Podcasts about mitigations

We've written a new report on the threat of AI-enabled coups. I think this is a very serious risk – comparable in importance to AI takeover but much more neglected. In fact, AI-enabled coups and AI takeover have pretty similar threat models. To see this, here's a very basic threat model for AI takeover: Humanity develops superhuman AI Superhuman AI is misaligned and power-seeking Superhuman AI seizes power for itself And now here's a closely analogous threat model for AI-enabled coups: Humanity develops superhuman AI Superhuman AI is controlled by a small group Superhuman AI seizes power for the small group While the report focuses on the risk that someone seizes power over a country, I think that similar dynamics could allow someone to take over the world. In fact, if someone wanted to take over the world, their best strategy might well be to first stage an AI-enabled [...] ---Outline:(02:39) Summary(03:31) An AI workforce could be made singularly loyal to institutional leaders(05:04) AI could have hard-to-detect secret loyalties(06:46) A few people could gain exclusive access to coup-enabling AI capabilities(09:46) Mitigations(13:00) VignetteThe original text contained 2 footnotes which were omitted from this narration. --- First published: April 16th, 2025 Source: https://www.lesswrong.com/posts/6kBMqrK9bREuGsrnd/ai-enabled-coups-a-small-group-could-use-ai-to-seize-power-1 --- Narrated by TYPE III AUDIO. ---Images from the article:

Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's ChatGPT infrastructure (CVE-2024-27564), leading attackers to redirect users to malicious URLs. He also talks about how researchers at Tiny Hack have made breakthroughs in cracking Akira ransomware using high-powered GPUs, and Malwarebytes' warning about malware embedded in free online file converters. The episode highlights the importance of robust cybersecurity measures, innovative methods to combat ransomware, and cautious internet usage. 00:00 Introduction to Cybersecurity Threats 00:19 Exploiting ChatGPT Vulnerabilities 02:15 Cracking Akira Ransomware 05:01 Malware in Free Online Converters 07:12 Conclusion and Listener Support

Dark Skippy is a new attack that in theory, makes it much easier for a malicious person to steal your coins. Listen in to learn about some of the ins and outs here, as well as mitigation and the path forward for the industry from @utxoclub , @LLFOURN & @robin_linus .  Why air gapping is not the be all end all Dark Skippy in context with other attacks Security while signing transactions, and security while generating keys RFC6979 Deterministic nonce generation Updating PSBT to help mitigate this attack Summary The conversation discusses the ‘Dark Skippy' attack, a new method for leaking secret keys from a malicious signing device. The attack takes advantage of the nonces used in the Schnorr and ECDSA signature schemes. The new attack vector can potentially extract private keys and seed words from hardware wallets. The attack targets the nonce generation process during key generation and signing. The previous versions of this attack were inefficient, but Dark Skippy improves upon them. The contributors explain how the attack came about and its implications for hardware wallet security. They also discuss the RFC6979 deterministic nonce generation and the concept of anti-klepto signing protocols as mitigations against the attack.  While Dark Skippy is a sophisticated attack, it requires a high level of expertise and is not currently seen in the wild. The discussion highlights the importance of secure boot, upgrading the Partially Signed Bitcoin Transaction (PSBT) process, and improving the randomness of upfront key generation as potential mitigations.  However, it is emphasized that current reputable hardware wallets still provide a high level of security, and there is no immediate action required for users. Takeaways Dark Skippy is a new attack that leaks secret keys from a malicious signing device. The attack exploits the nonces used in the Schnorr and ECDSA signature schemes. Previous versions of this attack were inefficient, but Dark Skippy improves upon them. Mitigations against the attack include the RFC6979 deterministic nonce generation and anti-klepto signing protocols. Dark Skippy is a sophisticated attack that targets the nonce generation process during key generation and signing. Mitigations for Dark Skippy include implementing secure boot, upgrading the PSBT process, and improving the randomness of upfront key generation. Reputable hardware wallets currently provide a high level of security, and there is no immediate action required for users. The discussion highlights the importance of ongoing research and development to enhance the security of hardware wallets and protect against potential future attacks. Timestamps: (00:00) - Intro (00:45) - What is ‘Dark Skippy'? (04:39) - Is it an old attack vector? Bitcoin's security evolving with time (12:41) - Sponsor (15:22) - What is a nonce?, RFC6979 Deterministic nonce generation (22:55) - Common ways of people losing their Bitcoin (31:08) - Sponsor (32:07) - Anti-klepto signing protocols; ways to mitigate risks of losing coins (39:51) - Updating PSBT to help mitigate this attack (43:26) - The role of Multisig in preventing the attack (49:57) - Other attack vectors in malicious actor's toolkit (56:49) - Summarizing the steps to improve the ecosystem security (1:00:18) - Closing thoughts Links:  https://darkskippy.com/  https://frostsnap.com/  https://x.com/LLFOURN  https://x.com/robin_linus  https://x.com/utxoclub  https://x.com/utxoclub/status/1820520960476561825  Sponsors: CoinKite.com (code LIVERA) mempool.space/accelerator  Stephan Livera links: Follow me on X: @stephanlivera Subscribe to the podcast Subscribe to Substack

Join Lieuwe Jan Koning on this special Threat Talks as he explores the evolving landscape of DDoS attacks with Junior Corazza and Miguel Regalado Querol. Discover if these cyber threats are truly diminishing or if we're just getting better at defending against them. Tune in to understand the current state of DDoS mitigations and the importance of cybersecurity collaboration. Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/

Why you shouldn't use AI to write your tests, and the crazy deals new AI companies are getting themselves into to access hardware.

[Referências do Episódio] Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation - https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations - https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 XZ backdoor: Hook analysis - https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Get the latest Patch Tuesday releases, mitigation tips, and learn about custom automations (aka Automox Worklets) that can help you with CVE remediations.

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Companies' safety plans neglect risks from scheming AI, published by Zach Stein-Perlman on June 3, 2024 on LessWrong. Without countermeasures, a scheming AI could escape. A safety case (for deployment) is an argument that it is safe to deploy a particular AI system in a particular way.[1] For any existing LM-based system, the developer can make a great safety case by demonstrating that the system does not have dangerous capabilities.[2] No dangerous capabilities is a straightforward and solid kind of safety case. For future systems with dangerous capabilities, a safety case will require an argument that the system is safe to deploy despite those dangerous capabilities. In this post, I discuss the safety cases that the labs are currently planning to make, note that they ignore an important class of threats - namely threats from scheming AI escaping - and briefly discuss and recommend control-based safety cases. I. Safety cases implicit in current safety plans: no dangerous capabilities and mitigations to prevent misuse Four documents both (a) are endorsed by one or more frontier AI labs and (b) have implicit safety cases (that don't assume away dangerous capabilities): Anthropic's Responsible Scaling Policy v1.0, OpenAI's Preparedness Framework (Beta), Google DeepMind's Frontier Safety Framework v1.0, and the AI Seoul Summit's Frontier AI Safety Commitments. With small variations, all four documents have the same basic implicit safety case: before external deployment, we check for dangerous capabilities. If a model has dangerous capabilities beyond a prespecified threshold, we will notice and implement appropriate mitigations before deploying it externally.[3] Central examples of dangerous capabilities include hacking, bioengineering, and operating autonomously in the real world. 1. Anthropic's Responsible Scaling Policy: we do risk assessment involving red-teaming and model evals for dangerous capabilities. If a model has dangerous capabilities beyond a prespecified threshold,[4] we will notice and implement corresponding mitigations[5] before deploying it (internally or externally). 2. OpenAI's Preparedness Framework: we do risk assessment involving red-teaming and model evals for dangerous capabilities. We only externally deploy[6] models with "post-mitigation risk" at 'Medium' or below in each risk category. (That is, after mitigations, the capabilities that define 'High' risk can't be elicited.) 3. Google DeepMind's Frontier Safety Framework: we do risk assessment involving red-teaming and model evals for dangerous capabilities. If a model has dangerous capabilities beyond a prespecified threshold, we will notice before external deployment.[7] "When a model reaches evaluation thresholds (i.e. passes a set of early warning evaluations), we will formulate a response plan based on the analysis of the CCL and evaluation results."[8] Mitigations are centrally about preventing "critical capabilities" from being "accessed" (and securing model weights). 4. Frontier AI Safety Commitments (joined by 16 AI companies): before external deployment, we will do risk assessment with risk thresholds.[9] We use mitigations[10] "to keep risks within defined thresholds." These safety cases miss (or assume unproblematic) some crucial kinds of threats. II. Scheming AI and escape during internal deployment By default, AI labs will deploy AIs internally to do AI development. Maybe lots of risk "comes from the lab using AIs internally to do AI development (by which I mean both research and engineering). This is because the AIs doing AI development naturally require access to compute and model weights that they can potentially leverage into causing catastrophic outcomes - in particular, those resources can be abused to run AIs unmonitored." Without countermeasures, if the AI is scheming, i...

Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Companies' safety plans neglect risks from scheming AI, published by Zach Stein-Perlman on June 3, 2024 on LessWrong. Without countermeasures, a scheming AI could escape. A safety case (for deployment) is an argument that it is safe to deploy a particular AI system in a particular way.[1] For any existing LM-based system, the developer can make a great safety case by demonstrating that the system does not have dangerous capabilities.[2] No dangerous capabilities is a straightforward and solid kind of safety case. For future systems with dangerous capabilities, a safety case will require an argument that the system is safe to deploy despite those dangerous capabilities. In this post, I discuss the safety cases that the labs are currently planning to make, note that they ignore an important class of threats - namely threats from scheming AI escaping - and briefly discuss and recommend control-based safety cases. I. Safety cases implicit in current safety plans: no dangerous capabilities and mitigations to prevent misuse Four documents both (a) are endorsed by one or more frontier AI labs and (b) have implicit safety cases (that don't assume away dangerous capabilities): Anthropic's Responsible Scaling Policy v1.0, OpenAI's Preparedness Framework (Beta), Google DeepMind's Frontier Safety Framework v1.0, and the AI Seoul Summit's Frontier AI Safety Commitments. With small variations, all four documents have the same basic implicit safety case: before external deployment, we check for dangerous capabilities. If a model has dangerous capabilities beyond a prespecified threshold, we will notice and implement appropriate mitigations before deploying it externally.[3] Central examples of dangerous capabilities include hacking, bioengineering, and operating autonomously in the real world. 1. Anthropic's Responsible Scaling Policy: we do risk assessment involving red-teaming and model evals for dangerous capabilities. If a model has dangerous capabilities beyond a prespecified threshold,[4] we will notice and implement corresponding mitigations[5] before deploying it (internally or externally). 2. OpenAI's Preparedness Framework: we do risk assessment involving red-teaming and model evals for dangerous capabilities. We only externally deploy[6] models with "post-mitigation risk" at 'Medium' or below in each risk category. (That is, after mitigations, the capabilities that define 'High' risk can't be elicited.) 3. Google DeepMind's Frontier Safety Framework: we do risk assessment involving red-teaming and model evals for dangerous capabilities. If a model has dangerous capabilities beyond a prespecified threshold, we will notice before external deployment.[7] "When a model reaches evaluation thresholds (i.e. passes a set of early warning evaluations), we will formulate a response plan based on the analysis of the CCL and evaluation results."[8] Mitigations are centrally about preventing "critical capabilities" from being "accessed" (and securing model weights). 4. Frontier AI Safety Commitments (joined by 16 AI companies): before external deployment, we will do risk assessment with risk thresholds.[9] We use mitigations[10] "to keep risks within defined thresholds." These safety cases miss (or assume unproblematic) some crucial kinds of threats. II. Scheming AI and escape during internal deployment By default, AI labs will deploy AIs internally to do AI development. Maybe lots of risk "comes from the lab using AIs internally to do AI development (by which I mean both research and engineering). This is because the AIs doing AI development naturally require access to compute and model weights that they can potentially leverage into causing catastrophic outcomes - in particular, those resources can be abused to run AIs unmonitored." Without countermeasures, if the AI is scheming, i...

