Next Page: 10000

          PGA Championship 2018: Hackers hold golf tournament computers for bitcoin ransom      Cache   Translate Page   Web Page Cache   
Hackers warned PGA staff that any attempt to break the encryption would lead to the complete loss of all files
          小城的数学浪漫:探秘密码学专业会议 TPMPC 2018      Cache   Translate Page   Web Page Cache   

江湖上总流传着盖世神功武林秘籍的传说,言之确凿,然见者颇少,一见不得了,譬如《30 天入门九阳神功》,《21 天精通九阴白骨爪》,此等教程实属罕物,睹之不易,遑论据而拥之,若侥幸习得一二,已属佼佼,转瞬跻身武林大佬。江湖更有甚者,机缘巧合得大师弥留之 paper,譬如《10 年浅谈乾坤大挪移》,《深入理解少林易筋经体系结构》、《1 秒钟入定,手把手教你辟邪剑谱》,《当我们在谈论降龙十八掌时我们在谈论什么》,论文加持,顶级算法开窍开天辟地,难题迎刃而解。

一直以来,江湖中血雨腥风的故事大多跟争抢这些电子书有关,赢者仿似开挂,获少林武学研究院等 paper 而制霸中原武林工程学术界,此非独物,区块链江湖里也流传着不少,其中最酷的一样当属密码学无疑,密码学领域不少 paper 似有相同功效。昔时华之山论剑武功绝,今日区块链当问密码学。

近日 AlphaWallet 就有一篇重磅 paper 诞生,虽不似前述诸绝之伟岸功效,但也可谓区块链之震撼大作,诞生在如何的背景之下?在讲些什么?和密码学的关系是什么?解决了什么问题?可以用来做什么?今天 CTO 韡武先从他的视角带你走马观花,看看今年的密码学会议 TPMPC 2018。而在下一期,我们会正式为大家带来这篇江湖秘籍,AlphaWallet 最新的 Paper 《Attestation on Ethereum》!

01

问剑密码学的会议一般都很神祕,就是没多少人知道,没多少人去,去了没多少人听得懂,但是其密码学成果却是江湖里流传的算法神功秘籍,可能有深远影响。给外行有种像是共济会讨论改造世界。关于区块链,熟悉密码学圈子的人应该都知道这个现象,就是密码学家们完全不谈区块链。区块链是密码学应用和分区计算领域的跨领域成果,现在分布式计算专家很多都改称区块链专家了,密码学还是很本色。TPMPC 就是这样一个密码学会议,今年的 2018 年会在丹麦小城 Århus 举行,我试着带大家一起来探秘这个密码学专业会议了。

02

我住处在 Århus 大学对街。早上 9 点起来全无车声、人声,只有鸟叫。这是因为我在 Århus。Århus 去哥本哈根 3 小时路程,全城仅 27 万居民。这也算城吗?我自问。到这个小城,我用的是渡船。东道主丹麦密码学专家 Tore 是我们的顾问,在港口接我。“你没有坐水上飞机来呀?”他说。原来小国有小国的好处,这里的 CTO 出行坐水上飞机,直接在哥本哈根的河道里起降,一下飞机就在 CBD,价格一两百欧元,省下的时间却不止这个价。“可是 Google Map 上没提供这个信息呀”,我笑着说。

03

这座城没有一个摩天大楼,只有一个博物馆算是有意思的建筑。清泉小楼,乏善可陈。然而此时正有 50 多位密码学家共聚此地,因为这是一个一般麻瓜不知道的朝圣之地——全世界最高水平(按论文算)的 MPC——多方安全计算——研究就诞生在这里。

04

多方安全计算是美籍华人姚期智在我所生的那一年 1982 年创建的领域。他提出了一个在不保密的环境下保持秘密的计算方法,靠它获得了图灵奖。姚期智虽然移居清华,他开创的多方安全计算这个领域却定都在 Århus。完成这项使命转化的是 Ivan Damgård 教授,一位白发而精力充沛的教授,行业界的一个传奇人物,生于斯长于斯的丹麦人,也是这场会议的主持人。姚期智在清华现在主要做复杂系统,研究&ldquo 与 NP”这样的问题,但是不忘他的密码学遗产,仍然促成清华跟 Århus 合资建立了研究中心。

Aarhus University © Zairon, Wikimedia Commons, License CC-BY-SA-3.0

05

我住在一个胚胎人工培养专家家里。他给我解释了他的工作,我没听懂。我于是给他解释我此行的目的,到西方取经,这“经”是多方安全计算的一些成果,在很多在区块链场景中,尤其是钱包中,很重要。我先试着给他讲了区块链是如何解决“可信”的问题,而“保密”的问题却悬而末决,需要结合 MPC 才能解决很多应用场景。他听完后表示懂得跟我懂的人胚胎知识差不多。

于是我换了个讲法:“比如说苹果在做 ApplePay,如果美国政府想要用户的支付数据,苹果公司对用户和政府两面都不敢得罪怎么办?如果使用 MPC,苹果就可以说:我们其实自己也不知道。”胚胎专家表示说他懂了。

唉,为了能讲懂,只好讲的不准确。其实我刚才的例子不合适,因为苹果服务器要处理支付的结算环节,不知道是不可能的,用了 MPC 也没用。但是像我们做区块链钱包的,结算由区块链做,我们 AlphaWallet 却是可以用 MPC 保护用户的。现在所有的手机以太坊钱包厂商都知道其用户的以太币地址(可以卖给空投商用,相当于韭菜肥料),而我们出于保护用户,不知道我们用户的以太币地址。这种前提下还要往上做功能,需要的正是 MPC 这种特别魔法。

Aarhus University © Villy Fink Isaksen, Wikimedia Commons, License cc-by-sa-3.0

06

熟悉密码学圈子的人应该都知道这个现象,就是密码学家们不谈区块链。区块链是密码学应用和分区计算领域(加游戏理论)的跨领域成果,现在分布式计算专家很多都改称区块链专家了,密码学还是很本色,跟区块链划清界线。一个月前密码学家 Helger Lipmaa 被指是中本聪,他不客气的说他不可能是中本聪,“因为中本聪不是密码学家嘛”——这个掌故可以反映密码学圈的态度。

洁零知识证明,尤其是非交互的简洁零知识证明,既是区块链未来的核心技术,又是目前密码学的重头。这个领域里这些年研究成果倍出,但是领域里的学者都不太喜欢基于零知识证明设计的 ZCash。我遇到一位零知识理论研究专家,一个坚持要求我用法语叫他名字的十分聪明的青年。他对 ZCash 受媒体暴光很不满意:“先知被当成了神”,他说,“ZKSnark 又不是他们 ZCash 发明的。”

07

在工程圈也有不少人参与会议。各大公司的基础技术研发中心都有代表,包括阿里巴巴。一位家喻户晓的国际品牌荷兰研发中心的代表说,韡武,原来你是搞区块链的,我们一天倒晚反对区块链,都快累死了。我说:你的领域如果跟区块链没关系,为什么需要特别地“反对”它呢?我就不反对胚胎人工培养,跟我没关系嘛。他说,现在各公司的管理层风气是这样的,基础技术研究部门不研究区块链会被问责的,这样重要的技术趋势你们都不研究,公司如何在前沿?所以我们必须额外花力气来反对它。我们光是不做区块链是不够的,得出材料论证我们为什么不做区块链,我听了哭笑不得。

08

我在席间问了几个密码学家,说为什么密码学家不喜欢区块链。总的来说,密码学家觉得区块链是密码学的“不好的”应用,炒币很荒唐,公链搞无政府主义很无聊。传统上密码学的发展跟政府需求是密切相关的,Diffie-Hellman 密钥交换协议不知道免去了多少间谍送命,欢迎比特币的无政府主义思想在密码学界并不吃香。有些密码学技术,比如 IBE(Identity Based Encryption)是基于一个极强中心(知道所有人密钥)假设下发展的(今天讲到一个没有这种假设的 IBE,有意思)。那好的应用是什么呢?有位丹麦密码学博士出来说其实你说区块链不好,但是国家做的也不好,现在丹麦政府给公民发的密匙自己都有一份备份,就没有不可抵赖性了。礼失求诸野,政府不好好用密码学,民间先做区块链有什么错呢?


