand that Russia does with regards to having armies of trolls available who’re with fake pages and are producing full conversations and sneering general public sentiment of perception in instructions that maybe had beenn’t currently there so we think component of the hysteria that we see we think we’re afraid and we have a right to be afraid but we think using the emotion and politics out of it and really doing forensic assessments on an objective perspective to understand exactly what certainly goes on we are having our information taken there is a danger that a nation-state could perform a very high impact digital attack that a losing life we do understand that international states are trying to affect the outcomes of our democratic processes we think it’s essential to understand though exactly how are they doing it and is exactly what we’re reading about certainly exactly what’s happening kind of regarding streets and that’s in which the commercial thing you’re kind of tying together top lobster why possible utilizing digital as an attack vector into something that could have a real and openly why yeah we covered also that tale that had been released on a fake news infrastructure it’s perhaps not simply the content they’re making up it’s really the infrastructure now fake news bottom nets and whatnot we think micro penned a tale on us in which they really detailed you could you’ll smear journalist 240k.

Yeah he’s frequently available being built for particularly these counter programs added service you understand gonna forum regarding deep web and you can contract these types of things out we mean that’s it we’re available and exactly what do you tell your typical United states buddies you state hey having a cocktail whether you’re at supper exactly what’s happening with security exactly what do you state something you should be worried relax but we’re on it exactly what’s the message you share with your friends beingn’t in industry personally we think the message is you understand you must be vigilant you must may be annoying but you do must exercise good cyber hygiene think about your passwords think about what you’re sharing on social news.

We also talk and personally believe that some of these things wont alter unless we as consumers change what’s acceptable to us if we stop buying devices or systems or apps considering the convenience that brings to our everyday lives and we state we’m perhaps not gonna purchase that car because we cannot understand if it’s safe enough for me you’ll see industry modification rapidly so human being behavior is critical positively definitely a piece of it alright guys therefore exciting occasion approaching the cube are addressing cyber connect occasion in November the date we think November 6 or 7 to 6 & 7 in nyc’s grand ia mention the curriculum because this is a unique occasion in which you dudes are attracting your sponsorship to the table for providing an innocent open industry occasion mm-hmm exactly what’s the curriculum exactly what’s the agenda.

Exactly what’s the purpose of the occasion yeah fine we’ll take it yeah we mean historically like other security vendors we’ve had our users conference right and exactly what we found is as you alluded to that simply must be better training of exactly what’s happening so as an alternative of simply restricting it to us chatting to our customers about us we should broaden the discussion so that’s why we introduced we CIT to really assist us broaden the discussion.

Raise more awareness and visibility for exactly what must be done therefore this is a pretty unique seminar because we’re having a lot of CISOs from some incredible enterprise plus federal government general Alexander the type of the cyber security demand is a keynote but we have the CEO of Aetna Blue Cross involved too so we want to raise awareness in terms of exactly what are top methods exactly what are the leading minds contemplating security and in parallel also for our customers we’re going to have a parallel track in which if they want getting more product concentrated technology therefore this is not Centrify occasion this is an industry occasion you understand blackhat is great RSA is great but it’s really more of the kind of the bits and bytes are very narrow but right here’s the but you’re just an identification player yeah there’s a bigger issue exactly what about these other issues will you simply get a little there we get yeah please stand it hello there’s an identification or is it more well it positively is many this is among the reasons simply at a macro level of the work that we’ve done with Centrify for several years now you understand we have shared equivalent philosophy that we have a duty as experts in cyber space to move a ahead and to really uh yes in very nearly a cybersecurity Renaissance if you’ll so this is really the vision behind cyber Connect.

So if you examine the curriculum we’re discussing business espionage and exactly how it’s impacting commercial companies we’re discussing the role of machine learning based synthetic cleverness we’ll be discussing the value of encrypting your information about security by design about exactly what’s happening with the botnet epidemic that’s available therefore there absolute are a really balanced program and it is again driven and grounded because research at id CIT is placing out in relationships that we have with of these key players therefore Institute of critical with the framework technology the think tank they’ve gear the co-founder of has those world you bringing that broad agenda to cyber connect right that’s proper positively therefore this is awesome congratulations we reached ask regarding idea leadership part you dudes were working together can simply mention your relationship between Centrify and high CIT that’s your independent you dudes are a vendor so exactly what this relationship why it’s therefore essential to this occasion well positively we mean look as a protection vendor you understand a lot of big portion of security vendors sell into the the US government and through those conversations that a lot of the CISOs at these governments had been pointing us to these we see IT dudes right and we got awareness and visibility through that and it had been like they had been simply doing great stuff in terms of discussing yes Centrify is a leading identification provider but people want for a complete solution and seeking a balanced method to examine it so we felt that it is a great opportunity to partner with these dudes so we sponsored occasion they did wintertime summit and then and they did such a great job and content had been amazing individuals they’d that we stated you understand exactly what make this more of a general thing and let’s simply let’s be in the background assisting enhance this but let the people you understand hear about this good information identified town model no because this is really exactly what’s works.