Guest: Shan  Rao, Group Product Manager, Google  Topics: What are the unique challenges when securing AI for cloud environments, compared to traditional IT systems? Your talk covers 5 risks, why did you pick these five? What are the five, and are these the worst? Some of the mitigation seems the same for all risks. What are the popular SAIF mitigations that cover more of the risks? Can we move quickly and securely with AI? How? What future trends and developments do you foresee in the field of securing AI for cloud environments, and how can organizations prepare for them? Do you think in 2-3 years AI security will be a separate domain or a part of … application security? Data security? Cloud security?  Resource: Video (LinkedIn, YouTube)  [live audio is not great in these] “A cybersecurity expert's guide  to securing AI products with Google SAIF“ presentation SAIF Site “To securely build AI on Google Cloud, follow these best practices” (paper) “Secure AI Framework (SAIF): A Conceptual Framework for Secure AI Systems” resources Corey Quinn on X (long story why this is here… listen to the episode)

Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating? Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html [00:00:00] Introduction [00:01:12] Clarifying Scope & Short/Long Term [00:04:28] Mitigations [00:15:37] Safe Languages Are Falliable [00:21:20] Weaknesses & Evolution of Mitigations [00:29:19] Rewriting and the Iterative Process [00:34:55] The Rewriting Scalability Argument [00:41:43] System vs App Bugs [00:48:46] Mitigations & Rewriting Are Not Mutually Exclusive [00:50:25] Corporate vs Open Source [00:54:12] Generational Change [00:56:18] Conclusion Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity's Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.   In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board's (CSRB) report assessment of the Storm-0558 attack, the FTC's reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions.  Key takeaways:  The cybersecurity landscape is evolving rapidly with a variety of threats, from supply chain attacks to impersonation scams.  Transparency and security diligence are crucial in preventing and mitigating cyber threats.  End-user training and awareness play a significant role in enhancing overall cybersecurity posture.  Timestamps:  (05:26) - Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) - The Importance of Email Security and Supply Chain Attacks in Today's Cyber Landscape (18:12) - Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) - FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) - Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) - Insights on Cybersecurity Issues and Mitigations  Episode Resources:  The Full Monthly Threat Report for April 2024 Fully automated Security Awareness Training Demo 

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Managing catastrophic misuse without robust AIs, published by Ryan Greenblatt on January 16, 2024 on The AI Alignment Forum. Many people worry about catastrophic misuse of future AIs with highly dangerous capabilities. For instance, powerful AIs might substantially lower the bar to building bioweapons or allow for massively scaling up cybercrime. How could an AI lab serving AIs to customers manage catastrophic misuse? One approach would be to ensure that when future powerful AIs are asked to perform tasks in these problematic domains, the AIs always refuse. However, it might be a difficult technical problem to ensure these AIs refuse: current LLMs are possible to jailbreak into doing arbitrary behavior, and the field of adversarial robustness, which studies these sorts of attacks, has made only slow progress in improving robustness over the past 10 years. If we can't ensure that future powerful AIs are much more robust than current models[1], then malicious users might be able to jailbreak these models to allow for misuse. This is a serious concern, and it would be notably easier to prevent misuse if models were more robust to these attacks. However, I think there are plausible approaches to effectively mitigating catastrophic misuse which don't require high levels of robustness on the part of individual AI models. (In this post, I'll use "jailbreak" to refer to any adversarial attack.) In this post, I'll discuss addressing bioterrorism and cybercrime misuse as examples of how I imagine mitigating catastrophic misuse[2]. I'll do this as a nearcast where I suppose that scaling up LLMs results in powerful AIs that would present misuse risk in the absence of countermeasures. The approaches I discuss won't require better adversarial robustness than exhibited by current LLMs like Claude 2 and GPT-4. I think that the easiest mitigations for bioterrorism and cybercrime are fairly different, because of the different roles that LLMs play in these two threat models. The mitigations I'll describe are non-trivial, and it's unclear if they will happen by default. But regardless, this type of approach seems considerably easier to me than trying to achieve very high levels of adversarial robustness. I'm excited for work which investigates and red-teams methods like the ones I discuss. [Thanks to Fabien Roger, Ajeya Cotra, Nate Thomas, Max Nadeau, Aidan O'Gara, and Ethan Perez for comments or discussion. This post was originally posted as a comment in response to this post by Aidan O'Gara; you can see the original comment here for reference. Inside view, I think most research on preventing misuse seems less leveraged (for most people) than preventing AI takeover caused by catastrophic misalignment; see here for more discussion. Mitigations for bioterrorism In this section, I'll describe how I imagine handling bioterrorism risk for an AI lab deploying powerful models (e.g., ASL-3/ASL-4). As I understand it, the main scenario by which LLMs cause bioterrorism risk is something like the following: there's a team of relatively few people, who are not top experts in the relevant fields but who want to do bioterrorism for whatever reason. Without LLMs, these people would struggle to build bioweapons - they wouldn't be able to figure out various good ideas, and they'd get stuck while trying to manufacture their bioweapons (perhaps like Aum Shinrikyo). But with LLMs, they can get past those obstacles. (I'm making the assumption here that the threat model is more like "the LLM gives the equivalent of many hours of advice" rather than "the LLM gives the equivalent of five minutes of advice". I'm not a biosecurity expert and so don't know whether that's an appropriate assumption to make; it probably comes down to questions about what the hard steps in building catastrophic bioweapons are. And s...

In this episode, the hosts discuss Privileged Identity Management (PIM) and common misconceptions and mistakes related to its configuration. They cover topics such as configuring MFA in PIM, different MFA experiences, mitigations for MFA in PIM, authentication context in PIM, requiring approval to activate roles in PIM, considerations for role activation, mitigating role lockout, and using PIM for non-Microsoft apps. They also highlight the ability to use PIM for non-Azure resources, expanding its functionality beyond traditional Azure roles. Takeaways Privileged Identity Management (PIM) allows for just-in-time activation of privileged roles. Configuring MFA in PIM can have different experiences depending on the authentication method used. Mitigations for MFA in PIM include setting a lower sign-in frequency and not allowing persistent sessions. Authentication context in PIM allows for additional conditional access policies to be applied after authentication. Requiring approval to activate roles in PIM can help ensure proper oversight and control. Mitigating role lockout in PIM involves having a break glass account for emergency access. PIM can be used for non-Microsoft apps, allowing for just-in-time elevation of privileges. Expanding PIM to non-Azure resources opens up new possibilities for managing privileged access. ------------------------------------------- Youtube Video Link: ⁠https://youtu.be/uagtZ4KyB8k⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Documentation: https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/ ---------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Threads: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.threads.net/@bluesecuritypodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Linkedin: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Youtube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitch: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.twitch.tv/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Andy Jaw Mastodon: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://infosec.exchange/@ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message

Welcome to the latest episode of Storm⚡️Watch, where we delve into the most recent cybersecurity events and trends.  We are also joined by our friends at Trinity Cyber.  In this episode, we're excited to announce the arrival of TAGSMAS! This is a special event where we celebrate the power of tags in cybersecurity and how they can help us better understand and respond to threats. We start the show with the team over at Trinity Cyber, with an in-depth discussion about what they do and how they and GreyNoise partner to keep organizations (and humans) safe. The episode continues with a security bulletin from New Relic, who recently identified unauthorized access to their staging environment. This environment provides insights into customer usage and certain logs, but does not store customer telemetry and application data. The unauthorized access was due to stolen credentials and social engineering related to a New Relic employee account. The unauthorized actor used the stolen credentials to view certain customer data within the staging environment. Customers confirmed to be affected by this incident have been notified and given recommended next steps. Importantly, there is no evidence of lateral movement from the staging environment to customer accounts in the separate production environment or to New Relic's production infrastructure. Next, we discuss a phishing campaign targeting WordPress users. The campaign tricks victims into installing a malicious backdoor plugin on their site. The phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user's site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a “Patch” plugin and install it. If the victim downloads the plugin and installs it on their WordPress site, the plugin is installed with a slug of wpress-security-wordpress and adds a malicious administrator user with the username wpsecuritypatch. The malicious plugin also includes functionality to ensure that this user remains hidden.  In our shameless self-promotion segment, we highlight some of our recent work at GreyNoise Labs. We've been busy analyzing and documenting various cybersecurity threats and trends, and we're excited to share our findings with you. Be sure to check out our latest posts on the GreyNoise blog and sign up for our Noiseletter to stay up-to-date with our latest research. We also discuss some recent vulnerabilities, including a Google Skia Integer Overflow Vulnerability (CVE-2023-6345), an ownCloud graphapi Information Disclosure Vulnerability (CVE-2023-49103), and two Apple Multiple Products WebKit vulnerabilities (CVE-2023-42917 and CVE-2023-42916). These vulnerabilities highlight the ongoing need for robust cybersecurity measures and the importance of staying informed about the latest threats. Finally, we discuss a recent CISA alert about the Iranian military organization IRGC. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. The authoring agencies urge all organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these IRGC-affiliated cyber actors. Thank you for joining us for this episode of Storm⚡️Watch. We look forward to bringing you more insights into the world of cybersecurity in our next episode. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>    

Dr. Katarina Koerner, a renowned advisor and community builder with expertise in privacy by design and responsible AI, joins Chris and Robert to delve into the intricacies of responsible AI in this episode of the Application Security Podcast. She explores how security intersects with AI, discusses the ethical implications of AI's integration into daily life, and emphasizes the importance of educating ourselves about AI risk management frameworks. She also highlights the crucial role of AI security engineers, the ethical debates around using AI in education, and the significance of international AI governance. This discussion is a deep dive into the world of AI, privacy, security, and ethics, offering valuable insights for tech professionals, policy makers, and individuals alike.Links:UNESCO Recommendation on the Ethics of Artificial Intelligence:  https://www.unesco.org/en/artificial-intelligence?hub=32618OECD AI Principles: https://oecd.ai/en/ai-principlesWhite House Blueprint for an AI Bill of Rights: https://www.whitehouse.gov/ostp/ai-bill-of-rights/NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-frameworkNIST Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations: https://csrc.nist.gov/pubs/ai/100/2/e2023/ipdMicrosoft Responsible AI Standard, v2: https://www.microsoft.com/en-us/ai/principles-and-approach==> Microsoft Failure Modes in Machine Learning: https://learn.microsoft.com/en-us/security/engineering/failure-modes-in-machine-learningENISA Securing Machine Learning Algorithms: https://www.enisa.europa.eu/publications/securing-machine-learning-algorithmsGoogle Secure AI Framework (SAIF): https://developers.google.com/machine-learning/resources/saif==> Google Why Red Teams Play a Central Role in Helping Organizations Secure AI Systems: https://services.google.com/fh/files/blogs/google_ai_red_team_digital_final.pdfRecommended Book:The Ethical Algorithm: The Science of Socially Aware Algorithm Design  by Michael Kearns and Aaron Roth: https://global.oup.com/academic/product/the-ethical-algorithm-9780190948207?cc=us&lang=en&FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sponsor by ⁠⁠⁠⁠SEC Playground --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