          General Dynamics Improves Enterprise Device Management with Release of GEM One R1.1      Cache   Translate Page   Web Page Cache   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" style="background:#f6f6f6!important">  <head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">    <meta name="viewport" content="width=device-width">    <title>PRNJ Push Email - Headlines</title>    <style>@font-face{font-family:Montserrat;font-style:normal;font-weight:400;src:local('Montserrat Regular'),local('Montserrat-Regular'),url(https://fonts.gstatic.com/s/montserrat/v10/SKK6Nusyv8QPNMtI4j9J2wsYbbCjybiHxArTLjt7FRU.woff2) format('woff2');unicode-range:U+0102-0103,U+1EA0-1EF9,U+20AB}@font-face{font-family:Montserrat;font-style:normal;font-weight:400;src:local('Montserrat Regular'),local('Montserrat-Regular'),url(https://fonts.gstatic.com/s/montserrat/v10/gFXtEMCp1m_YzxsBpKl68gsYbbCjybiHxArTLjt7FRU.woff2) format('woff2');unicode-range:U+0100-024F,U+1E00-1EFF,U+20A0-20AB,U+20AD-20CF,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Montserrat;font-style:normal;font-weight:400;src:local('Montserrat Regular'),local('Montserrat-Regular'),url(https://fonts.gstatic.com/s/montserrat/v10/zhcz-_WihjSQC0oHJ9TCYAzyDMXhdD8sAj6OAJTFsBI.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215}@font-face{font-family:Montserrat;font-style:normal;font-weight:500;src:local('Montserrat Medium'),local('Montserrat-Medium'),url(https://fonts.gstatic.com/s/montserrat/v10/BYPM-GE291ZjIXBWrtCweiyNCiQPWMSUbZmR9GEZ2io.woff2) format('woff2');unicode-range:U+0102-0103,U+1EA0-1EF9,U+20AB}@font-face{font-family:Montserrat;font-style:normal;font-weight:500;src:local('Montserrat Medium'),local('Montserrat-Medium'),url(https://fonts.gstatic.com/s/montserrat/v10/BYPM-GE291ZjIXBWrtCwevfgCb1svrO3-Ym-Rpjvnho.woff2) format('woff2');unicode-range:U+0100-024F,U+1E00-1EFF,U+20A0-20AB,U+20AD-20CF,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Montserrat;font-style:normal;font-weight:500;src:local('Montserrat Medium'),local('Montserrat-Medium'),url(https://fonts.gstatic.com/s/montserrat/v10/BYPM-GE291ZjIXBWrtCweteM9fzAXBk846EtUMhet0E.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215}@font-face{font-family:Montserrat;font-style:normal;font-weight:600;src:local('Montserrat SemiBold'),local('Montserrat-SemiBold'),url(https://fonts.gstatic.com/s/montserrat/v10/q2OIMsAtXEkOulLQVdSl053YFo3oYz9Qj7-_6Ux-KkY.woff2) format('woff2');unicode-range:U+0102-0103,U+1EA0-1EF9,U+20AB}@font-face{font-family:Montserrat;font-style:normal;font-weight:600;src:local('Montserrat SemiBold'),local('Montserrat-SemiBold'),url(https://fonts.gstatic.com/s/montserrat/v10/q2OIMsAtXEkOulLQVdSl02tASdhiysHpWmctaYEsrdw.woff2) format('woff2');unicode-range:U+0100-024F,U+1E00-1EFF,U+20A0-20AB,U+20AD-20CF,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Montserrat;font-style:normal;font-weight:600;src:local('Montserrat SemiBold'),local('Montserrat-SemiBold'),url(https://fonts.gstatic.com/s/montserrat/v10/q2OIMsAtXEkOulLQVdSl03XcDWh-RbO457623Zi1kyw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215}@font-face{font-family:Montserrat;font-style:italic;font-weight:400;src:local('Montserrat Italic'),local('Montserrat-Italic'),url(https://fonts.gstatic.com/s/montserrat/v10/-iqwlckIhsmvkx0N6rwPmvgrLsWo7Jk1KvZser0olKY.woff2) format('woff2');unicode-range:U+0102-0103,U+1EA0-1EF9,U+20AB}@font-face{font-family:Montserrat;font-style:italic;font-weight:400;src:local('Montserrat Italic'),local('Montserrat-Italic'),url(https://fonts.gstatic.com/s/montserrat/v10/-iqwlckIhsmvkx0N6rwPmojoYw3YTyktCCer_ilOlhE.woff2) format('woff2');unicode-range:U+0100-024F,U+1E00-1EFF,U+20A0-20AB,U+20AD-20CF,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Montserrat;font-style:italic;font-weight:400;src:local('Montserrat Italic'),local('Montserrat-Italic'),url(https://fonts.gstatic.com/s/montserrat/v10/-iqwlckIhsmvkx0N6rwPmhampu5_7CjHW5spxoeN3Vs.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215}@font-face{font-family:Montserrat;font-style:italic;font-weight:500;src:local('Montserrat Medium Italic'),local('Montserrat-MediumItalic'),url(https://fonts.gstatic.com/s/montserrat/v10/zhwB3-BAdyKDf0geWr9FtxZpeM_Zh6uJFYM6sEJ7jls.woff2) format('woff2');unicode-range:U+0102-0103,U+1EA0-1EF9,U+20AB}@font-face{font-family:Montserrat;font-style:italic;font-weight:500;src:local('Montserrat Medium Italic'),local('Montserrat-MediumItalic'),url(https://fonts.gstatic.com/s/montserrat/v10/zhwB3-BAdyKDf0geWr9Ft_zIndX4RYN5BhIaIFu8k_A.woff2) format('woff2');unicode-range:U+0100-024F,U+1E00-1EFF,U+20A0-20AB,U+20AD-20CF,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Montserrat;font-style:italic;font-weight:500;src:local('Montserrat Medium Italic'),local('Montserrat-MediumItalic'),url(https://fonts.gstatic.com/s/montserrat/v10/zhwB3-BAdyKDf0geWr9Ft9CODO6R-QMzjsZRstdx6VU.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215}@font-face{font-family:Montserrat;font-style:italic;font-weight:600;src:local('Montserrat SemiBold Italic'),local('Montserrat-SemiBoldItalic'),url(https://fonts.gstatic.com/s/montserrat/v10/zhwB3-BAdyKDf0geWr9Ft8gif8LsIGoxiaDHvDrXzKs.woff2) format('woff2');unicode-range:U+0102-0103,U+1EA0-1EF9,U+20AB}@font-face{font-family:Montserrat;font-style:italic;font-weight:600;src:local('Montserrat SemiBold Italic'),local('Montserrat-SemiBoldItalic'),url(https://fonts.gstatic.com/s/montserrat/v10/zhwB3-BAdyKDf0geWr9Ft34iWgrNFAiT-cwBwpMBdno.woff2) format('woff2');unicode-range:U+0100-024F,U+1E00-1EFF,U+20A0-20AB,U+20AD-20CF,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Montserrat;font-style:italic;font-weight:600;src:local('Montserrat SemiBold Italic'),local('Montserrat-SemiBoldItalic'),url(https://fonts.gstatic.com/s/montserrat/v10/zhwB3-BAdyKDf0geWr9Ft93uLUHnU24AL_1IdxwhTqs.