Staying safe in the cloud

•

0 gostou•1,214 visualizações

Oleg Podsechin

My talk on security at the Estonia Cloud Meetup.

Internet Tecnologia Negócios

define: security
● availability
○ no access
● reliability
○ data loss
● privacy
○ data leak

Availability
● Pingdom
● Where’s it Up?
● StatusPage.io
○ status.myservice.com: ~ 10%
● Hosting & Infrastructure
○ CDNs like CloudFlare - test with Blitz etc.
○ DaaS like AWS RDS, MongoHQ etc.
○ deployment, e.g. NPM
○ third party JS, tag management e.g. GTM
○ DDOS with botnets, HTTPX

Reliability
● Funding or lack thereof, business model
○ or corporate strategy, think Google Reader, G+
● PEBKAC
○ Google Docs, Yammer
● API availability ~ data backup an option
○ programmableweb.com
○ Kimono
● Backupify, Import2

Privacy
● Third party JS, GA has 20M accounts
○ BuiltWith
● Retargeting cookies
● Email/IP to user info on social media
○ Rapleaf, Rapportive
○ Intercom
○ FOAF
● FastMail, Minerva Fabric
○ PGP

Attack Vectors
● Social engineering, war driving, sniping,
drones?
○ Apple Amazon hack
● Rootkits, keyloggers
○ Vodafone Greece example (pre NSA)
● Packet sniffing, port scanning
● 0 day exploits, exploit marketplaces
○ WebGL, Java, Rails, OpenSSL/Heartbleed
● DNS, SSL intercept
○ compromised rootcerts
○ Arab Spring example

Attack Vectors
● Infrastructure providers
○ HDDs reused
○ Internal sniffing, e.g. MongoDB
○ OSS clients libs not audited, Nodetime example
● Phishing mails
● Cross site attacks: XSS, CSRF
● Malicious extensions: e.g. Window Resizer
● OAuth, third party app access
○ ~60% use Google for login
● etc. etc.

Countermeasures
● Encrypted laptop drives
● Secure passwords
○ LastPass or PwdHash
● Two Factor Authentication 2FA
○ Not enforced by most
● Suspicious activity detection
● Access logs
○ per user audit trail?

Preemption
● Security audits
● “Honeypots”
● Production/Staging divide
● Bug bounty programs

Politics: NSA, etc.
● Hosting outside of US by a non-US legal
entity is a competitive advantage
○ e.g. Upcloud, younited
○ caveat: traffic goes via Sweden
● How many SaaS companies from Estonia?
○ Sportlyzer
○ Weekdone
○ GoWorkaBit
○ InventoryAPI

Shadow IT
● Bring Your Own Device (BYOD)
● Bring Your Own Service (BYOS)
● Most companies don’t know what software
their employees use
○ … and don’t want to know
● Shared accounts
○ Bitium, Meldium

Case Study: StartHQ
● first contact:
○ password reset mails
○ access log monitoring
○ break in
○ disable /admin
○ apply fix
● two weeks later:
○ second break in
○ mail sent to all @starthq.com
○ apply second fix, more attempts, no more breakins

Trade-offs
● Self Reliance vs. Reliability
○ Self host MongoDB or go with MongoHQ
○ Speed and time to market critical
● Security vs. Convenience?

Reality
● Everyone gets hacked
○ Atlassian story
● Users largely don’t care
● Case in point: StartHQ extension
○ see video

Resources
Security Engineering by Ross Anderson
Light Blue Touchpaper blog

Resources
OWASP Top 10 Project
Homakov blog

Mais conteúdo relacionado

Semelhante a Staying safe in the cloud

Pen Testing Development

CTruncer

When thinking of modern attacks, the web browser is still one of the top delivery vehicles. Whether it’s displaying an email or facilitating a link-redirection or merely serving a web page, browsers aid in the attack process. Despite their popularity, many companies focus their efforts defending the operating system, inspecting the network or attempting to keep up with threats through delivered feeds. In order for any tool to gain adoption, it not only has to be useful, but also needs to easily fit into a user’s workflow. Using native browser interfaces, we’ve created a set of open source browser extensions that not only detect malicious activity, but block it entirely. More importantly, this functionality is delivered in a one-click package and doesn’t require any technical knowledge in order to successfully function. Users are able to take advantage of hosted repositories of data or run their own data node and updates are automatic. This presentation will introduce the browser extension details, highlight how they function and inform users how they could take advantage of this functionality in their organization. No security solution is perfect, but bringing blocking capabilities to the browser without requiring any user change guarantees even the least technical of users can be protected. Originally developed with non-profit and smaller businesses in mind, these security browser extensions can bring peace of mind to any size organization, free of charge.