As humans we are driven by risks and threats, and where we are continually weighing-up costs and benefits. A threat is an actual thing that could actually cause harm, loss or damage, whereas a risk is the likelihood of a specific threat happening. In our lives, too, we expose ourselves through vulnerabilities, and which are our weaknesses and which could be exploited by others. Within Cyber intelligence we must thus need to continually understand our threats and vulnerabilities and weigh up the risks involved. With finite budgets for computer security, and we must thus focus on those things which will bring the most benefit to the organisation. A major challenge is always to carefully define costs and benefits. A CEO might not want to invest in a new firewall if the justification is that it will increase the throughput of traffic. Whereas a justification around the costs of a data breach and an associated loss of brand reputation might be more acceptable for investment. Threat analysis is a growing field and involves understanding the risks to the business, how likely they are to happen, and their likely cost to the business. Figure 1 shows a plot of the cost of risks against the likelihood. If there are low costs, it is likely to be worth defending against. Risks which are not very likely, and which have a low cost, and also a risk which has a high cost, but is highly likely, are less likely to be defended against. At the extreme, a high risk which has a low likelihood and which has high costs to mitigate against is probably not worth defending against. The probabilities of the risks can be analysed either using previous experience, estimates, or from standard insurance risk tables. Figure 2 outlines an example of this. Loss Expectancy Any investment in cybersecurity must often be justified, especially in the benefits that it brings to an organisation. For audit/compliance reasons, a company must often prove that the match the key regulatory requirements within its market place. Regulations such as GDPR, and acts such as Gramm-Leach-Bliley (GLB), Sarbanes-Oxley (SOX), and the Computer Fraud and Abuse, are often a key drivers for investments in cybersecurity, as a failure to comply with these can lead to significant fines or even criminal charges. The GLB Act outlines the mechanisms that financial intuitions can use to share customer data. And, due to the financial scandals of Enron, WorldCom, and Tyco, SOX was passed in 2002, and which defines the methods used to implement corporate governance and accountability. One driver for cyber intelligence is thus the ability to gather the required information for auditors to review. As previously defined, there are many other costs that an organisation may face, including the loss of business, brand damage, and a reduction in shareholder confidence. One method of understanding the cost of risk is to determine the single loss expectancy, which is calculated from: ALE = AV x ARO and Where ALE is the Annual Loss Expectancy, ARO is the Annualized Rate of Occurrence, and V is the value of the particular asset. For example, if the likelihood of a denial-of-service on a Web-based database is once every three years, and the loss to sales is $100K, the ALE will be: ALE = $100K x 1/3 = $33K per annum This formula assumes that there is a total loss for the asset, and for differing levels of risk, an EF (Exposure Factor) can be defined as the percentage of the asset damage. The formula can then be modified as: ALE = AV x ARO x EF Figure 1 Figure 2 Risk management/avoidance The major problem in defining risk — and in implementing security policies — is that there is often a lack of communication on security between business analysts and information professionals, as they both tend to look at risk in different ways. Woloch [1] highlights this with: Get two risk management experts in a room, one financial and the other IT, and they will NOT be able to discuss risk. Each puts risk into a different context … different vocabularies, definitions, metrics, processes and standards. At the core of Cyber intelligence is a formalisation of the methodology used to understand and quantify risks. One system for this is CORAS (A Framework for Risk Analysis of Security Critical Systems) and which has been developed to understand the risks involved. A key factor of this framework is to develop an ontology (as illustrated in Figure 3) where everyone speaks using the same terms. For example: A THREAT may exploit a VULNERABILITY of an ASSET in the TARGET OF INTEREST in a certain CONTEXT, or a THREAT may exploit a VULNERABILITY opens for a RISK which contains a LIKELIHOOD of an UNWANTED INCIDENT. In this way, all of those in an organisation, no matter their role, will use the same terminology in describing threats, risks and vulnerabilities. For risk management, it is understood that not all threats can be mitigated against, and they will be carefully managed and monitored. Figure 4 shows the methodology used by CORAS in managing risks, and where a risk might be accepted if the cost to mitigate against it is too high. Network sensors can thus then be set up to try and detect potential threats, and to deal with them as they occur. For risk avoidance, systems are set up so that a threat does not actually occur on the network. An example of risk management is where a company might not setup their firewalls to block a denial-of-service (DoS) attack, as it might actually block legitimate users/services, and could thus install network sensors (such as for Intrusion Detection Systems) to detect when a DoS occurs. With risk avoidance, the company might install network devices which make it impossible for a DoS attack to occur. Figure 3 Figure 4 The importance of clearly defining threats allows us to articulate both the threat itself and also define clearly the entities involved with an incident. Figure 5 shows an example of defining the taxonomy used within a security incident, and where: A [Threat] is achieved with [Attack Tools] for [Vulnerabilities] with [Results] for given [Objectives]. Figure 5 Kill chain model Within cybersecurity, we see many terms used within military operations, including demilitarized zones (DMZs), defence-in-depth and APT (Advanced Persistent Threat). Another widely used term is the kill chain where military operations would attack a specific target, and then look to destroy it. A defender will then look to break the kill chain and understand how it might be attacked. An example of the kill chain approach is “F2T2EA”, where we Find (a target), Fix (on the location of the target), Track (the movement of the target), Engage (to fix the weapon onto the target), Assess (the damage to the target). A core of this approach is the provision of intelligence around the finding, tracking and assessment of the target. One of the most used cybersecurity models to understand threats is the kill chain model and was first proposed by Lockheed Martin. Yadav et al [2] define the technical nature of key stages of an attack, including Reconnaissance, Weaponize, Delivery, Exploitation, Installation, and Act on Objective (Figure 6). So let's say that Eve wants to steal the academic records of a university student (Carol). She might perform a reconnaissance activity and find out that Bob is an academic related to Carol's programme of study. Eve might then determine that Bob runs Windows 10 on his computer and will then move to weaponization. For this Eve selects a backdoor trojan which fakes the login process for his university site. Eve does this by scrapping the university login system. Next, she picks a suitable delivery mechanism and decides that a spear phishing method which will trick Bob into logging into the fake Web site. Eve then tries a different phishing email each day and for each attempt, she monitors for any activity of Bob putting in his university login details and his password. Once he is fooled into putting in his username and password, Eve then logs the IP address of his computer and remotely logs into it. She then installs a backdoor program, and which captures his keystrokes. Eve then monitors his activities until she sees him logging into the university results system, and where she can capture his login details for this system, and then she can act on her objective and steal Carol's results. Figure 6: Cyber Kill Chain Model © [2] Reconnaissance The first stages of an attack is likely to involve some form of reconnaissance, and which can either be passive scanning or active scanning. Within active reconnaissance, an attack may use discovery tools to determine servers, networking devices, IP address ranges, and so on. These tools will typically leave a trace on the network, and which could be detected for reconnaissance activities. Typically an organization would have standard signature detection methods to detect the scanning of IP addresses, TCP ports, and in the discovery of networked services. A company could then black-list, or lock down, the IP address which sourced the scan. With passive scanning, an attacker might use open source information to better understand their target. This increasingly involves Open-Source Intelligence (OSINT) Reconnaissance. Increasingly, too, we all leave traces of our activities across the Internet, and as we do, we leak information that could be useful for an attacker. A spear-phishing attack may thus be targeted against a person who has leaked information about their next-of-kin or on their normal work times. Eve, for example, might know that Carol has a friendship with Trent, and that Carol also uses Pinterest. She then finds out that Carol always starts work at 9am, and that she has been associated with a given IP address. On checking her Twitter account, Eve sees that Carol attended a rock concert the night before. Eve then sends Carol an email just before 9am of: Hi Carol, Trent here. Hope you had a great time at the concert. Here are some photos from that I took [here]. — Trent Eve then sets up a fake Pinterest site, and which asks for Carol's login details. Carol then enters her password, but it is rejected, and then Eve's fake Web page forwards Carol to the correct Pinterest site, and she logs in. Everything looks okay, and Carol just thinks that she has entered the wrong password in the first login attempt. But Eve now sees Carol's username, password and IP address. If Carol uses the same password for many of her accounts, Eve can then move through sites that she is likely to use, and use the Pinterest-sourced password. Thus Eve has used a targeted spear-phishing attack, and where she had determined something about Carol, and then targeted her with something that she thought Carol will be tricked with. MITRE ATT&CK (TM) Framework Many criticise the kill chain model in cybersecurity as it does not cover all of the possible attacks, and is limited number in the number of stages. The MITRE ATT&CK(TM) extends these phases into: Reconnaissance, Resource Deployment, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, and Impact, and splits these up into techniques used in each phase [3]. Figure 7 outlines that the initial access phase could be achieved through methods such as Drive-by Compromise and Exploit Public-Facing Application, and which can then be used as a knowledge base for the tactics and techniques used. Within each of the techniques, the framework outlines real-life examples, detection methods, and possible mitigations. Figure 7: Mitre [2][here] In reconnaissance (Figure 8), we can see there are 10 basic techniques (active scanning, gathering victim host information, and so on). These techniques then split into sub-techniques (such as Scanning IP Blocks for Active Scanning). Figure 8: Defining sub-techniques [link] Each sub-technique then has mitigations and detection methods (Figure 9). Figure 9: Sub-techniques [link] Unified Kill Chain (UKC) model Peter Polis [4] then brought together the approaches of the kill chain model and the MITRE ATT&CK(TM) knowledge base to create the Unified Kill Chain (UKC) model, and which defines 18 unique attack phrases. These are split into stages of an initial foothold and which pivots to network propagation and then with access to an action (Figure 8). The reconnaissance phases involve: Weaponization; Delivery; Social Engineering; Exploitation; Persistence; Defense Evasion and Command & Control (Figure 9); the network discovery phase involves Discovery; Privilege Escalation; Execution; Credential Access; and Lateral Movement, with an action phrase of Collection; Exfiltration; Target Manipulation; and Objectives. Figure 8 [Link] Figure 9 [Link] Conclusions I repeat, at the core of cybersecurity are: risks, costs, benefits and threat models. We need common definitions for our definitions and in defining a common knowledge base. The Unified Kill Chain model goes some way to achieving this. References [1] B. Woloch, “New dynamic threats requires new thinking: moving beyond compliance”,” Computer Law & Security Review, vol. 22, no. 2, pp. 150–156, 2006. [2] T. Yadav and A. M. Rao, Technical aspects of cyber kill chain,” in International Symposium on Security in Computing and Communication. Springer, 2015, pp. 438–452. [3] MITRE, Mitre's attack,” 2019. [Online]. Available: https://attack.mitre.org/. Link. [4] P. Pols, Unifed kill chain (ukc),” 2019. [On-line]. Available: https://www.csacademy.nl/images/scripties/2018/Paul-Pols — -The-Unied-Kill-Chain.

CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware. Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/11 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (iBoss) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) GE Digital Proficy Historian (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA)  Siemens SINEC INS (CISA) Contec CONPROSYS HMI System (CHS) Update A (CISA) Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape (Nozomi Networks) A look at IoT/ICS threats. (CyberWire) DNV's fleet management software recovering from ransomware attack. (CyberWire) DNV says up to 1,000 ships affected by ransomware attack (Computing) Ransomware attack on maritime software impacts 1,000 ships (The Record from Recorded Future News) Chinese Playful Taurus Activity in Iran (Unit 42) Playful Taurus: a Chinese APT active against Iran. (CyberWire) Russian hackers allegedly tried to disrupt a Ukrainian press briefing about cyberattacks (Axios) Russia's Ukraine War Drives 62% Slump in Stolen Cards (Infosecurity Magazine) Annual Payment Fraud Intelligence Report: 2022 (Recorded Future)

Watch on YouTube About the show Sponsored by Microsoft for Startups Founders Hub. Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/stream/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Michael #1: Secure maintainer workflow by Ned Batchelder We are the magicians, but also the gatekeepers for our users Terminal sessions with implicit access to credentials first is unlikely: a bad guy gets onto my computer and uses the credentials to cause havoc second way is a more serious concern: I could unknowingly run evil or buggy code that uses my credentials in bad ways. Mitigations 1Password: where possible, I store credentials in 1Password, and use tooling to get them into environment variables. Side bar: Do not use lastpass, see end segment I can have the credentials in the environment for just long enough to use them. This works well for things like PyPI credentials, which are used rarely and could cause significant damage. Docker: To really isolate unknown code, I use a Docker container. Brian #2: Tools for parsing HTML and JSON Learned these from A Year of Writing about Web Scraping in Review Parsel - extract and remove data from HTML using XPath and CSS selectors jmespath - “James Path” - declaratively specify how to extract elements from a JSON document Michael #3: git-sizer Compute various size metrics for a Git repository, flagging those that might cause problems. Tip, partial clone: git clone --filter=blob:none URL # Stats for training.talkpython.fm # Full: git clone repo Receiving objects: 100% (118820/118820), 514.31 MiB | 28.83 MiB/s, done. Resolving deltas: 100% (71763/71763), done. Updating files: 100% (10792/10792), done. 1.01 GB on disk # Partial: git clone --filter=blob:none repo Receiving objects: 100% (10120/10120), 220.25 MiB | 24.92 MiB/s, done. Resolving deltas: 100% (1454/1454), done. Updating files: 100% (10792/10792), done. 694.4 MB on disk Partial clone is a performance optimization that “allows Git to function without having a complete copy of the repository. The goal of this work is to allow Git better handle extremely large repositories.” When changing branches, Git may download more missing files. Not the same as shallow clones or sparse checkouts Consider shallow clones for CI/CD/deployment Sparse checkouts for a slice of a monorepo Brian #4: Dataclasses without type annotations Probably file this under “don't try this at home”. Or maybe “try this at home, but not at work”. Or just “that Brian fella is a bad influence”. What! It's not me. It's Adrian, the dude that wrote the article. Unless you're using a type checker, for dataclasses, “… use any type you want. If you're not using a static type checker, no one is going to care what type you use.” @dataclass class Literally: anything: ("can go", "in here") as_long_as: lambda: "it can be evaluated" # Now, I've noticed a tendency for this program to get rather silly. hell: with_("from __future__ import annotations") it_s: not even.evaluated it: just.has(to=be) * syntactically[valid] # Right! Stop that! It's SILLY! Extras Michael: LastPass story just keeps getting worse We will see problems in supply chains because of this too A whole 2 hour discussion diving into what I touched on: twit.tv/shows/security-now Got your new mac mini yet? Or MacBook Pro? Joke: Developer/maker, what's my purpose?

Elliot Jay O'Neill is joined by BT Calloway & Marty Bright to review;   S.30 E.15 “101 Mitigations”   This is a Side Quest Studios Production Huge THANK YOU to our Heroes over at Patreon Grant Prusi // 16_oz_mouse // Philip Wolf // Timothy Burleson // Chris Tar // AlmightyK // Azoko Loko // Freezer // Stephanie // David James Young // Paul Salt // Paul Goodman   You too can become a Hero by supporting us on Patreon and you'll unlock a bonus podcast every week plus access to our back catalogue of over 100 podcasts www.patreon.com/sidequeststudios    Pulp Fury Radio; our fiction anthology podcast. Season 1 available now at www.pulpfuryradio.com (or wherever you get your podcasts)   We also made a video, but it wasn't to appease a judge or whatever, it's a web series.  www.daveplusone.com    We reviewed Game of Thrones in reverse order on our podcast “Thrones Of Game” https://thronesofgame.podbean.com   All the links to our socials are here  Facebook  Twitter  Instagram

A couple of mitigations for a couple of ab testing challenges

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Using artificial intelligence (machine vision) to increase the effectiveness of human-wildlife conflict mitigations could benefit WAW, published by Rachel Norman on October 28, 2022 on The Effective Altruism Forum. 1. Overview This report explores using artificial intelligence (AI) to increase the effectiveness of human-wildlife conflict (HWC) mitigations in order to benefit wild animal welfare (WAW). Two concrete examples are providing more funding, research and direct work into reducing fatalities due to 1) collisions between bats and wind turbines, and 2) culling crop-raiding starlings. The report aims merely to raise awareness of this topic and introduce the idea for discussion, but not yet strongly suggest it is a cost-effective intervention on par with other interventions - see uncertainties, limitations, and potential for harm. What's the problem profile? HWC is increasing due to human expansions and climate change, (Gross et al., 2021) and is starting to be considered in government strategies and policy. The expected future impact of innovative and effective solutions to HWC could be even larger than currently appreciated. Lethal control or other methods which significantly impact animal welfare are still widely used (such as culling), despite preventative non-lethal strategies growing in more recent wildlife management approaches. Currently deployed AI systems directed towards HWC could be expanded further within the next 10-20 years as they become more reliable, more effective, and cheaper. We should not assume they will prioritize WAW concerns, or be widely used for animals of WAW concern, so this should be embedded before they are potentially rolled out at scale. There are already companies working on AI solutions for specific problems involving endangered species, such as protected areas using AI assisted technology for poacher detection. There is already proof-of-concept of an NGO-backed early warning AI system, ‘WildEyes', with this type of solution being invested in by a local governmental department in Tamil Nadu, India. Buy-in from a range of stakeholders (especially when it benefits humans and profits too) offers a way in with conservationists and researchers who may not otherwise consider WAW. Research and development (R&D) on AI-assisted HWC mitigations would likely attract researchers who would not otherwise consider or be motivated by WAW concerns. What should we be doing differently? A very tentative theory of change: if machine vision-based methods prevent HWC, they could be adopted, even on a small scale helps drop prices allowing for systems to be more widely adopted leads to more support and R&D continued price drops and adoption could create space for legislation to ban harmful or lethal methods of animal control preventing HWC could reduce apathy and antagonism towards “problem species” and make it easier for people to consider the welfare of animals, while also directly reducing negative WAW effects of HWC. This report highlights two examples of HWC where advocates could influence AI-assisted mitigation to directly affect substantial numbers of animals, and spread welfare considerations in software and norms: Wind turbine collisions are a leading anthropogenic cause of bat deaths and cause a significant number of bird deaths (600,000 to 949,000 bats and 140,000 to 679,000 birds annually in North America). We should expect fatalities to increase due to expansions in wind power. Culling of crop-raiding species. In one year, the USDA's Wildlife Services culled 1,028,642 European starlings responsible for agricultural crop damage, because other mitigations are ineffective. Despite this, starlings still cause extensive damage each year. More effective mitigation measures would hold value and could prevent culls. There are a number of r...

Breaking into Cybersecurity_ IAM the breach vector - Top 3 Mitigations The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. For the Full Episode, subscribe to the following: https://anchor.fm/breakingintocybersecurity/subscribe Check out our new books: Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/ About the hosts: Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://www.cpf-coaching.com Website: https://www.cyberhubpodcast.com/breakingintocybersecurity Podcast: https://anchor.fm/breakingintocybersecurity YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ Twitter: https://twitter.com/BreakintoCyber Twitch: https://www.twitch.tv/breakingintocybersecurity --- Send in a voice message: https://anchor.fm/breakingintocybersecurity/message

Breaking into Cybersecurity_ IAM the breach vector - Top 3 Mitigations The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. For the Full Episode, subscribe to: https://anchor.fm/breakingintocybersecurity/subscribe Check out our new books: Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/ About the hosts: Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://www.cpf-coaching.com Website: https://www.cyberhubpodcast.com/breakingintocybersecurity Podcast: https://anchor.fm/breakingintocybersecurity YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ Twitter: https://twitter.com/BreakintoCyber Twitch: https://www.twitch.tv/breakingintocybersecurity --- Send in a voice message: https://anchor.fm/breakingintocybersecurity/message

Microsoft updates mitigations for ProxyNotShell. Lloyd's of London investigates a suspected cyberattack. Killnet hits networks of US state governments. The FBI and CISA weigh in on election security. Credential theft in the name of Zoom. Tim Eades from Cyber Mentor Fund on the move to early-stage investing in times of war and recession. Our guest is Nick Lumsden of Tenacity Cloud on cloud infrastructure sprawl. The former security chief at Uber was found guilty in a case involving data breach cover-up. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/193 Selected reading. Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Microsoft updates guidance for ‘ProxyNotShell' bugs after researchers get around mitigations (The Record by Recorded Future) Microsoft Updates Mitigation for Exchange Server Zero-Days (Dark Reading)  Microsoft updates mitigation for ProxyNotShell Exchange zero days (BleepingComputer)  Lloyd's of London investigates possible cyber attack (Reuters) Insurance giant Lloyd's of London investigating cyberattack (The Record by Recorded Future) Russian-speaking hackers knock US state government websites offline (CNN)  Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting (FBI and CISA) FBI: Cyberattacks targeting election systems unlikely to affect results (BleepingComputer)  Zoom: 1 Phish, 2 Phish Email Attack (Armorblox) Former Uber Security Chief Found Guilty of Obstructing FTC Probe (Wall Street Journal) Former Uber security chief convicted of covering up 2016 data breach (Washington Post) Uber's Former Security Chief Convicted of Data Hack Coverup (Bloomberg) Former Uber Security Chief Found Guilty of Hiding Hack From Authorities (New York Times) Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover Up (SecurityWeek)

LA school data published on leak site Exchange zero-day mitigations bypassed Supreme Court will look legal protections for apps and sites Thanks to today's episode sponsor, Hunters Hunters helps your security team overcome data volume and complexity – while significantlyreducing false positives. Upwork uses Hunters SOC Platform to “remain threat focused”. Because of Hunters, Upwork has been able to stop going through the daily repetitive task of looking at alerts, and doing repetitive, manual investigations. Learn more at: Hunters.ai

Google closes on Mandiant Paying the iron price for Retbleed mitigation Meta hands over the keys to PyTorch Thanks to today's episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.

In this week's episode the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss a ransomware attack by the Yanluowang ransomware group who has breached Cisco. Next, the team talks about a fallout of HanesBrands who was hit ransomware and the recap/ lessons they learned from this attack. Also, the crew jumps into some trends in ransomware and what these ransomware gangs are doing. Lastly, the experts briefly will get into a new ransomware group called Zeppelin and the alert that was put out. The FBI/ CISA put these alerts out not to scare but to mitigate this from happening to you and your business. Stay Tuned! Like and Subscribe! Articles that were used in the show: https://www.bleepingcomputer.com/news/security/cisco-hacked-by-yanluowang-ransomware-gang-28gb-allegedly-stolen/ https://www.axios.com/2022/08/11/hanesbrands-ransomware-attack-earnings-report https://securityboulevard.com/2022/08/black-hat-insights-getting-bombarded-by-multiple-ransomware-attacks-has-become-commonplace/ https://www.darkreading.com/edge-threat-monitor/cybercriminals-weaponizing-ransomware-data-for-bec-attacks https://www.cisa.gov/uscert/ncas/alerts/aa22-223a

Bishop On Air reviews the latest in COVID-19 mitigation with Gov. J.B. Pritzker relaxing things, but continuing the disaster orders. Why? Wirepoints President Ted Dabrowski offers reaction.