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215}@media only screen{html{min-height:100%;background:#f3f3f3}}@media only screen and (max-width:630px){table.body img{width:auto;height:auto}table.body center{min-width:0!important}table.body .container{width:95%!important}table.body .columns{height:auto!important;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box;padding-left:30px!important;padding-right:30px!important}table.body .columns .columns{padding-left:0!important;padding-right:0!important}th.small-12{display:inline-block!important;width:100%!important}.columns th.small-12{display:block!important;width:100%!important}table.menu{width:100%!important}table.menu td,table.menu th{width:auto!important;display:inline-block!important}table.menu[align=center]{width:auto!important}}</style>  </head>  <body style="-moz-box-sizing:border-box;-ms-text-size-adjust:100%;-webkit-box-sizing:border-box;-webkit-text-size-adjust:100%;Margin:0;background:#f6f6f6!important;box-sizing:border-box;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;min-width:100%;padding:0;text-align:left;width:100%!important">          <span class="preheader" style="color:#f3f3f3;display:none!important;font-size:1px;line-height:1px;max-height:0;max-width:0;mso-hide:all!important;opacity:0;overflow:hidden;visibility:hidden"></span>  <table class="body" style="Margin:0;background:#f6f6f6!important;border-collapse:collapse;border-spacing:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;height:100%;line-height:1.3;margin:0;padding:0;text-align:left;vertical-align:top;width:100%">  <tr style="padding:0;text-align:left;vertical-align:top">    <td class="center" align="center" valign="top" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:1.3;margin:0;padding:0;text-align:left;vertical-align:top;word-wrap:break-word"> <center data-parsed="" style="min-width:600px;width:100%"><!--[if mso]><style type="text/css">body, table, table.body, h1, h2, h3, h4, h5, h6, p, td, th, a { font-family: 'Montserrat', Arial, sans-serif!important;}</style><![endif]--><table align="center" class="container float-center" style="Margin:0 auto;background:#fefefe;border-collapse:collapse;border-spacing:0;float:none;margin:0 auto;padding:0;text-align:center;vertical-align:top;width:600px"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:1.3;margin:0;padding:0;text-align:left;vertical-align:top;word-wrap:break-word"> <table class="row no-background" style="background:#f6f6f6;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left"><table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="24px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:24px;font-weight:400;hyphens:auto;line-height:24px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table> <p class="text-center view-in-browser" style="Margin:0;Margin-bottom:10px;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;margin-bottom:0;padding:0;text-align:center"><small style="color:#cacaca;font-size:80%"><a href='http://email.prnewswire.com/wf/click?upn=z3qiKnBCpunqdJkRppsiEbSmnibeutBGHu9PCpp0b6U4Q4ZotzjXnIzJXOhYxAYUp-2B-2BLOdkiWhNpO0Hwur0XLiAIw77hLqxRci-2BdhA5sluLPwwX7sja6mldprpUyPbJ8LWhonRIPFckMx-2F3-2BhYeyiGx0-2F3qawyn5EcRTGocCYWih8H-2BaC1jd32suPODjX2LZvpTPDNWwtFMCqtuXVCoOcg-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWqErYNGnIlOIb1NMWl98BfLC0GQC2dcgSFfFsS2PETmQla-2FIKp7qPHqYNJ4oLH3YFobaf4grSo7J5jM1-2BwziCW7QiCA7fr1Z0EI0JaP7pHmscX0J1TEfjERxgxYz-2Fgt-2BbejYvspD9XDuS-2Bvj6ICoefw-3D-3D'style='Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none'>View in Browser</a></small> </p> </th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th>  </tr></tbody></table><table class="row sub-header"style="background:#00837E;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr  style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left"><table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="16px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:16px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table>  <h4 class="text-center" style="-moz-hyphens:none;-webkit-hyphens:none;Margin:0;Margin-bottom:10px;color:#fff;font-family:Montserrat,Arial,sans-serif;font-size:18px;font-weight:400;hyphens:none;line-height:22px;margin:0;margin-bottom:10px;padding:0;text-align:center;text-transform:uppercase;word-break:none;word-wrap:normal">News From General Dynamics Mission Systems</h4><h5 class="text-center" style="-moz-hyphens:none;-webkit-hyphens:none;Margin:0;Margin-bottom:10px;color:#fff;font-family:Montserrat,Arial,sans-serif;font-size:14px;font-weight:500;hyphens:none;line-height:18px;margin:0;margin-bottom:0;padding:0;text-align:center;word-break:none;word-wrap:normal">Transmitted by PR Newswire for Journalists on <span class="prevent-break" style="display:inline-block">August 09, 2018 09:00 AM EST </span></h5></th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th></tr></tbody></table><table class="row header" style="background:#e5f2f3;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:0;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left">                <table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="24px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:24px;font-weight:400;hyphens:auto;line-height:24px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table>               <h1 style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:20px;font-weight:500;line-height:28px;margin:0;margin-bottom:0;padding:0;text-align:left;word-wrap:normal">General Dynamics Improves Enterprise Device Management with Release of GEM One R1.1</h1> <table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="24px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:24px;font-weight:400;hyphens:auto;line-height:24px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table> </th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th>              </tr></tbody></table> <table class="row content" style="background:#fff;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left"> <table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="24px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:24px;font-weight:400;hyphens:auto;line-height:24px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table><p class="sub-headline" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:14px;font-weight:500;line-height:20px;margin:0;margin-bottom:16px;padding:0;text-align:left"><strong>Situational awareness through visualization.</strong><p><span class="xn-location">FAIRFAX, Va.