You reached enable your allowing this discussion and above ever in streets with love getting your perspective on this is there’s an ethos developing has been developments expanding aggressively kind of open source on one part but protection’s about information sharing you talked about it’s positively supporting standpoint it’s more of a statutory filing but right here because security space is extremely communicated they’ve talked to each other and there’s a trust relationship therefore you’re basically bringing an independent occasion you’re funding it yeah positively it’s perhaps not your again it’s that an independent occasion positively yeah so we mean Kahn stated it very well you understand as an Institute we count regarding cap financial money that comes in from our lovers like Centrify so we would be unable to deliver at a major the value that we do to the legislative community to federal agencies available sector and Institute’s researches being shared on NATO libraries and embassies around the world therefore we mean this is it it’s a really an international procedure that we have so whenever we mention layered security right we’re perhaps not into a silver bullet solution a lot of you understand movement experts available state I have the answer we understand that there’s a layered approach must be done Centrify they have a technology that plays part because but more essential of that for us is they share that same philosophy and we do see ourselves of being capable usher in modification that’s needed to move everything ahead so it’s been integrating we have a lot of lot of plans regarding next two years ahead you understand that’s great work you bring some great content to the table that’s exactly what people want and they they can see that’s allowing it such great business model for everybody we reached ask one question though about your business we love the clinical infrastructure focus and we like your value you dudes are bringing but you dudes have this other program can you mention this though you’re component of the fellows yeah well an unlevel and we want to state accreditations not good presence.

it’s a badge so it’s a club you dudes understand that’s perhaps not as lame the other from that’s a great question on Institute that we have a core team of experts who represent different technology niches they constitute our other program so as we discussed earlier whenever we’re placing out research whenever we’re educating the news whenever we’re advising Congress whenever doing the work of the Institute we’re constantly switching right back to our other program users to provide some of that research and expertise and and sharing you understand perhaps not simply providing financial money but really bringing that idea leadership to the table Centrify is part of our Fellows Program so we’ve been working with that for several years it’s really exclusive and there’s a procedure you must be introduced in by existing other program member we have a lot of needs but it really comes down to do you understand exactly what we’re attempting to achieve do you share our same mission our same values and can you be part of this elite community that we’ve built so you understand centra pfizer a big component of that and cloud Asti is accelerating everything offering cloud action truly inside space and we understand exactly what’s happening our world yeah positively we’re also moving a zillion miles an hour it’s like literally moving train therefore congratulations cyber link a vent in November great occasion check it out the cube are there we’ll have real time coverage we broadcast and be documenting all action and delivering Theon the qrc Silk’n angle comm and John for a year here at Centrify headquarters in Ca in Silicon Valley thanks for viewing

As found on Youtube

The Importance of Cyber Security


As found on Youtube

Is Your WordPress site safe yet?

Protect your website and data from hackers and botnets in just 60 seconds using the world’s first 3 click security dashboard, it works around the clock and protects you from hackers botnets spyware viruses Trojans and more for a special one-time price that is not to be repeated.

The first step is just to copy and paste a snippet of code. And this will activate your website so you can monitor what types of threats occur.  You will get alerts via email or text messages that would alert you to these attacks in real time.

So this includes security like DDoS monitoring, blocking my SQL injections, stopping brute-force, crawl BOTS and virus tracks as well.

it’s just a piece of code, not a wordpress plugin or huge software that you have to download and upload It’s a Simple code and the size of that code is in kilobytes So it’s not going to slow the website.

There will be a snippet you want to copy onto your website . You’ll be able to see the visitors the total visits and also monitor  against DDoS them and then after that you want to notify you can put in your email address here and you can also put a phone number here and hit safe

Finding a  fake WP scanner  tracks Network changes, which is a usually an indicator of a threat, of a fighting scat scanner. So it’s a safeguard against, these type of attacks. Peace of mind regarding prevention of clickjacking  Cookie theft scanner to guarantee your affiliates to get their cookies that won’t be stolen. So if you’re finding the attacks coming from a specific IP and it will tell you via email so you can click ban IP and that IP address will not be able to access your website ever, which is pretty amazing. It’s so hard. These guys are so knowledgeable in hacking. A little help is always useful.