Blockade.io : One Click Browser Defense

RiskIQ, Inc.

App Security and Securing App

Andreas Schranzhofer

Security .NET.pdf

Abhi Jain

A Tester's Life

Bertold Kolics

As a hacker and engineer I've been interested in identity and privacy since the dawn of the Internet and the online services it's enabled. For the past year I've been helping to build and open source The @ Platform, which inverts the usual model by giving everybody (and every thing) their own place to store data and control who (and what) has access to it. This talk will give an overview of the platform and its underlying protocol, and illustrate how it can be used to build privacy preserving apps and Internet connected things. It will also cover how the platform can be self hosted on devices like the Raspberry Pi, and how people can get involved in the open source community growing around it.

EMFcamp2022 - What if apps logged into you, instead of you logging into apps?

Chris Swan

Internet Privacy

Girindro Pringgo Digdo

Unmasking miscreants

Brandon Levene

AWS Big Data Demystified #4 data governance demystified [security, networ...

Omid Vahdaty

Django on app engine

benpotato

Privacy preserving machine learning

Michał Kuźba

Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,

Sigma Software

22S kickoff 2.0 (kickoff + anonymity talk)

UTD Computer Security Group

access-control-week-2

jemtallon

Do you have the answers to your client's security questions? Do you know what questions you should be asking your clients to assess their security risk? During this session we’ll walk through how to have the “security conversation” with your clients, build a team and a process that gives you the confidence to take on larger and more complex projects which bring in additional revenue. Your reputation as an agency (and your client’s business) rely on a safe and secure site. By knowing the common pitfalls you can help navigate the treacherous waters of web security and lead your team to success and happy clients along the way.

Simplifying Security: Protecting Your Clients and Your Company

Drew Gorton

How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)

Nick Malcolm

A session by Pratik Jagdishwala on the best practices while securing your WordPress Powered website. The session was help in the Ctrl+F5 event organised by ResellerClub in cities across the country. The Presentation also includes tips on improving your WordPress powered website speed and performance. The concepts can be applied on WordPress or any other CMS powered website and even normal Websites.

ResellerClub Ctrl+F5 - WordPress Security session

Pratik Jagdishwala

With 50,000 employees and more than a billion users, security and privacy are of critical importance to the Internet giant, Google. Two years ago, they set out with the goal of improving authentication through stronger security, increasing user satisfaction and lowering support costs. In that time, Google deployed FIDO Certified ® security keys. A detailed analysis by this data-driven company has demonstrated clear confirmation of how well FIDO’s approach is suited to making stronger, simpler authentication for employees and consumers.

Google Case Study: Strong Authentication for Employees and Consumers

FIDO Alliance

OSINT for Proactive Defense - RootConf 2019

RedHunt Labs

OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...

MikeLeszcz

Semelhante a Staying safe in the cloud (20)

Pen Testing Development

Blockade.io : One Click Browser Defense

App Security and Securing App

Security .NET.pdf

A Tester's Life

EMFcamp2022 - What if apps logged into you, instead of you logging into apps?

Internet Privacy

Unmasking miscreants

AWS Big Data Demystified #4 data governance demystified [security, networ...

Django on app engine

Privacy preserving machine learning

Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,

22S kickoff 2.0 (kickoff + anonymity talk)

access-control-week-2

Simplifying Security: Protecting Your Clients and Your Company

How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)

ResellerClub Ctrl+F5 - WordPress Security session

Google Case Study: Strong Authentication for Employees and Consumers

OSINT for Proactive Defense - RootConf 2019

OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...

Mais de Oleg Podsechin

Why SaaS (in Helsinki)?