</span>, <span class="xn-chron">Aug. 9, 2018</span> /PRNewswire/ --<b>&nbsp;</b>General Dynamics Mission Systems has released <a href="http://email.prnewswire.com/wf/click?upn=Ga2Uazj4xWUc06Nd0K6Y22XdGHDEO4wW7iFh2CIqBc-2Buk5oZkNZ-2FlY4Dj-2FnnxQZfPbh1v4ZUC0rtJBjWGtFVc3CXqHTcJlOLMyq7magQgdImHHq3KLBZbcTpJONs7NuZMS3eUxDBUS-2BUs3L8poRMnw-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWjpZxJFCm6Dl-2FGphxOFF1tFlf-2Fd-2BikAROF8bT3lp45Gm5CQSeU9RoK7qDy3MAHSzy5VRy0LZtqP7RgH4alTQdzscC0OR1L5AEYtdiSQTBdmimBH6spTnJL9OYRxrLWlFZPoGFuBHU-2FM62QTFYZyhEKQ-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">GEM<sup><span>™</span></sup> One R1.1</a>, an enterprise-level remote encryptor manager, that will allow customers to visualize and manage a network of dispersed encryption devices across the enterprise from anywhere in the network, monitoring its health, status and connectivity. This release centers on improving visualization and usability through network topology, and dashboard and human factors design. It also allows users to quickly and easily recognize critical device status, and decrease reaction time and decision cycles. The R1.1 release further expands the robust feature set, usability and devices supported by GEM One.&nbsp; </p>
   <p>GEM One R1.1 enhancements include:</p><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th></tr></tbody></table><table class="row content" style="background:#fff;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left"><center data-parsed="" style="min-width:510px;width:100%"><img src="https://mma.prnewswire.com/media/81320/general_dynamics_logo.jpg#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" alt="" align="center" class="float-center" style="-ms-interpolation-mode:bicubic;Margin:0 auto;clear:both;display:block;float:none;margin:0 auto;max-width:100%;outline:0;text-align:center;text-decoration:none;width:auto"></center></th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th></tr></tbody></table><table class="row content" style="background:#fff;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left">
   <ul type="disc">
    <li>Support for the <a href="http://email.prnewswire.com/wf/click?upn=Ga2Uazj4xWUc06Nd0K6Y22XdGHDEO4wW7iFh2CIqBc-2Buk5oZkNZ-2FlY4Dj-2FnnxQZfvTqPLvJ2syxG1QBimv6QsSHljFimlV6OZgpaxc-2BfqXwFFJRHQWQJGdna-2FscI78nFGD-2B-2FANj2wmeojAXAt063Cw-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW-2BptNj0E3eS6GYjprjqZ4S47Wzre4bNxRtCWJEs57gzL9qmZo0pQGrZPVmVfMgYw3EpgBhC1MjjgxKgSUVY0itNg6pIC-2FckGCeCR8sKwSamNoQ-2F5SUm-2FSLYz-2Bjj29CHJm2xOJUQu-2FKN0lRLt7DX1pLg-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">Sectéra<sup>®</sup> vIPer<sup>™</sup> Universal Secure Phone</a>, easing configuration, deployment and lifecycle management of a dispersed network of vIPer phones. </li>
    <li>GEM X-Porter simplifies and streamlines the upgrade from GEM X to GEM One by extracting and porting GEM X data into GEM One. </li>
    <li>Plug-in Management provides easier, timely management of new <a href="http://email.prnewswire.com/wf/click?upn=Ga2Uazj4xWUc06Nd0K6Y22XdGHDEO4wW7iFh2CIqBc8TTtv0xvNWClxPrEwwbW-2FmAAiIeTzTIAr59EWVR992fR1l0Fy7kEqORq0ewMSOmdQ-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWRvo-2FwcXFeQPsfstDyKoq50antNB6ny19p-2FqS8Q8Jr31p78xPonmmyliXo1P7045-2BTAKudMA-2Fok3UQZRkzu8iave36MixBekRnlBCQzr7PbH7DJWGjjiiuFGB3BhhKnOapFgWbbDQHFoTH0SLAfeD7w-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">TACLANE<sup>®</sup></a> and vIPer encryption devices or software releases. It also eliminates the need to update GEM software when updating End Cryptographic Unit (ECU) product software. </li>
    <li>Device License Management eases administration of optional software, and allows for viewing, allocating and revoking <a href="http://email.prnewswire.com/wf/click?upn=Ga2Uazj4xWUc06Nd0K6Y22XdGHDEO4wW7iFh2CIqBc-2BB1S4jC2sSMC4klpwN6W6cTZjDoopaXPDvFENmdHmDuIg6HP5m413Olh-2BkXzsn-2BPuMvSNPhmzi-2B8aJj7Ix45Q9juHHDbuoFfVVubu3CD9SIJhfihcXj1qPBTMncb9JlxsS8Blmo16TXfIXgb6ODCLjMI6sF4yYLdZfvSyV6YdBinTbKBAcq2sZo6-2F3uvghGAA-2BRAOVNzWgUT8TSATiaFPCS8eC5BtM-2BnsxXG183PCS-2Ft2LUxMmDqe4XdKiVHsSi-2BIfq77g-2Bla5upAsIMo2abu1qaqRQ-2FUWcgpIZhhgksdMXWYy50osVL7mnZGL6GMYKHg0NaQ4FtM2lk2NtYifZH-2BfzQdbDPSp93DJe5PnFGbq4kMZIfAAlTAKJ1pSFSn8tkH7XrcVNdmth8I0vtThW-2BjxVUxCWN19l3JmIp-2FIsZ3gVq6NQqGIfX32o8pVrf-2FpqB1cVOnes2xYGSdiXvzMzzqHZoSgw6EU8k1AIs-2FlH1sI6A-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWFO25nzcpccxyHD-2FZ8zB1LCMCXIq4wA9hsXG2x5uWssTDR831nxS9tsEKJzA6sC-2BV2TqrJbrCGkYL969HaTyBtqIOcITuxKhGKpOhoXgKc2-2FdzObDgg7zxOkeSAuKd2iuk3b-2F8l7-2Begw-2FGedCEjH-2FVA-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">Agile Virtual Local Area Network (VLAN)</a> and <a href="http://email.prnewswire.com/wf/click?upn=Ga2Uazj4xWUc06Nd0K6Y22XdGHDEO4wW7iFh2CIqBc-2Buk5oZkNZ-2FlY4Dj-2FnnxQZfuPlvPx-2FHvi7ES6Q8dyLNAVtItZMPCC3OSKBlHF75TByHX21aVk0j6Sz1e1FfmyMMBVf8emvfHYq2XNIjDxcjJxsON3NUY8Yo5h3uiQmXXh4-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWApzVdLBSvdY8q54IBiNyz3ODTnzxnd8RZnGCvXorsjJS-2Fm-2FHtbVYpJPstr-2FwYbL-2Bd4I-2Bk3yCGFT5w0PZyWtJSALSM8c04qW4uCeIgIX6ueyegp9udWlZdhOxhalXtL8PkHy5BYeGBXl9r4COCp3Eew-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">TACLANE&nbsp;Trusted Sensor Software</a> licenses. </li>
    <li>Integrates TACLANE Trusted Sensor Software Manager to ease rule compilation, management and deployment, as well as improved alerts.</li>
   </ul>
   <p>General Dynamics Mission Systems is a business unit of General Dynamics (NYSE: GD). For more information about General Dynamics Mission Systems, please visit <a href="http://email.prnewswire.com/wf/click?upn=Ga2Uazj4xWUc06Nd0K6Y22XdGHDEO4wW7iFh2CIqBc-2BhMtn8-2B-2F8sP5PUSMpoIItf_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWNT990WwxY7Uy-2BZZxmhn0-2FCpCTL9d-2BgVLxvVtUgC1ch2FWkhYgzkjn-2Fm45JpyyF18VALraHxpc5wORYhs36oE8jq9magmu4f2aK4UtY01Rhvo-2B7aLP1HN71uIiapaXr4rECv4IODsQQ3kC8F9JE5-2FxQ-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">gdmissionsystems.com</a> and follow us on Twitter <a href="http://email.prnewswire.com/wf/click?upn=ZrWzD7t39xxz74k8LtTHCDomBjD-2F-2B1vgpdOwcEZc0Y0-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWrsmrMMRKmcU7HiqtfoENzLcFeEugV6jRql44tqvdICEFzbq7UM-2BfOzgYH-2F6SR3HPMcd2-2BOf1x9i3-2FY3BCvqUtUxTIZsNiCNym6zM35BihddW-2BQim4FNQyBWoJaAyt01s9gjzaO-2FRRyd0tdkG7QpqdQ-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" rel="nofollow#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" target="_blank">@GDMS</a>. </p> 
   <p>&nbsp;</p> 
   