More about secure websites


The Best Personal Defense Tools and How to Use Them

A little bit of preparation, a few tools, a little bit of knowledge can make you safe, or you could walk out there and roll the dice.
I’m James Williams. I design knives and personal defense tools for CRKT. I teach close quarter battle to police and military. I teach civilian personal defense and edged weapon use. Personal defense isn’t about fighting. If you’re already in fighting, you’ve made a series of mistakes. You park your car during the day and you come out after dark, it’s not the same place anymore. So as you start moving through, you just look what’s possible?

Could somebody hide here or could they be there? The biggest thing is awareness. The single best tool is the tactical flashlight. As you can see down some of the streets, it’s dark. You could walk by something you couldn’t see in to and somebody could come out of there. You never walk by a dark hole. You always light it up before you get there. I don’t want to walk past it not having to clear it. So bad guy. So you can see this light is enormously bright.

The other thing is, if you shine the light in someone’s eyes, it completely removes their vision. You can’t see anything other than the light. Okay Even if they’re threatening you, keep it in their eyes. Most of the time they won’t close. If they’re going to approach, they still can’t see. Pens are really valuable defense tool because one designed properly, you can carry them everywhere. Easy to use, writes very well, and if you need it as a force multiplier, it’s a very effective tool.

Aircraft grade aluminum, so it’ll penetrate, it’ll break bones You know and you’d grasp it, like this in an ice-pick grip or you’d hold it like this to thrust. Okay, between your fingers okay, so that’s an icepick grip so Yes to thrust – boom. Because if you’re that close, this is serious now. So you hit them hard. It’ll go in, which is good. And it’ll hurt like heck more than a knife does because it’s not sharp. It’s sharp enough to penetrate, but it hurts and what we want is, shock disengagement right so that you can get away. It’s not your job to engage people. If I grabbed you to hold you and you took that pen in an ice-pick Grip and you hit me on the back of the hand. If you hit hard you can feel on yourself that’s going to break bones is going to cause an enormous amount of pain a lot of nerves. Keep the light in there eyes and keep hitting them. You know like right behind the clavicle. Up in the neck. Okay keeping the light in my eyes with one, okay?

Okay, and just really going to work with the pen until they quit. We don’t swing the light at people to hit them. Okay, I’d very much disagree with that. Okay, once I start swinging the light on or off you have an option or possibility of blocking it. If I continue to blind your eyes, everything else I do from behind that light you can’t see. So when you approach your car, always have your flashlight in your hand. And then your keys that you want to hold it like this So that you could then if somebody grabbed you, you just drill them in the hands, or if they grabbed you instead of the hand, just drill them right in the face. Eyes. Drill them in the throat. Okay, they feel nice and solid so you could hit no problem. It’s gonna be at soft tissue as much as possible anyway. Once you have to engage, let out the inner You keep the light in his eyes, bring the pen out… Now leave the light here. Take a step to your right but relax so the light stays where it is. But leave the light here. Okay, so what I want you to do is, look at this if I hold the light here and I step and it’s in your eyes, you still think I’m here. Okay, so you keep it in his eyes. Okay. Light in his eyes. Shine it. Push in. Okay, step to your right, leaving the light here, and then see you’re at an angle. Yes Go ahead and make that motion several times because you’re going to light him up. Because all he sees is the light. If it’s in his eyes. He has no idea that you move sideways So we have several things: you can’t see, surprise, shock, pain. When I teach people to use knives, the knife is not used as a tool to intimidate people. It’s not flashed around.

The bad person should not see that knife until they’re feeling it. This is a weapon of last resort for civilians. Do not use it unless it’s absolutely necessary, and if it then gets down to serious business. Don’t buy the B.S. that, “Oh they’ll take it away from you and use it on you.” Because you’re going to be in banshee mode, and the only thing that they’re going to get is the business end of things, right? Pen and knife are used almost the same way Using this, hold it this way with the edge towards you so that you could…Because it’s a small blade. You can’t slash a lot with a blade this small. It just doesn’t have contact enough. Put your thumb over there you go and just If you are in real danger, then you just let it go Okay, anything that touches you first and then, unless he runs away, you just keep whacking him until he’s either down or he runs away. Most importantly I feel empowered to defend myself. I guess it’s not that hard to have the right tools with you at all times, and with very little instruction, can defend yourself.

Privacy Preference Center