In this edition of the Soap Box podcast Okta's APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking

In this edition of the Soap Box podcast Okta's APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking

Helping us get Set for Sentencing this week, an amazing human who happens to be not only a former client, but also the subject of the first full-on sentencing mitigation video ever produced in Federal Court, almost twenty years ago!  I am so grateful that Dustin Arnold agreed to share his incredible journey from gifted student to deep addiction, from arrest to sentencing, and from rehabilitation to true redemption.   His story continues to inspire and amaze.  Dustin tells us what it feels like to put his fate and future in the hands of a lawyer.  He also talks about what it was like to tell his story in front of a camera for a "sentencing mitigation video".   What's a sentencing mitigation video, you ask?  Well, take a listen! We didn't know it at the time, but we were setting the wheels in motion for a completely new and powerful way to advocate.  Flash forward twenty years and the process is gaining momentum in courts all over the country.  Sentencing videos were even the subject of the Simpsons (S. 30, ep. 15, “101 Mitigations”).  So buckle up, and let's get Set For Sentencing! IN THIS EPISODE: What it feels like to be a client in the hands of a lawyer who isn't doing their job (and one who is); How the system can actually do more good then harm when the right resources and the right decision-makers are in place; Explanation of sentencing mitigation videos and how they can make all the difference in a case; A case study in why having discretionary sentencing (and a thoughtful judge) is vital; Mitigation videos are not simply for “wealthy” clients who are trying to "buy a lower sentence." This technique was born and raised in the office of the Federal Public Defender; Sentencing videos on The Simpsons?!; The seed that grew into the mighty oak – the evolution of mitigation filmmaking; Dustin's best advice, heart to heart, from a client to a lawyer; Who doesn't love a happy ending???? LINKS: The Simpsons, "101 Mitigations" Snippit of Dustin Arnold Sentencing Video FREE RESOURCE:  Doug Passon's Article from The Champion on Sentencing Mitgation Videos:  Using Moving Pictures to Build the Bridge of Empathy at Sentencing.   Click here to Download

Watch the video with slides at: https://youtu.be/y3lYUARfw-sAn in-depth look at recent research papers on the environmental consequences of nuclear war and some survival mitigations. This was pretty depressing work to make this.TimestampsIntro: 0:00Relations can degrade quickly: 2:14First impactful major nuclear winter study 1983: 3:56Intermediate-Range Nuclear Forces (INF) Treaty in December 1987: 4:26Nobody wants nuclear war - Treaties 4:55The thermonuclear bomb: 7:57Have you heard of Gnomon and Sundial nuclear devices (gigaton)?: 11:12Terragrams: 16:30Limited Nuclear War Research (India versus Pakistan): 19:00Full-scale nuclear war research (2008 paper): 25:32Full-scale nuclear war research (2019 paper): 39:26Some brief talk about prepping: 52:02Topics I want to look at future videos 1:03:0080s paper on Nuclear Winter: Global Consequences of Multiple Nuclear Explosions:https://www.science.org/doi/10.1126/science.222.4630.1283Joint Statement of the Leaders of the Five Nuclear-Weapon States on Preventing Nuclear War and Avoiding Arms Races:https://www.whitehouse.gov/briefing-room/statements-releases/2022/01/03/p5-statement-on-preventing-nuclear-war-and-avoiding-arms-races/2020 limited war study:https://www.pnas.org/doi/full/10.1073/pnas.1919049117Environmental consequences of nuclear war 2008:https://physicstoday.scitation.org/doi/10.1063/1.3047679Nuclear Winter Responses to Nuclear War Between the United States and Russia in the Whole Atmosphere Community Climate Model Version 4 and the Goddard Institute for Space Studies ModelE:https://agupubs.onlinelibrary.wiley.com/doi/10.1029/2019JD030509Sundial Bomb paper:https://thebulletin.org/2021/11/the-untold-story-of-the-worlds-biggest-nuclear-bomb/#%3A~%3Atext%3DSo%20a%2010-megaton%20bomb%2C20.3%20miles%20(33%20kilometers).https://www.rbth.com/opinion/2016/01/05/nuclear-overkill-the-quest-for-the-10-gigaton-bomb_556351

SpaceX's plans for launching Starship to orbit from Boca Chica cleared an environmental review with the FAA, but more than 75 mitigations are required in order to receive a launch license to carry out flights in the future.This episode of Main Engine Cut Off is brought to you by 41 executive producers—Simon, Lauren, Kris, Pat, Matt, Jorge, Ryan, Donald, Lee, Chris, Warren, Bob, Russell, Moritz, Joel, Jan, David, Joonas, Robb, Tim Dodd (the Everyday Astronaut!), Frank, Julian and Lars from Agile Space, Tommy, Matt, The Astrogators at SEE, Chris, Aegis Trade Law, Fred, Hemant, Dawn Aerospace, Andrew, Harrison, and seven anonymous—and 799 other supporters.TopicsFAA Requires SpaceX to Take Over 75 Actions to Mitigate Environmental Impact of Planned Starship/Super Heavy Launches | Federal Aviation AdministrationSpaceX on Twitter: “One step closer to the first orbital flight test of Starship”FAA environmental review to allow Starship orbital launches after changes - SpaceNewsFAA moves SpaceX a step closer to receiving Starship launch license – Spaceflight NowThe ShowLike the show? Support the show!Email your thoughts, comments, and questions to anthony@mainenginecutoff.comFollow @WeHaveMECOListen to MECO HeadlinesJoin the Off-Nominal DiscordSubscribe on Apple Podcasts, Overcast, Pocket Casts, Spotify, Google Play, Stitcher, TuneIn or elsewhereSubscribe to the Main Engine Cut Off NewsletterBuy shirts and Rocket Socks from the Main Engine Cut Off ShopMusic by Max JustusArtwork photo by NASA

3 Cultural Obstacles to Successful DevSecOps ImplementationWhen our goal is to change security culture we must consider how to influence our developers while still caring for their needs. This article shares helpful insight into implementing successful security culture change within an organization. Brenna Leath -- Product Security Leads: A different way of approaching Security ChampionsBrenna Leath, head of product security at SAS, visited the Application Security Podcast to share her insight on security champions and how she approaches this role in her organization with product security leads. We hope you enjoy this conversation with...Brenna Leath. How GO Mitigates Supply Chain AttacksThis post, from the GO blog, dives into how this coding language mitigates supply chain attacks. GitHub can now auto-block commits containing API keys, auth tokensIt is vital to keep private information, such as API keys, passwords and authentication tokens, secure. GitHub recently released a new update that scans code for this sensitive information before committing the code to a repository.If you're not using SSH certificates you're doing SSH wrong If you use SSH without certificates, this story may make you uneasy. The author argues why we shouldn't be using SSH with anything other than certificates in the modern day.

Guillaume et Emmanuel discutent de l'état des versions de Java utilisées, de Java String template, et de beaucoup de failles de sécurité. On pourra presque se renommer Les Cast Sécu ;P On y ressussite aussi la rubrique débutant et discutons du piège de la classe URL. Enregistré le 20 mai 2022 Téléchargement de l'épisode LesCastCodeurs-Episode–279.mp3 News Langages L'état de Java selon newrelic Java 11 commence enfin à être utilisé plus que Java 8 en prod (48% vs 46%) Dans les versions non LTS, c'est Java 14 qui a l'air d'avoir le plus de succès non LTS en prod est 2,7% Après Oracle, c'est la distrib de AWS qui est pas mal utilisée suivi par adoptium Beaucoup d'utilisation de Java dans des containeurs (70%) avec 1 seul core, donc aussi moins de bénéfices dans l'utilisation de G1 pour le GC Toujours dans les containeurs, les applis Java tournent souvent avec moins de 512MB de RAM (45%) String templates en Java les string template c'est ce qui a fournit log4shell donc attention Replace certains usages de stringbuilder , stringfromat et messageformat Beaucoup de langages offrent ça (bash ahah) Exemple d'usage html, json, yaml etc Ils veulent permettre des règles de transformations et de validation (escape caractère) Peut même éviter le,passage par l'étape du passeur Objet template a le template et la policy Embedded expressions: chaînes de caractères, arithmétique, invoque méthodes ou champs, pas besoin d'échapper les double guillemets. Lignes multiples Quid capture des variables locales sans l'avis du développeur. Pas d'exemple meta où le template est importé ou construit. Un article détaillé sur ce qui est nouveau niveau GC dans Java 18 Librairies Quarkus 2.8 et 2.9 WebAuthN Confluent Schema Registry Kotlin Scala RESTEasy Reactive est la couche par défaut GraalVM 22 Elasticsearch Dev Services Outillage Un nouveau décompilateur avec du code plus lisible Tous plus ou moins un fork de celui d'intellij maintenu par JetBrains, le fork d'avant est de Minecraft Reconstruit des constructions de plus haut niveau et plus moderne. Exemples Sécurité Une vulnérabilité dans struts 2 Un problème qui n'avait été que partiellement corrigé. Lié à OGNL'et une double évaluation via %{…} sur du contenu venant de l'utilisateur. Le gros trou de sécu sur les signatures Java 15–18 attaque sur les approches ECDSA (elliptic curve digital signature algorithm), typiquement plus modernes cibles Java web start, Java applets, web services qui utilisent ECDSA (JWT, SAML, OIDC Id tokens, WebAuthN version Oracle Java 7, 8, 11, 15, 16, 17, 18, OpenJDK 15, 17, 18 (backport Oracle) Comme un psychic paper de dr who: peut signer numériquement un papier sans infos (paramètres de la courbe peuvent être à 0 ce qui permet de valider tous les messages (0) L'interprétation pour un framework comme Quarkus Spring4Shell avec risque de remote code execution (unfolding) Mitigations: mettre a jour 5.x, mettre a jour tomcat (tactique), setDisallowedField pour excludes les accès aux getter/setter class, passer a Java 8 La RCE est basée sur la navigation non restreinte de class.module.classLoader Spring MVC Early Announcement Spring Cloud exploit announcement Spring MVC Exploit Announcement Spring4Shell HelpNetSecurity assessment Spring4Shell Sonatype Assessment Qualys assessment Personal Security Checklist Recense les bonnes pratiques en terme de sécurité numérique Selon différents thèmes Authentication Browsing the Web Email Secure Messaging Social Media Networks Mobile Phones Personal Computers Smart Home Personal Finance Human Aspect Physical Security Google offre aux clients Google Cloud des libairies validées en sécurité Une équipe de maintenance Open Source chez Google Loi, société et organisation Apple va supprimer au téléchargements les applis non mises a jour depuis 3 ans et peu téléchargées ça a fait réagir et râler Des applis finies Mais surtout une résumassions c'est du taf (nouvelles règles, peut être mise à jour de framework) Du cote de Apple c'est nettoyer un peu la longue queue d'applis Et encourager les gens à rester au top (eg privacy infos) Les duchesses ferment leur slack aux hommes pas fait de gaité de cœur mais réaction aux événements temps des Modérations plus passe sur les posts d'hommes que de femmes Sensation de pas laisser la place aux femmes Maladresses et manques de respect Coupé dynamisme et la sécurité de parole Et beaucoup d'hommes et du coup sentiment d'épier Les duchess feront toujours des événements mixtes mais cet espace avait perdu son utilité première Comment la guerre en Ukraine ébranle la tech russe fragilisation fuite des cerveaux (depuis 2014 et la crimée (cerveaux emprunts de plus de liberté) manque .5 à 1 millions de developpeurs Karspersky et les doutes de ses clients (80% du chiffre d'affaire à l'étranger) Yandex moteur de recherche protégé car marcher local mais démission du CEO Default de paiement (endettement) e.g. VK 400 millions de dollars Envisager de raid de disque dur pour consommation locale Outils de l'épisode Faire le la configuration conditionnelle dans git includeIf permet de faire la condition Utile pour changer l'email entre bureau et perso par exemple. [aheritier] je le fais souvent avec des repertoires différents pour boulot vs oss/perso Rubrique débutant La comparaison des URL Les URLs sont égales si les IP sont égales donc DNS lookup donc pas constant pour la vie de l'instance de JVM vive les hash des Set et Map :) Conférences JavaDay au Paris JUG: Le futur de Java - le 22 juin 2022 Nous contacter Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Faire un crowdcast ou une crowdquestion Contactez-nous via twitter https://twitter.com/lescastcodeurs sur le groupe Google https://groups.google.com/group/lescastcodeurs ou sur le site web https://lescastcodeurs.com/