   <p>SOURCE General Dynamics Mission Systems</p>CONTACT: Jennifer Montesano, mediainfo@gd-ms.com<p style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:14px;font-weight:400;line-height:28px;margin:0;margin-bottom:16px;padding:0;text-align:left">Web Site: <a href='http://email.prnewswire.com/wf/click?upn=zvnTWB59Yr9Q6jdB259Nvhuu1z9UoVcAXMpGg-2FE4fHJqLTJEBvUD3AxapE-2FnUZKE_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWnTxq-2FOtBtPXwkEVjSYLk-2BT4eRv9TVqaPirp9f3Ho0biO5yaBfjC8aErlB5dbBgAqBzP6RpAUcGO7jFTO-2BDJmhZY9l-2FAPLA8f4ZbpxzVRi7YPCL-2Fn7O8eC2tnBQSeyQKKElPqG0MXOhqX3fpyzgLwGw-3D-3D' style='Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none'>http://gdmissionsystems.com</a></p><table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="8px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:8px;font-weight:400;hyphens:auto;line-height:8px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table> <table class="button medium expand" style="Margin:0 0 16px 0;border-collapse:collapse;border-spacing:0;margin:0 0 16px 0;padding:0;text-align:left;vertical-align:top;width:100%!important"><tr style="padding:0;text-align:left;vertical-align:top"><td style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:1.3;margin:0;padding:0;text-align:left;vertical-align:top;word-wrap:break-word"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><td style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;background:#00607F;border:2px solid #00607F;border-collapse:collapse!important;color:#fefefe;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:1.3;margin:0;padding:0;text-align:left;vertical-align:top;word-wrap:break-word"><center data-parsed="" style="min-width:0;width:100%"><a href='http://email.prnewswire.com/wf/click?upn=z3qiKnBCpunqdJkRppsiEbSmnibeutBGHu9PCpp0b6U4Q4ZotzjXnIzJXOhYxAYUp-2B-2BLOdkiWhNpO0Hwur0XLiAIw77hLqxRci-2BdhA5sluLPwwX7sja6mldprpUyPbJ8LWhonRIPFckMx-2F3-2BhYeyiGx0-2F3qawyn5EcRTGocCYWih8H-2BaC1jd32suPODjX2LZvpTPDNWwtFMCqtuXVCoOcg-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWykh4CqTjZzpjSjRnulxjYRrrOlhv-2Fgw3usoV9N-2BoIbnv9pIjjzAR4lzXWMjwkG525-2FVyoahLgp4OSXYO2mEI-2Bm9jvyCCx7pe9U-2FDzz5qUj5pI2ACPiL4iGj53BP770GScETlJiS-2BR4ToyuN724JqpA-3D-3D'align="center" class="float-center" style="Margin:0;border:0 solid #00607F;border-radius:5px;color:#fefefe;display:inline-block;font-family:Montserrat,Arial,sans-serif;font-size:14px;font-weight:500;line-height:1.3;margin:0;padding:8px 16px 8px 16px;padding-left:0;padding-right:0;text-align:center;text-decoration:none;text-transform:uppercase;width:100%">View in Browser</a></center></td></tr></table></td><td class="expander" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:1.3;margin:0;padding:0!important;text-align:left;vertical-align:top;visibility:hidden;width:0;word-wrap:break-word"></td></tr></table> </th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th></tr></tbody></table><table class="row sub-footer" style="background:#e5f2f3;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left"><table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="24px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:24px;font-weight:400;hyphens:auto;line-height:24px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table> <h4 class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:500;line-height:1.3;margin:0;margin-bottom:10px;padding:0;text-align:center;word-wrap:normal">Tech</h4><h5 class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:14px;font-weight:400;line-height:1.3;margin:0;margin-bottom:10px;padding:0;text-align:center;word-wrap:normal"><strong>Username:</strong> aronschatz | <a href="http://email.prnewswire.com/wf/click?upn=z3qiKnBCpunqdJkRppsiEbSmnibeutBGHu9PCpp0b6W-2FoNI0ROearmohKp42569WC64-2FSpdy8Fo3nCX4s3fhCFq-2FttXRiT9oD9muRlENXOn7XeMspKjmOZLHDgA1mW9Y_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWNlF9RUo8TzCbQ7Am5gWKa4gVQD-2B403weiXITTddglsrB64GJG8thY4mtQni2BCvzWQULYChmpACmxBw-2BzGITuDG9mjzpSCslpN5ChXG-2FyDnRMKrZ8VYx4IVSHE-2BvrmM0uiUU278PNe3utp0T1wZs7w-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none">edit profile</a></h5></th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th></tr></tbody></table>              <table class="row footer" style="background:#f6f6f6;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top">                <th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left">                  <table class="spacer" style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="24px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:24px;font-weight:400;hyphens:auto;line-height:24px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    <strong style="font-weight:250!important">                      Copyright &copy; PR Newswire Association LLC. All Rights Reserved.                    </strong>                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    <strong style="font-weight:250!important">                      A Cision company.                    </strong>                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    350 Hudson Street, Suite 300 New York, NY 10014-4504                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    <a href="http://email.prnewswire.com/wf/click?upn=TwIh0OIjG8BOSB67uKqqj527Ndmd47su-2BVNkeMqZLyk-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW1Sr2GdWSFnd4l1y3ujI18A3sbgIuEfOQhphPmjmIh3oGlVfOdbN1cOCKIF2ymzI0ia-2BJmw1GyHULcGIUq9CZbAKIlubahW1jVKK1dC2a-2BQaxYWkXGPoD7HgT-2Fd8FxLIizTgZX3Qa61PU-2F4mvQS-2BkvA-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none">http://www.prnewswire.com</a>                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    To change the settings for your profile(s), email delivery or unsubscribe go to<br>                    <a href="http://email.prnewswire.com/wf/click?upn=z3qiKnBCpunqdJkRppsiEbSmnibeutBGHu9PCpp0b6W-2FoNI0ROearmohKp42569WxPxLmCJLONMn1VSHyUOtdRl0LgkDpR33F0lynsy9e3o-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW2yZ9bsJ7fqG7IuymDFB5XAGGDf8BnFHvb37OzIRFo9P0QNs8F4FRRkcY9aYTBuPUb0YM9CTDW1QCtLAmYERJPVW098jfZQOx3stejG9yEzkl16P2bQQFAxWj7dVcEDmGoBckquOqNJ7EpaG0HfpqMA-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none">https://prnmedia.prnewswire.com/profile/?action=editProfile</a><br>and select the profile you would like to edit or delete. You can select the industries, subjects, languages, geographical areas, companies, delivery options and delivery frequencies of your choice.                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    In addition to current press releases, you can also find archived news, corporate information, photos, tradeshow news and much more on the PR Newswire for Journalists website:<br><a href="http://email.prnewswire.com/wf/click?upn=z3qiKnBCpunqdJkRppsiEbSmnibeutBGHu9PCpp0b6WyN-2FuRoFWC-2BvU2X16iF3dB_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW7ahDO14y-2BMo2tPga5oLvgsLfNsGWSvDFPXRVjf0NoUtuYJIevbF6tgbsaOihz5x57-2FXW2TWg4k-2FWdj-2F9NPLMSB6rTQzUFJV6ltXItLK3EhqXxjKR9qn4HDP5zBmkVe9uYK2uRky8V8XlXST1aaJxmA-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none">https://prnmedia.prnewswire.com</a>                  <br>                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    To contact us, email: <a href="mailto:mediasite@prnewswire.com" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none">mediasite@prnewswire.com</a>                  </p>                  <p class="text-center" style="Margin:0;Margin-bottom:10px;color:#4D4E53;font-family:Montserrat,Arial,sans-serif;font-size:10px;font-weight:400;line-height:16px;margin:0;margin-bottom:10px;padding:0;text-align:center">                    Please do not reply to this email; this is an automatically generated message.                  </p>                </th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th>              </tr></tbody></table>              <table class="row no-background" style="background:#f6f6f6;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top">                <th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left">                  <center data-parsed="" style="min-width:510px;width:100%">                    <table align="center" class="menu float-center" style="Margin:0 auto;border-collapse:collapse;border-spacing:0;float:none;margin:0 auto;padding:0;text-align:center;vertical-align:top;width:auto!important"><tr style="padding:0;text-align:left;vertical-align:top"><td style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:1.3;margin:0;padding:0;text-align:left;vertical-align:top;word-wrap:break-word"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top">                      <th class="menu-item float-center" style="Margin:0 auto;color:#0a0a0a;float:none;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:10px;padding-right:10px;text-align:center"><a href="http://email.prnewswire.com/wf/click?upn=7VDqtAz2AW-2FeY7XnbvsasQ-2FREeMBG2bqGXdCB4XzZ7DqUZ66ajq2hyxTpb99QH1px3yBpuS-2Bnw-2Fwq19QAjbg6g-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQWDgsqZ8xTxc8XWa11W4a7qMoQcw8TyQE9vlLOzF1LtpoWzS0GOKFO0t4B-2BOTQzEnzCYzEcHakII-2FwVDuVs9WPbjLk9BQEhyipybOPN7aAtesLnwag-2FfH1zCyWPODd5bDUj76ZLpdG6cr8-2F1oDkdCNpg-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none"><img class="social-icon" src="http://content.prnewswire.com/designimages/fa-facebook_2x.jpg" width="18#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" alt="" style="-ms-interpolation-mode:bicubic;border:none;clear:both;display:block;max-width:18px;outline:0;text-decoration:none;width:100%"></a></th>                      <th class="menu-item float-center" style="Margin:0 auto;color:#0a0a0a;float:none;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:10px;padding-right:10px;text-align:center"><a href="http://email.prnewswire.com/wf/click?upn=TwIh0OIjG8BOSB67uKqqj7owuiGA3E3Pj6GpdgAhBSAM-2BLR6wI3HWJ2bn-2BQWA2vhFYfN4C62mtJD6y7fWaJgZw-3D-3D_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW36lCsOLO3FQr9BQaZmvweDwX0-2BlUu184ljPy0HjS6tlmC0J9LkfolLy6D2Lv6-2FyZDQK9wVUYQktaOFbVZ1DpKJeYPkujwKjEtMZVdz9LLgLpOzOkJT1Bq5jLcmo0Qv4JesU430l0j-2FdsFJvld7FS5w-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none"><img class="social-icon" src="http://content.prnewswire.com/designimages/fa-linkedin_2x.jpg" width="18#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" alt="" style="-ms-interpolation-mode:bicubic;border:none;clear:both;display:block;max-width:18px;outline:0;text-decoration:none;width:100%"></a></th>                      <th class="menu-item float-center" style="Margin:0 auto;color:#0a0a0a;float:none;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:10px;padding-right:10px;text-align:center"><a href="http://email.prnewswire.com/wf/click?upn=ZrWzD7t39xxz74k8LtTHCEap5zmBeGj4aIerCi4JjSVYEkHT08LJTSMoU7OUKLCP_q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW5qdp-2BSatK2CglrCPVwTpEerUi4AtXc-2FndUVrZo553haR3Js3OhN6Thd8ZDgVqiKYRzOykgXeMnSYic9Sy5-2BeEAwef6vXMCr0DWlIlz8rralWa-2BVFeEOngyuZJ84BDrbBB0oXNK4qyc4-2FVkBxaMiYvg-3D-3D" style="Margin:0;color:#00607F;font-family:Montserrat,Arial,sans-serif;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left;text-decoration:none"><img class="social-icon" src="http://content.prnewswire.com/designimages/fa-twitter_2x.jpg" width="18#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" alt="" style="-ms-interpolation-mode:bicubic;border:none;clear:both;display:block;max-width:18px;outline:0;text-decoration:none;width:100%"></a></th>                    </tr></table></td></tr></table>                  </center>                </th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th>              </tr></tbody></table>              <table class="row no-background" style="background:#f6f6f6;border-collapse:collapse;border-spacing:0;display:table;padding:0;position:relative;text-align:left;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top">                <th class="small-12 large-12 columns first last" style="Margin:0 auto;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0 auto;padding:0;padding-bottom:16px;padding-left:30px;padding-right:30px;text-align:left;width:570px"><table style="border-collapse:collapse;border-spacing:0;padding:0;text-align:left;vertical-align:top;width:100%"><tr style="padding:0;text-align:left;vertical-align:top"><th style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0;text-align:left">                  <center data-parsed="" style="min-width:510px;width:100%">                    <img class="footer-logo float-center" src="http://content.prnewswire.com/designimages/cision_prn_logo_2x.jpg" width="150#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" alt="" align="center" style="-ms-interpolation-mode:bicubic;Margin:0 auto;clear:both;display:block;float:none;margin:0 auto;max-width:150px;outline:0;text-align:center;text-decoration:none;width:100%">                  </center>                </th><th class="expander" style="Margin:0;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;line-height:1.3;margin:0;padding:0!important;text-align:left;visibility:hidden;width:0"></th></tr></table></th>              </tr></tbody></table>            </td></tr></tbody></table>            <table class="spacer float-center" style="Margin:0 auto;border-collapse:collapse;border-spacing:0;float:none;margin:0 auto;padding:0;text-align:center;vertical-align:top;width:100%"><tbody><tr style="padding:0;text-align:left;vertical-align:top"><td height="16px" style="-moz-hyphens:auto;-webkit-hyphens:auto;Margin:0;border-collapse:collapse!important;color:#0a0a0a;font-family:Montserrat,Arial,sans-serif;font-size:16px;font-weight:400;hyphens:auto;line-height:16px;margin:0;mso-line-height-rule:exactly;padding:0;text-align:left;vertical-align:top;word-wrap:break-word">&#xA0;</td></tr></tbody></table>          </center>        </td>      </tr>    </table>    <!-- prevent Gmail on iOS font size manipulation -->   <div style="display:none;white-space:nowrap;font:15px courier;line-height:0"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </div> 
<img src="http://email.prnewswire.com/wf/open?upn=q1N77mbql2CxsoEfo2fFiZ6dnlev64IGUSa1KT1DDw1MuprZmQ6aap9NY9k0Le75GF1vOlGfjqwTW9j9qq2tX20K30HoBmlxOmitEQoYkeE-2BpeuMZ2dxRWU-2Bmgr5ScCYfckX2adZDR8ZN7lQXbN0anHnj8Yc2U6q4E4CKMNy2T23hUP3biCRUpcz-2FvIRrsQW1hEd9NwtFy4dA0iPrvuhKnhrV8dkBo35ibFsOdcUFiLRW9Z-2Fgf4HBEoEPnboEjWk7lQZDgkpq9IDGi4bOMTAwmBAw0F8Nms-2F7-2Bx38ppU-2BHv9dc3bwEEoUYBlZ36C-2B3gHv4FqdbF4nW8JrozCct5zhA-3D-3D#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"
          IT Support Technician III - Sierra Nevada Corporation - Madison, WI      Cache   Translate Page   Web Page Cache   
Microsoft, Lotus Notes, McAfee Antivirus, PGP encryption, wireless, Citrix, Dell laptops/desktops, and HP Printers....
From Sierra Nevada Corporation - Tue, 19 Jun 2018 17:07:21 GMT - View all Madison, WI jobs
          IT Project Technician - START DATE 10/01 - Smartech & Associates, LP - Ferndale, WA      Cache   Translate Page   Web Page Cache   
Enable McAfee Encryption (Laptop only). SMARTECH is a growing IT service provider connecting certified IT personnel with multiple major clients in the industry....
From Indeed - Thu, 26 Jul 2018 19:41:16 GMT - View all Ferndale, WA jobs
          Update: RememBear: Password Manager (Productivity)      Cache   Translate Page   Web Page Cache   