Oleg Podsechin

Tips from angular js users anonymous

Oleg Podsechin

Lean and mean MongoDB

Oleg Podsechin

JS everywhere 2011

Oleg Podsechin

What every developer can learn from startups

Oleg Podsechin

Node has captured the attention of early adopters by clearly differentiating itself as being asynchronous from the ground up while remaining accessible. Now that server side JavaScript is at the cutting edge of the asynchronous, real time web, it is in a much better position to establish itself as the go to language for also making synchronous, CRUD webapps and gain a stronger foothold on the server. This talk covers the current state of server side JavaScript beyond Node. It introduces Common Node, a synchronous CommonJS compatibility layer using node-fibers which bridges the gap between the different platforms. We look into Common Node's internals, compare its performance to that of other implementations such as RingoJS and go through some ideal use cases.

Server side JavaScript: going all the way

Oleg Podsechin

Current State of Server Side JavaScript

Oleg Podsechin

On Platforms

Oleg Podsechin

Common Node

Oleg Podsechin

The future of server side JavaScript

Oleg Podsechin

RingoJS

Oleg Podsechin

Grid and Cloud Computing Intro

Oleg Podsechin

Mais de Oleg Podsechin (12)

Why SaaS (in Helsinki)?

Tips from angular js users anonymous

Lean and mean MongoDB

JS everywhere 2011

What every developer can learn from startups

Server side JavaScript: going all the way

Current State of Server Side JavaScript

On Platforms

Common Node

The future of server side JavaScript

RingoJS

Grid and Cloud Computing Intro

Último

➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts Service Booking Contact Details :- WhatsApp Chat :- +91-7737669865 Call Girls In Model Towh +91-7737669865 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in NCR 24 Hours Available Service Call Girls, Contact Us +91-7737669865 (Any Time. Any Where) Call Girls in , India,Sexy Indian Female Escorts Service NCRWelcome To Escorts Service – An All Over New Very Sexy Hot Call Girls Agency Service Escorts In South NCR’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At #K09 Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —7737669865 We are available 24*7 all days of the year. Call us — 7737669865 Thank you for Visiting.

➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...

nirzagarg

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available

Seo

VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...

SUHANI PANDEY

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service

Delhi Call girls

Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...

roncy bisnoi

pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf

JOHNBEBONYAP1

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...

APNIC

Call Girl Pune Indira Call Now: 8250077686 Pune Escorts Booking Contact Details WhatsApp Chat: +91-8250077686 Pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertainin. Plus they look fabulously elegant; making an impressionable. Independent Escorts Pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...

tanu pandey

Trump Diapers Over Dems t shirts Sweatshirt

rahman018755

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha Thakur Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...

SUHANI PANDEY

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

tanu pandey

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

Matthew Sinclair

Call Girl In Delhi ☎92055#41914 ¶¶ Indian,Russian Best Quality full Educated And Full Cooperative Independent Call Girls Escort Services In New Delhi- I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels in Delhi. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency Indian Russian Call Girls In Delhi Booking Good High Profile Escorts (Call Girls) In Delhi 5 Star Hotel ,Incall Service,OutCall Service, We provide services by Call Girls,College Girls,Modals Get High Profile queens,Well Educated,Good Looking,Full Cooperative Model, Russian Models,Punjabi Girls Kashmeri Girls Services etc… We Provide Hottest Female With Safe And Consensual With Most Limits Respected Complete Satisfaction Guaranteed…Service. Call Me Spacial For Including Incall//outcall Service In New Delhi Indian Russian Escorts Service

Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...

Delhi Call girls

VIP Model Call Girls Hadapsar ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...

singhpriety023

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 8005736733 Nargish Khan Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...

SUHANI PANDEY

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf

Matthew Sinclair

💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋 Booking Contact Details :- WhatsApp Chat :- +91-9352852248 If you're looking for India Call girls you've come to the right place. You'll find some of the most beautiful call girls in our location with. These ladies have pleasing personalities, hot figures, and a passion for physical pleasure. Call girls in India Lucknow Many men have booked them for their erotic and soul-mixing performances, which are sure to leave you with unforgettable memories. #K09 Escort Service India is available in the city for men and women of all ages. They can satisfy your sexual needs and will make your experience even more enjoyable and memorable. Whether you're looking for a blow-job, stripping, lovemaking, or other dirty acts, you'll be able to find a match for your tastes and budget. These highly trained professionals will help you have an unforgettable night. One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —9352852248 We are available 24*7 all days of the year. Call us — 9352852248 Thank you for Visiting.

💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋

nirzagarg

APNIC Updates presented by Paul Wilson at ARIN 53

APNIC

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445 Why you Choose Us- +91-6378878445 Bangalore Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . (L030524]k)

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445

ruhi

Staying safe in the cloud

1. Staying Safe in the Cloud

2. /whois me

3. helsinkijs.org

6. define: security ● availability ○ no access ● reliability ○ data loss ● privacy ○ data leak

7. Availability ● Pingdom ● Where’s it Up? ● StatusPage.io ○ status.myservice.com: ~ 10% ● Hosting & Infrastructure ○ CDNs like CloudFlare - test with Blitz etc. ○ DaaS like AWS RDS, MongoHQ etc. ○ deployment, e.g. NPM ○ third party JS, tag management e.g. GTM ○ DDOS with botnets, HTTPX

9. Reliability ● Funding or lack thereof, business model ○ or corporate strategy, think Google Reader, G+ ● PEBKAC ○ Google Docs, Yammer ● API availability ~ data backup an option ○ programmableweb.com ○ Kimono ● Backupify, Import2

10. Privacy ● Third party JS, GA has 20M accounts ○ BuiltWith ● Retargeting cookies ● Email/IP to user info on social media ○ Rapleaf, Rapportive ○ Intercom ○ FOAF ● FastMail, Minerva Fabric ○ PGP

11. Attack Vectors ● Social engineering, war driving, sniping, drones? ○ Apple Amazon hack ● Rootkits, keyloggers ○ Vodafone Greece example (pre NSA) ● Packet sniffing, port scanning ● 0 day exploits, exploit marketplaces ○ WebGL, Java, Rails, OpenSSL/Heartbleed ● DNS, SSL intercept ○ compromised rootcerts ○ Arab Spring example

12.

13.

14.

15.

16. Attack Vectors ● Infrastructure providers ○ HDDs reused ○ Internal sniffing, e.g. MongoDB ○ OSS clients libs not audited, Nodetime example ● Phishing mails ● Cross site attacks: XSS, CSRF ● Malicious extensions: e.g. Window Resizer ● OAuth, third party app access ○ ~60% use Google for login ● etc. etc.

17.

18.

19. Countermeasures ● Encrypted laptop drives ● Secure passwords ○ LastPass or PwdHash ● Two Factor Authentication 2FA ○ Not enforced by most ● Suspicious activity detection ● Access logs ○ per user audit trail?

20. Preemption ● Security audits ● “Honeypots” ● Production/Staging divide ● Bug bounty programs

21.

22. Politics: NSA, etc. ● Hosting outside of US by a non-US legal entity is a competitive advantage ○ e.g. Upcloud, younited ○ caveat: traffic goes via Sweden ● How many SaaS companies from Estonia? ○ Sportlyzer ○ Weekdone ○ GoWorkaBit ○ InventoryAPI

23.

24. Shadow IT ● Bring Your Own Device (BYOD) ● Bring Your Own Service (BYOS) ● Most companies don’t know what software their employees use ○ … and don’t want to know ● Shared accounts ○ Bitium, Meldium

25.

26. Case Study: StartHQ ● first contact: ○ password reset mails ○ access log monitoring ○ break in ○ disable /admin ○ apply fix ● two weeks later: ○ second break in ○ mail sent to all @starthq.com ○ apply second fix, more attempts, no more breakins

27. Case Study: Buffer

28. Trade-offs ● Self Reliance vs. Reliability ○ Self host MongoDB or go with MongoHQ ○ Speed and time to market critical ● Security vs. Convenience?

29. Reality ● Everyone gets hacked ○ Atlassian story ● Users largely don’t care ● Case in point: StartHQ extension ○ see video

30. Resources Security Engineering by Ross Anderson Light Blue Touchpaper blog

31. Resources Chaos Computer Club TV

32. Resources OWASP Top 10 Project Homakov blog

33. Thank you! @olegpodsechin

Staying safe in the cloud

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Staying safe in the cloud

Semelhante a Staying safe in the cloud (20)

Mais de Oleg Podsechin

Mais de Oleg Podsechin (12)

Último

Último (20)

Staying safe in the cloud