In this episode we are going to look at Network Attack Mitigations.We will be discussing The Defense-in-Depth Approach, Keep Backups, Upgrade, Update, and Patch, Authentication, Authorization, and Accounting, Firewalls, Types of Firewalls, and finally Endpoint Security.Thank you so much for listening to this episode of my series on Introduction to Networks for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.com-------------------------------------------------------Cisco Certified Network Associate (CCNA)Introduction to Networks v1 (ITN)Episode 16 - Network Security FundamentalsPart C - Network Attack MitigationsPodcast Number: 84-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment 

What are the energy challenges in the Lebanese industrial sector, and how can we boost Lebanon’s economy by increasing and structuring its industry practically and economically? Laury Haytayan, MENA director at the Natural Resource Governance Institute (NRGI) hosts Paul Abi Nasr, CEO of POLYTEXTILE and Board Member at Association Of Lebanese Industrialists ALI. Energy Espresso is a solution-oriented podcast that will answer all your questions on the status and future of Energy in Lebanon and how Renewable Energy can help the energy transition.

For our second special for Earth Week, we are talking to Bilge who works as a research scientist at Meta AI. Her open-source project Carbon Explorer evaluates solutions to make data centres operate on 24/7 renewable energy. Why this is easier said than done and how engineers can help within their day-to-day work to reduce their carbon footprint are among the many things Pascal and Bilge discuss in this episode.   Got feedback? Send it to us on Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don't forget to follow our host @passy (https://twitter.com/passy). Fancy working with us? Check out https://www.metacareers.com/. Links: Carbon Explorer: https://github.com/facebookresearch/CarbonExplorer Holistic Approach for Designing Carbon Aware Datacenters: https://arxiv.org/abs/2201.10036 Open Catalyst: https://opencatalystproject.org/ Open Catalyst SchrepTech Interview: https://ai.facebook.com/blog/how-ai-is-helping-address-the-climate-crisis/ Timestamps: Intro 0:05 Intro Bilge 2:18 Optimising for the Environment 4:01 Carbon Explorer 5:02 Mitigations for Renewable Intermittency 7:17 Operational and Embodied Footprints 10:57 Motivations for Carbon Explorer 13:06 Battery Storage 14:36 Renewable Curtailment 15:52 Empowering Engineers 18:20 Carbon Intensity APIs 19:22 AI Carbon Intensity Forecasts 22:07 Carbon Metrics 23:17 Where to Learn More 25:38 Outro 27:32 Bloopers 29:45

The allied cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and US allies and partners. AA22-110A Alert, Technical Details, and Mitigations. March 21, 2022, Statement by U.S. President Biden. CISA Shields Up Technical Guidance. Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure. Joint Cyber Defense Collaborative Australian Cyber Security Centre's (ACSC) Advisory. Canadian Centre for Cyber Security (CCCS) Cyber Threat Bulletin. National Cyber Security Centre New Zealand (NZ NCSC) General Security Advisory. United Kingdom's National Cyber Security Centre (NCSC-UK) guidance on how to bolster cyber defences in light of the Russian cyber threat. All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

PART THREE:  https://www.podbean.com/ew/pb-k2hbd-11b6457   TWITTER: @Lone_Candle FACEBOOK: https://www.facebook.com/Lone-Candle-1436129040048603   Author's page: https://www.amazon.com/Dilland-Doe/e/B00TUKIX7S?ref_=dbs_p_ebk_r00_abau_000000 MEDIUM: https://lonecandle.medium.com/why-im-skeptical-of-reparations-d237b530ba63?sk=2cabce04f0f3f060510cba9d15869cac WEBSITE: http://LoneCandle.com/ PATREON: https://www.patreon.com/LoneCandle?fan_landing=true YOUTUBE: https://www.youtube.com/channel/UCK1ebzTqvmZypjliA8ghA6A?view_as=subscriber   SOURCES: https://lonecandle.com/?p=7308

To which extent is renewable energy a solution for our current electricity crisis? What are the top reforms that need to be made in order to fix the energy sector? Guests: Pierre El Khoury, LCEC President/Director-General

Jon and Joe have a conversation with Illinois High School Association Associate Executive Director Kurt Gibson.  Kurt discusses the return of March Madness to Illinois boys basketball after a two year absence, masking mitigations for the state series and the latest on the debate over the shot clock (2:00). Want to be a 'Jon and Joe Show' VIP? Go to https://my.captivate.fm/jonandjoeshow.com/vip (jonandjoeshow.com/vip) to learn more. To subscribe to 'The Kerr Report' newsletter, go https://my.captivate.fm/kerr.substack.com (here). Download the show anywhere you find your podcasts.

In this episode, E&S Grounding Solutions President David Stockin continues looking at an example of lightning striking a large metal tower. The connection between electrodes and earth will determine the potential difference across the ground, so it is important to understand what causes the potential difference and why engineers should work to minimize that difference. The formation of electromagnetic fields and step and touch voltages are other factors to consider in the design and analysis of a grounding system. Mitigations are possible by adding copper wire, copper ground ring(s), and electrodes that are specially-designed to help dissipate leakage current. Many of the principles applying to a large metal tower could apply to other structures. For a video of this podcast, please visit our YouTube Channel at E&S Grounding Solutions. For more information or to sign up for some of our world-renowned educational classes, please visit our website at www.ESgrounding.comPlease follow us on Social MediaPlease follow us on Social Media for updates and behind the scenes info:Instagram:@AskTheGroundingExperts@ESgroundingFacebook:https://www.facebook.com/esgroundingYouTube:https://www.youtube.com/channel/UCWWjcaK6ozQI5DCF0wf58HQ

Comprehensive coverage of the day's news with a focus on war and peace; social, environmental and economic justice. 10 dead, 150 remain missing in Florida after apartment building collapses. California lawmakers set to approve budget with a $1 billion windfall. Dozens arrested at White House demanding greater climate protections in infrastructure bill. California adds 5 more states to it's travel ban of states that violate LGBTQ rights. Supporters of bill to decriminalize psychedelics in California speak ahead of assembly hearing. Two Catholic churches on indigenous land in Canada burned to the ground. Memorial service held for Tyrell Wilson, black man killed by white Contra Costa County Sheriff, Andrew Hall. San Francisco Supervisor Matt Haney urges increase in 24 hour bathrooms in city. Photo of protesters at White House 6-28-21 by Sunrise Movement @sunrisemvmt. The post Dozens of climate justice activists arrested outside White House, demanding robust climate mitigations in infrastructure bill; California adds 5 more to it's travel ban of states that violate LGBTQ rights; Supporters of bill to decriminalize psychedelics in California speak ahead of assembly hearing appeared first on KPFA.

MITRE ATT&CK® seems to be the"next big thing". Every time I hear about it I can't help but wonder, "how doyou prevent all these attacks in the first place? Shouldn't that be the endgame?" To that end, I set out to map all the recommended "Mitigations" for allthe "Techniques" detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a little surprising, and I'm still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing andhopefully generate a discussion about what to do with the results. About the speaker: Respected Information Security advocate, advisor, evangelist, international speaker, keynoter, host of Security & Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers, TOH Red Team, TOHSecurity Leaders, TOH Blue Team, and currently serving in a Consulting/Advisory role for Online Business Systems. Nearly 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified NSA Cryptanalyst. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty-five years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.

Mitigations against Mimikatz Style Attacks https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/ LibreOffice Macro Vulnerability https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html Firefox 65 Breaks HTTPS AV Scanning https://bugzilla.mozilla.org/show_bug.cgi?id=1523701 RDP Client Vulnerabilities https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ DNS "Lookingglass" https://isc.sans.edu/tools/dnslookup.html

After a brief discussion about cryptocurrency, Chris and Soroush discuss the CPU vulnerabilites that made news recently: Meltdown and Spectre. Kodak Debuts Bitcoin Miner as Blockchain Pivot Juices Stock Price Coinbase Dogecoin Market Cap Hits $1 Billion, to Its Creator's Dismay Chris's Meltdown & Spectre reading list Wired: A Critical Intel Flaw Breaks Basic Security for Most Computers Google Project Zero: Reading privileged memory with a side-channel Meltdown and Spectre Ad blockers iMore: Best ad blockers for iOS Better Adblock Plus uBlock Origin NoScript Apple: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan Mitigations for Chrome and Firefox A Timing Attack In Action Coding Rules (cryptocoding.net) Some more advanced & background reading on Meltdown and Spectre: In-Order vs. Out-of-Order Execution (PDF) Branch Prediction (PDF) A brief history of branch prediction CPU Cache (Wikipedia) Understanding Cache Attacks (PDF) Memory Protection (Wikipedia) Spectre mitigation approach from Google: Retpoline: a software construct for preventing branch-target-injection Comment from Chris after the show was posted: Hi, all! I really struggled through my first Spectre explanation in this episode, but if you skip ahead to about 21:20 I think our discussion gets easier to follow. — Chris