RememBear: Password Manager 1.1


Device: iOS Universal
Category: Productivity
Price: Free, Version: 1.0.5 -> 1.1 (iTunes)

Description:

The beautiful RememBear app is the easiest way to create, store, and use really strong passwords across your devices and stay safe online. It also stores credit cards for quicker online shopping, and protects sensitive notes with an added layer of security.

Try RememBear Premium free for 1 month! If you fall in love with your Bear, keep things going with an annual subscription.

BENEFITS OF HAVING A BEAR
- Automatic log-ins: RememBear saves you time by auto-filling your login information across your favourite apps and websites.
- Faster online checkouts: Autofill your credit cards when shopping online.
- Never forget a password: Save your passwords in a single place and say goodbye to un‑bear‑able password resets.
- Store sensitive notes: A place for those notes that need an extra layer of security.
- Keep your data safe: All of your logins are stored in an encrypted vault that only you can access.
- Prevent identity theft: Generate strong, unique passwords for your online accounts to prevent getting hacked.
- Access everywhere: Your Bear is synced across all your computers, phones, and tablets.

CONVENIENT FEATURES
- Friendly, approachable design so simple, even a bear could use it!
- Unlock your vault securely with Touch ID or FaceID
- Auto-locking after Bear inactivity
- A single Master Password lets you unlock your vault

A BEAR YOU CAN TRUST
- Independently audited: RememBear security is independently audited by a 3rd party to ensure it meets the highest security standards.
- Privacy by design: Engineered so that you, and only you, can see your sensitive data.
- Serious security: RememBear protects your data with super strong encryption.

PRICING:
Get a 30-day free trial of RememBear Premium when you sign up for the first time. After your trial ends, you’ll be charged for a yearly RememBear subscription.*

If you’re not ready to commit to RememBear Premium, you can cancel anytime and downgrade to RememBear Free which removes cross-device sync, backup, and priority support.

PRIVACY POLICY & TERMS OF USE:
RememBear has a simple, human readable privacy policy and terms of use you can read here:
https://www.remembear.com/privacy-policy
https://www.remembear.com/terms-of-service/

GET IN TOUCH
Is your Bear misbehaving? Do you have feedback for us? Do you have a cool fact about bears to share? Contact our support team by visiting our website https://www.remembear.com/support

* Subscriptions are charged to your iTunes account at the end of your free trial period and auto-renew every year. You can manage your subscription and turn off auto-renew at any time by going to your Settings in your iTunes Account.

What's New

Secure Notes are here! We've trained our Bears to remember notes so you can now store sensitive notes like passport details, your social security number, or an alarm code inside RememBear. There's a brand new Achievement to collect as well!

You can learn more about all the features and uses of Secure Notes on our blog – remembear.com/blog

We also made these improvements to the app...
* Better SBO (Search Bear Optimization) – searching now looks at more fields in your items making it easier to find exactly the item you're looking for
* The "Add New" button in the Safari extension and Bearowser is at the bottom of the list, where you'd expect it
* Bears in grammar school – Notes and Name fields now auto-capitalize where you'd expect
* More detailed login error messages (btw, did you know we have Support Bears standing by to help with any issues – support@remembear.com)
* Improved Autofill field detection to make website logging in faster on more websites

And picked out some bugs...
* The onscreen keyboard now gets out of the way when editing by scrolling down
* Face and Touch ID unlocking continues working after signing out and back in again
* Our resident Font Bear flagged some errant Helvetica text; it has now been changed to San Francisco and all is well again
* RememBear was showing up in the Share Sheet when sharing from Bearowser or sharing achievement, which made no sense. It no longer does
* Fixed a bug where tapping on the screen during account creation could cause the account to be created on our servers but not on the app, preventing you from accessing it
* Locking your iPad while editing or adding an item no longer cancels the edit
* And 256.12% more Bears

RememBear: Password Manager


          CloudBerry Backup 2.5.0.39 - Automated data backup to Amazon S3. (Shareware)      Cache   Translate Page   Web Page Cache   

CloudBerry Backup is automated data backup to Amazon S3 and Windows Azure.

  • Scheduling and real-time cloud backup
  • Comes as a free version, and as a pro version with a one-time fee and no recurring charges.
  • No proprietary data format and you can access your data using other Amazon S3 tools.
  • Supports all Amazon S3 regions and reduced-redundancy storage.
  • Encryption and compression
  • Local backup
  • Incremental and block-level backup
  • Network locations backup

Note: 15-day free trial is available. Price quoted is per-computer.



Version 2.5.0.39:
  • Release notes were unavailable when this listing was updated.


  • OS X 10.8 or later



More information

Download Now
          Prevent Attacks on Computer Security      Cache   Translate Page   Web Page Cache   
Take these actions to prevent attacks on computer security. Article covers laptop issues, encryption, offsite storage, managing a clean desk, computer disposal, and dumpster divers.
          GNOME Development Updates      Cache   Translate Page   Web Page Cache   
  • libgepub + rust

    In 2010 I was working with evince, the gnome PDF document viewer, trying to add some accessibility to PDF files. That was really hard, not because GTK+ or ATK technology but because the PDF format itself. The PDF format is really cool for printing because you know that the piece of paper will look the same as the PDF doc, and because it's vector it scales and don't loose quality and files are smaller than image files, but almost all PDF files have not any metadata for sections, headings, tablets or so, this depends on the creation tool, but it's really hard to deal with PDF content text, because you don't know event if the text that you're reading is really in the same order that you read from the PDF.