Allan reports on his trip to BSD Taiwan, new versions of Lumina and GhostBSD are here, a bunch of OpenBSD p2k17 hackathon reports. This episode was brought to you by Headlines Allan's Trip Report from BSD Taiwan (https://bsdtw.org/) BSD TW and Taiwan in general was a fun and interesting experience I arrived Thursday night and took the high speed train to Taipei main station, and then got on the Red line subway to the venue. The dorm rooms were on par with BSDCan, except the mattress was better. I spent Friday with a number of other FreeBSD developers doing touristy things. We went to Taipei 101, the world's tallest building from 2004 - 2010. It also features the world's fastest elevator (2004 - 2016), traveling at 60.6 km/h and transporting passengers from the 5th to 89th floor in 37 seconds. We also got to see the “tuned mass damper”, a 660 tonne steel pendulum suspended between the 92nd and 87th floors. This device resists the swaying of the building caused by high winds. There are interesting videos on display beside the damper, of its reaction during recent typhoons and earthquakes. The Taipei 101 building sits just 200 meters from a major fault line. Then we had excellent dumplings for lunch After walking around the city for a few more hours, we retired to a pub to escape the heat of the sunny Friday afternoon. Then came the best part of each day in Taipei, dinner! We continued our efforts to cause a nation wide shortage of dumplings Special thanks to Scott Tsai (https://twitter.com/scottttw) who took detailed notes for each of the presentations Saturday marked the start of the conference: Arun Thomas provided background and then a rundown of what is happening with the RISC-V architecture. Notes (https://docs.google.com/document/d/1yrnhNTHaMDr4DG-iviXN0O9NES9Lmlc7sWVQhnios6g/edit#heading=h.kcm1n3yzl35q) George Neville-Neil talked about using DTrace in distributed systems as an in-depth auditing system (who did what to whom and when). Notes (https://docs.google.com/document/d/1qut6tMVF8NesrGHd6bydLDN-aKBdXMgHx8Vp3_iGKjQ/edit#heading=h.qdghsgk1bgtl) Baptiste Daroussin presented Poudrière image, an extension of everyone's favourite package building system, to build custom images of FreeBSD. There was discussion of making this generate ZFS based images as well, making it mesh very well with my talk the next day. Notes (https://docs.google.com/document/d/1LceXj8IWJeTRHp9KzOYy8tpM00Fzt7fSN0Gw83B9COE/edit#heading=h.incfzi6bnzxr) Brooks Davis presented his work on an API design for a replacement for mmap. It started with a history of address space management in the BSD family of operating systems going all the way back to the beginning. This overview of the feature and how it evolved filled in many gaps for me, and showed why the newer work would be beneficial. The motivation for the work includes further extensions to support the CHERI hardware platform. Notes (https://docs.google.com/document/d/1LceXj8IWJeTRHp9KzOYy8tpM00Fzt7fSN0Gw83B9COE/edit#heading=h.incfzi6bnzxr) Johannes M Dieterich gave an interesting presentation about using FreeBSD and GPU acceleration for high performance computing. One of the slides showed that amd64 has taken almost the entire market for the top 500 super computers, and that linux dominates the list, with only a few remaining non-linux systems. Sadly, at the supercomputing conference the next week, it was announced that linux has achieved 100% saturation of the top 500 super computers list. Johannes detailed the available tools, what ports are missing, what changes should be made to the base system (mostly OpenMP), and generally what FreeBSD needs to do to become a player in the supercomputer OS market. Johannes' perspective is interesting, as he is a computational chemist, not a computer scientist. Those interested in improving the numerical libraries and GPU acceleration frameworks on FreeBSD should join the ports team. Notes (https://docs.google.com/document/d/1uaJiqtPk8WetST6_GnQwIV49bj790qx7ToY2BHC9zO4/edit#heading=h.nvsz1n6w3gyq) The final talk of the day was Peter Grehan, who spoke about how graphics support in bhyve came to be. He provided a history of how the feature evolved, and where it stands today. Notes (https://docs.google.com/document/d/1LqJQJUwdUwWZ0n5KwCH1vNI8jiWGJlI1j0It3mERN80/edit#heading=h.sgeixwgz7bjs) Afterwards, we traveled as a group to a large restaurant for dinner. There was even Mongolian Vodka, provided by Ganbold Tsagaankhuu of the FreeBSD project. Sunday: The first talk of the day Sunday was mine. I presented “ZFS: Advanced Integration”, mostly talking about how boot environments work, and the new libbe and be(1) tools that my GSoC student Kyle Kneitinger created to manage them. I talked about how they can be used for laptop and developer systems, but also how boot environments can be used to replace nanobsd for appliances (as already done in FreeNAS and pfSense). I also presented about zfsbootcfg (zfs nextboot), and some future extensions to it to make it even more useful in appliance type workloads. I also provided a rundown of new developments out of the ZFS developer summit, two weeks previous. Notes (https://docs.google.com/document/d/1Blh3Dulf0O91A0mwv34UnIgxRZaS_0FU2lZ41KRQoOU/edit#heading=h.gypim387e8hy) Theo de Raadt presented “Mitigations and other real Security Features”, and made his case for changing to a ‘fail closed' mode of interoperability. Computer's cannot actually self heal, so lets stop pretending that they can. Notes (https://docs.google.com/document/d/1fFHzlxJjbHPsV9t_Uh3PXZnXmkapAK5RkJsfaHki7kc/edit#heading=h.192e4lmbl70c) Ruslan Bukin talked about doing the port of FreeBSD for RISC-V and writing the Device Drivers. Ruslan walked through the process step by step, leading members of the audience to suggest he turn it into a developer's handbook article, explaining how to do the initial bringup on new hardware. Ruslan also showed off a FreeBSD/MIPS board he designed himself and had manufactured in China. Notes (https://docs.google.com/document/d/1kRhRr3O3lQ-0dS0kYF0oh_S0_zFufEwrdFjG1QLyk8Y/edit#heading=h.293mameym7w1) Mariusz Zaborski presented Case studies on sandboxing the base system with Capsicum. He discussed the challenges encountered as existing programs are modified to sandbox them, and recent advancements in the debugging tools available during that process. Mariusz also discussed the Casper service at length, including the features that are planned for 2018 and onwards. Notes (https://docs.google.com/document/d/1_0BpAE1jGr94taUlgLfSWlJOYU5II9o7Y3ol0ym1eZQ/edit#heading=h.xm9mh7dh6bay) The final presentation of the day was Mark Johnston on Memory Management Improvements in FreeBSD 12.0. This talk provided a very nice overview of the memory management system in FreeBSD, and then detailed some of the recent improvements. Notes (https://docs.google.com/document/d/1gFQXxsHM66GQGMO4-yoeFRTcmOP4NK_ujVFHIQJi82U/edit#heading=h.uirc9jyyti7w) The conference wrapped up with the Work-in-Progress session, including updates on: multi-device-at-once GELI attach, MP-safe networking on NetBSD, pkgsrc, NetBSD in general, BSD on Microsoft Azure, Mothra (send-pr for bugzilla), BSDMizer a machine learning compiler optimizer, Hyperledger Sawtooth (blockchain), and finally VIMAGE and pf testing on FreeBSD. Notes (https://docs.google.com/document/d/1miHZEPrqrpCTh8JONmUKWDPYUmTuG2lbsVrWDtekvLc/edit#heading=h.orhedpjis5po) Group Photo (https://pbs.twimg.com/media/DOh1txnVoAAFKAa.jpg:large) BSDTW was a great conference. They are still considering if it should be an annual thing, trade off every 2nd year with AsiaBSDCon, or something else. In order to continue, BSD Taiwan requires more organizers and volunteers. They have regular meetups in Taipei if you are interested in getting involved. *** Lumina 1.4.0 released (https://lumina-desktop.org/version-1-4-0-released/) The Lumina Theme Engine (and associated configuration utility) The Lumina theme engine is a new component of the “core” desktop, and provides enhanced theming capabilities for the desktop as well as all Qt5 applications. While it started out life as a fork of the “qt5ct” utility, it quickly grew all sorts of new features and functionality such as system-defined color profiles, modular theme components, and built-in editors/creators for all components. The backend of this engine is a standardized theme plugin for the Qt5 toolkit, so that all Qt5 applications will now present a unified appearance (if the application does not enforce a specific appearance/theme of it's own). Users of the Lumina desktop will automatically have this plugin enabled: no special action is required. Please note that the older desktop theme system for Lumina has been rendered obsolete by the new engine, but a settings-conversion path has already been implemented which should transition your current settings to the new engine the first time you login to Lumina 1.4.0. Custom themes for the older system may not be converted though, but it is trivial to copy/paste any custom stylesheets from the old system into the editor for the new theme engine to register/re-apply them as desired. Lumina-Themes Repository I also want to give a shout-out to the trueos/lumina-themes github repository contributors. All of the wallpapers in the 1.4.0 screenshots I posted come from that package, and they are working on making more wallpapers, color palettes, and desktop styles for use with the Lumina Theme Engine. If your operating system does not currently provide a package for lumina-themes, I highly recommend that you make one as soon as possible! The Lumina PDF Viewer (lumina-pdf) This is a new, stand-alone desktop utility for viewing/printing/presenting PDF documents. It uses the poppler-qt5 library in the backend for rendering the document, but uses multi-threading in many ways (such as to speed up the loading of pages) to give the user a nice, streamlined utility for viewing PDF documents. There is also built-in presentation functionality which allows users to easily cast the document to a separate screen without mucking about in system menus or configuration utilities. Lumina PDF Viewer (1.4.0) Important Packaging Changes One significant change of note for people who are packaging Lumina for their particular operating system is that the minimum supported versions of Qt for Lumina have been changed with this release: lumina-core: Qt 5.4+ lumina-mediaplayer: Qt 5.7+ Everything else: Qt 5.2+ Of course, using the latest version of the Qt5 libraries is always recommended. When packaging for Linux distributions, the theme engine also requires the availability of some of the “-dev” packages for Qt itself when compiling the theme plugin. For additional information (specifically regarding Ubuntu builds), please take a look at a recent ticket on the Lumina repository. + The new lumina-pdf utility requires the availability of the “poppler-qt5” library. The includes for this library on Ubuntu 17.10 were found to be installed outside of the normal include directories, so a special rule for it was added to our OS-Detect file in the Lumina source tree. If your particular operating system also places the the poppler include files in a non-standard place, please patch that file or send us the information and we can add more special rules for your particular OS. Other Changes of Note (in no particular order) lumina-config: Add a new page for changing audio theme (login, logout, low battery) Add option to replace fluxbox with some other WM (with appropriate warnings) Have the “themes” page redirect to launching the Lumina theme engine configuration utility. start-lumina-desktop: Auto-detect the active X11 displays and create a new display for the Lumina session (prevent conflict with prior graphical sessions). Add a process-failure counter & restart mechanism. This is particularly useful for restarting Fluxbox from time to time (such as after any monitor addition/removal) lumina-xconfig: Restart fluxbox after making any monitor changes with xrandr. This ensures a more reliable session. Implement a new 2D monitor layout mechanism. This allows for the placement of monitors anywhere in the X/Y plane, with simplification buttons for auto-tiling the monitors in each dimension based on their current location. Add the ability to save/load monitor profiles. Distinguish between the “default” monitor arrangement and the “current” monitor arrangement. Allow the user to set the current arrangement as the new default. lumina-desktop: Completely revamp the icon loading mechanisms so it should auto-update when the theme changes. Speed up the initialization of the desktop quite a bit. Prevent loading/probing files in the “/net/” path for existence (assume they exist in the interest of providing shortcuts). On FreeBSD, these are special paths that actually pause the calling process in order to mount/load a network share before resuming the process, and can cause significant “hangs” in the desktop process. Add the ability to take a directory as a target for the wallpaper. This will open/probe the directory for any existing image files that it can use as a wallpaper and randomly select one. Remove the popup dialog prompting about system updates, and replace it with new “Restart (with updates)” buttons on the appropriate menus/windows instead. If no wallpapers selection is provided, try to use the “lumina-nature” wallpaper directory as the default, otherwise fall back on the original default wallpaper if the “lumina-themes” package is not installed. lumina-open: Make the *.desktop parsing a bit more flexible regarding quoted strings where there should not be any. If selecting which application to use, only overwrite the user-default app if the option is explicitly selected. lumina-fileinfo: Significant cleanup of this utility. Now it can be reliably used for creating/registering XDG application shortcuts. Add a whole host of new ZFS integrations: If a ZFS dataset is being examined, show all the ZFS properties for that dataset. If the file being examined exists within ZFS snapshots, show all the snapshots of the file lumina-fm: Significant use of additional multi-threading. Makes the loading of directories much faster (particularly ones with image files which need thumbnails) Add detection/warning when running as root user. Also add an option to launch a new instance of lumina-fm as the root user. [FreeBSD/TrueOS] Fix up the detection of the “External Devices” list to also list available devices for the autofs system. Fix up some drag and drop functionality. Expose the creation, extraction, and insertion of files into archives (requires lumina-archiver at runtime) Expand the “Open With” option into a menu of application suggestions in addition to the “Other” option which runs “lumina-open” to find an application. Provide an option to set the desktop wallpaper to the selected image file(s). (If the running desktop session is Lumina). lumina-mediaplayer: Enable the ability to playback local video files. (NOTE: If Qt5 is set to use the gstreamer multimedia backend, make sure you have the “GL” plugin installed for smooth video playback). lumina-archiver: Add CLI flags for auto-archive and auto-extract. This allows for programmatic/scriptable interactions with archives. That is not mentioning all of the little bugfixes, performance tweaks, and more that are also included in this release. *** The strongest KASLR, ever? (https://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever) Re: amd64: kernel aslr support (https://mail-index.netbsd.org/tech-kern/2017/11/14/msg022594.html) So, I did it. Now the kernel sections are split in sub-blocks, and are all randomized independently. See my drawing [1]. What it means in practice, is that Kernel ASLR is much more difficult to defeat: a cache attack will at most allow you to know that a given range is mapped as executable for example, but you don't know which sub-block of .text it is; a kernel pointer leak will at most allow you to reconstruct the layout of one sub-block, but you don't know the layout and address of the remaining blocks, and there can be many. The size and number of these blocks is controlled by the split-by-file parameter in Makefile.amd64. Right now it is set to 2MB, which produces a kernel with ~23 allocatable (ie useful at runtime) sections, which is a third of the total number supported (BTSPACENSEGS = 64). I will probably reduce this parameter a bit in the future, to 1.5MB, or even 1MB. All of that leaves us with about the most advanced KASLR implementation available out there. There are ways to improve it even more, but you'll have to wait a few weeks for that. If you want to try it out you need to make sure you have the latest versions of GENERICKASLR / prekern / bootloader. The instructions are still here, and haven't changed. Initial design As I said in the previous episode, I added in October a Kernel ASLR implementation in NetBSD for 64bit x86 CPUs. This implementation would randomize the location of the kernel in virtual memory as one block: a random VA would be chosen, and the kernel ELF sections would be mapped contiguously starting from there. This design had several drawbacks: one leak, or one successful cache attack, could be enough to reconstruct the layout of the entire kernel and defeat KASLR. NetBSD's new KASLR design significantly improves this situation. New design In the new design, each kernel ELF section is randomized independently. That is to say, the base addresses of .text, .rodata, .data and .bss are not correlated. KASLR is already at this stage more difficult to defeat, since you would need a leak or cache attack on each of the kernel sections in order to reconstruct the in-memory kernel layout. Then, starting from there, several techniques are used to strengthen the implementation even more. Sub-blocks The kernel ELF sections are themselves split in sub-blocks of approximately 1MB. The kernel therefore goes from having: { .text .rodata .data .bss } to having { .text .text.0 .text.1 ... .text.i .rodata .rodata.0 ... .rodata.j ... .data ...etc } As of today, this produces a kernel with ~33 sections, each of which is mapped at a random address and in a random order. This implies that there can be dozens of .text segments. Therefore, even if you are able to conduct a cache attack and determine that a given range of memory is mapped as executable, you don't know which sub-block of .text it is. If you manage to obtain a kernel pointer via a leak, you can at most guess the address of the section it finds itself in, but you don't know the layout of the remaining 32 sections. In other words, defeating this KASLR implementation is much more complicated than in the initial design. Higher entropy Each section is put in a 2MB-sized physical memory chunk. Given that the sections are 1MB in size, this leaves half of the 2MB chunk unused. Once in control, the prekern shifts the section within the chunk using a random offset, aligned to the ELF alignment constraint. This offset has a maximum value of 1MB, so that once shifted the section still resides in its initial 2MB chunk: The prekern then maps these 2MB physical chunks at random virtual addresses; but addresses aligned to 2MB. For example, the two sections in Fig. A will be mapped at two distinct VAs: There is a reason the sections are shifted in memory: it offers higher entropy. If we consider a .text.i section with a 64byte ELF alignment constraint, and give a look at the number of possibilities for the location of the section in memory: The prekern shifts the 1MB section in its 2MB chunk, with an offset aligned to 64 bytes. So there are (2MB-1MB)/(64B)=214 possibilities for the offset. Then, the prekern uses a 2MB-sized 2MB-aligned range of VA, chosen in a 2GB window. So there are (2GB-2MB)/(2MB)=210-1 possibilities for the VA. Therefore, there are 214x(210-1)˜224 possible locations for the section. As a comparison with other systems: OS # of possibilities Linux 2^6 MacOS 2^8 Windows 2^13 NetBSD 2^24 Of course, we are talking about one .text.i section here; the sections that will be mapped afterwards will have fewer location possibilities because some slots will be already occupied. However, this does not alter the fact that the resulting entropy is still higher than that of the other implementations. Note also that several sections have an alignment constraint smaller than 64 bytes, and that in such cases the entropy is even higher. Large pages There is also a reason we chose to use 2MB-aligned 2MB-sized ranges of VAs: when the kernel is in control and initializes itself, it can now use large pages to map the physical 2MB chunks. This greatly improves memory access performance at the CPU level. Countermeasures against TLB cache attacks With the memory shift explained above, randomness is therefore enforced at both the physical and virtual levels: the address of the first page of a section does not equal the address of the section itself anymore. It has, as a side effect, an interesting property: it can mostly mitigate TLB cache attacks. Such attacks operate at the virtual-page level; they will allow you to know that a given large page is mapped as executable, but you don't know where exactly within that page the section actually begins. Strong? This KASLR implementation, which splits the kernel in dozens of sub-blocks, randomizes them independently, while at the same time allowing for higher entropy in a way that offers large page support and some countermeasures against TLB cache attacks, appears to be the most advanced KASLR implementation available publicly as of today. Feel free to prove me wrong, I would be happy to know! WIP Even if it is in a functional state, this implementation is still a work in progress, and some of the issues mentioned in the previous blog post haven't been addressed yet. But feel free to test it and report any issue you encounter. Instructions on how to use this implementation can still be found in the previous blog post, and haven't changed since. See you in the next episode! News Roundup GhostBSD 11.1 Finally Ready and Available! (http://www.ghostbsd.org/11.1_release_announcement) Screenshots (https://imgur.com/a/Mu8xk) After a year of development, testing, debugging and working on our software package repository, we are pleased to announce the release of GhostBSD 11.1 is now available on 64-bit(amd64) architecture with MATE and XFCE Desktop on direct and torrent download. With 11.1 we drop 32-bit i386 supports, and we currently maintain our software packages repository for more stability. What's new on GhostBSD 11.1 GhostBSD software repository Support VMware Workstation Guest Features New UFS full disk mirroring option on the installer New UFS full disk MBR and GPT option on the installer New UFS full disk swap size option on the installer Whisker Menu as default Application menu on XFCE All software developed by GhostBSD is now getting updated ZFS configuration for disk What has been fixed on 11.1? Fix XFCE sound plugin Installer ZFS configuration file setting Installer ZFS setup appears to be incomplete The installer was not listing ZFS disk correctly. The installer The partition list was not deleted when pressing back XFCE and MATE shutdown/suspend/hibernate randomly missing Clicking 'GhostBSD Bugs' item in the Main menu -> 'System Tools' brings up 'Server not found' page XFCE installation - incorrect keyboard layout Locale setting not filling correctly Update Station tray icon The image checksum's, hybrid ISO(DVD, USB) images are available at GhostBSD (http://www.ghostbsd.org/download). *** p2k17 Hackathon Reports p2k17 Hackathon Report: Matthias Kilian on xpdf, haskell, and more (https://undeadly.org/cgi?action=article;sid=20171107034258) p2k17 Hackathon Report: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress) (https://undeadly.org/cgi?action=article;sid=20171107185122) p2k17 Hackathon Report: Paul Irofti (pirofti@) on hotplugd(8), math ports, xhci(4) and other kernel advancements (https://undeadly.org/cgi?action=article;sid=20171107225258) p2k17 Hackathon report: Jeremy Evans on ruby progress, postgresql and webdriver work (https://undeadly.org/cgi?action=article;sid=20171108072117) p2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext (https://undeadly.org/cgi?action=article;sid=20171109171447) p2k17 Hackathon report: Sebastian Reitenbach on Puppet progress (https://undeadly.org/cgi?action=article;sid=20171110124645) p2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs (https://undeadly.org/cgi?action=article;sid=20171110124656) p2k17 Hackathon Report: Landry Breuil on Mozilla things and much more (https://undeadly.org/cgi?action=article;sid=20171113091807) p2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more (https://undeadly.org/cgi?action=article;sid=20171113235334) p2k17 Hackathon report: Antoine Jacoutot on ports+packages progress (https://undeadly.org/cgi?action=article;sid=20171120075903) *** TrueOS Talks Tech and Open Source at Pellissippi State (https://www.trueos.org/blog/trueos-talks-tech-open-source-pellissippi-state/) Ken Moore of the TrueOS project presented a talk to the AITP group at Pellissippi State today entitled “It's A Unix(-like) system? An Introduction to TrueOS and Open source”. Joshua Smith of the TrueOS project was also in attendance. We were happy to see a good attendance of about 40 individuals that came to hear more about TrueOS and how we continue to innovate along with the FreeBSD project. Many good questions were raised about development, snapshots, cryptocurrency, and cyber-security. We've included a copy of the slides if you'd like to have a look at the talk on open source. We'd like to offer a sincere thanks to everyone who attended and offer an extended invitation for you to join us at our KnoxBUG group on October 30th @ the iXsystems offices! We hope to see you soon! Open Source Talk – Slideshare PDF (https://web.trueos.org/wp-content/uploads/2017/10/Open-Source-Talk.pdf) KnoxBug - Lumina Rising : Challenging Desktop Orthodoxy (http://knoxbug.org/content/octobers-talk-available-youtube) Ken gave his talk about the new Lumina 2.0 Window Manager that he gave at Ohio LinuxFest 2017 KnoxBUG October 2017 (https://youtu.be/w3ZrqxLTnIU) (OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy (https://www.slideshare.net/beanpole135/olf-2017-lumina-rising-challenging-desktop-orthodoxy) *** Official OpenBSD 6.2 CD set - the only one to be made! (https://undeadly.org/cgi?action=article;sid=20171118190325) Our dear friend Bob Beck (beck@) writes: So, again this release the tradition of making Theo do art has continued! Up for sale by auction to the highest bidder on Ebay is the only OpenBSD 6.2 CD set to be produced. The case and CD's feature the 6.2 artwork, custom drawn and signed by Theo. All proceeds to support OpenBSD Go have a look at the auction As with previous OpenBSD auctions, if you are not the successful bidder, we would like to encourage you to donate the equivalent of you highest bid to the project. The Auction (https://www.ebay.ca/itm/Official-OpenBSD-6-2-CD-Set/253265944606) *** Beastie Bits HAMMER2 userspace on Linux (http://lists.dragonflybsd.org/pipermail/users/2017-October/313646.html) OpenBSD Porting Workshop (now changed to January 3, 2018) (http://www.nycbug.org/index.cgi?action=view&id=10655) Matt Ahrens on when Native Encryption for ZFS will land (https://twitter.com/mahrens1/status/921204908094775296) The first successful build of OpenBSD base system (http://nanxiao.me/en/the-first-successful-build-of-openbsd-base-system/) KnoxBug November Meeting (https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/245291204/) Absolute FreeBSD, 3rd Edition, pre-orders available (https://www.michaelwlucas.com/os/af3e) Feedback/Questions Jon - Jails and Networking (http://dpaste.com/2BEW0HB#wrap) Nathan - bhyve Provisioning (http://dpaste.com/1GHSYJS#wrap) Lian - OpenSSL jumping the Shark (http://dpaste.com/18P8D8C#wrap) Kim - Suggestions (http://dpaste.com/1VE0K9E#wrap) ***