    After my fight against the PDF format hell and poppler, I discovered the epub format that's a really simple format for electronic books. An epub is a zip with some XML files describing the book index and every chapter is a xhtml and xhtml is a good format compared to PDF because you can parse easily with any XML lib and the content is tagged and well structured so you know what's a heading, what's a paragraph, etc.

    So I started to write a simple C library to read epub files, thinking about add epub support to evince. That's how libgepub was born. I tried to integrate libgepub in evince, I've something working, rendering with webkit, but nothing really useful, because evince needs pages and it's not easy to split an xhtml file in pages with the same height, because xhtml is continuous text and it adapts to the page width, so I give up and leave this branch.

  • My final report for GSoC 2018

    The Google Summer of Code 2018 is coming to an end for me, so it means that it’s time for the final report!

    [...]

    I’ve created a media (although for now it only works with pictures) viewer for Fractal. Its purpose is to easily have a better view of the images within a room, to be able to zoom in and out of them, to navigate between the different images of the room in the chronological order, to enter in a full screen mode and to save a copy of the media in the filesystem. I made a first implementation and then had to do a lot of other improvements. I’ve spent about a month working on it.

    There is still the need to improve the zoom of the media viewer as the pictures are a little bit blurred and it’s not possible to zoom beyond 100%. There are optimizations to do as the application becomes very slow when trying to zoom beyond 100% on large pictures.

  • GUADEC 2018

    A few weeks ago I attended GUADEC in Almeria, Spain. The travel was a bit of an adventure, because Julian and I went there and back from Italy by train. It was great though, because we had lots of time to hack on Fractal on the train.

    [...]

    On Monday I attended the all-day Librem 5 BoF, together with my colleagues from Purism, and some community members, such as Jordan and Julian from Fractal.

    We talked about apps, particularly the messaging situation and Fractal. We discussed what will be needed in order to split the app, make the UI adaptive, and get end-to-end encryption. Daniel’s work on the database and Julian’s message history refactor are currently laying the groundwork for these.

    On the shell side we talked through the design of various parts of the shell, such as keyboard, notifications, multitasking, and gestures. Though many of those things won’t be implemented in the near future, we have a plan for where we’re going with these, and getting designers and developers in one room was very productive for working out some of the details.

    We also discussed a number of exciting new widgets to make it easier to get GNOME apps to work at smaller sizes, such as a new adaptive preferences window, and a way to allow modal windows to take up the entire screen at small sizes.

read more


          Conseillère, Conseiller sénior - Infrastructure réseau (Télécom) - Energir - Montréal, QC      Cache   Translate Page   Web Page Cache   
Expérience des principes de sécurité, pare-feu, accès distants VPN et techniques d’encryptions et d’authentification (SSH, SSL, Radius, Tacacs, etc.);...
From Energir - Tue, 05 Jun 2018 21:43:19 GMT - View all Montréal, QC jobs
          E729: Founder Richard Craib shares his A.I. hedge fund Numerai, built with an anonymous network of 15,000 (& counting) data scientists, encryption, the blockchain, his own currency to reward collaboration, and a mission to manage the world’s money      Cache   Translate Page   Web Page Cache   
none
          Apparently, WhatsApp Messages Can Be Intercepted And Altered Due To A Security Flaw      Cache   Translate Page   Web Page Cache   
E2EE, WhatsApp messaging, mobile security in Zimbabwe, Security in Zimbabwe

WhatsApp cannot seem to catch a break! With the Indian government breathing down their necks because of recent events involving fake news it is now being reported that due to a security flaw Whatsapp messages can be intercepted and altered.advertisement Encryption is not enough? This flaw was uncovered by Check Point Research –a research firm that […]

The post Apparently, WhatsApp Messages Can Be Intercepted And Altered Due To A Security Flaw appeared first on Techzim.


          GGW #185: CS: GO AWAY      Cache   Translate Page   Web Page Cache   
On this edition of Geek Gamer Weekly we touch on: – Carrier IQ – Full Disk Encryption – Google Shipping – Cop Car Tech – Notch and Minecraft and much much more! Visit us at: http://www.geekgamer.tv Hosts: Chase Nunes, Joseph Falbey, Jon Kessler.  With: Giancarlo Lenzi!   Please visit our sponsors! Minecraft Me Wirecast by […]
          Bluetooth kihangosító autóba SZIVRGYÚJTÓS - Jelenlegi ára: 5 600 Ft      Cache   Translate Page   Web Page Cache   
AAutós kihangosító mobiltelefonokhoz.
- bármely bluetooth-tal rendelkező mobiltelefonnal, okostelefonnal, PDA-val használható
- beépített mikrofon és hangszóró
- egyszerű kialakítású forma, bármely autóban használható.
- szivargyújtó aljzatba kell csatalkoztatni
- 10 méteres hatótáv, bluetooth verzió V2. 0.  
Specifikáció:
1) Bluetooth V2. 0
2) Hatótáv: 10 méter(33 láb)
3) Audió kód: 15 bits resolution, S/N >60dB
4) Frekvencia: 2. 4 GHz-2. 4835 GHz ISM Band
5) Méret: (L) 63mm*(W) 47mm*(H) 58mm
6) Kapcsolódás: Point-to-point
7) Súly: 90g
8) Teljesítmény: 0dBm(class II)
9) Binztonság: 128 bits encryption
10) Fogysztás: 17mA működés közben, 500μ A készenlét
11) Működési hőmérséklet: -10-55 °C
12) Tárolási hőmérséklet: -20-60 °C
Bluetooth kihangosító autóba SZIVRGYÚJTÓS
Jelenlegi ára: 5 600 Ft
Az aukció vége: 2018-08-10 06:50
          Bluetooth kihangosító autóba SZIVRGYÚJTÓS - Jelenlegi ára: 5 600 Ft      Cache   Translate Page   Web Page Cache   
AAutós kihangosító mobiltelefonokhoz.
- bármely bluetooth-tal rendelkező mobiltelefonnal, okostelefonnal, PDA-val használható
- beépített mikrofon és hangszóró
- egyszerű kialakítású forma, bármely autóban használható.
- szivargyújtó aljzatba kell csatalkoztatni
- 10 méteres hatótáv, bluetooth verzió V2. 0.  
Specifikáció:
1) Bluetooth V2. 0
2) Hatótáv: 10 méter(33 láb)
3) Audió kód: 15 bits resolution, S/N >60dB
4) Frekvencia: 2. 4 GHz-2. 4835 GHz ISM Band
5) Méret: (L) 63mm*(W) 47mm*(H) 58mm
6) Kapcsolódás: Point-to-point
7) Súly: 90g
8) Teljesítmény: 0dBm(class II)
9) Binztonság: 128 bits encryption
10) Fogysztás: 17mA működés közben, 500μ A készenlét
11) Működési hőmérséklet: -10-55 °C
12) Tárolási hőmérséklet: -20-60 °C
Bluetooth kihangosító autóba SZIVRGYÚJTÓS
Jelenlegi ára: 5 600 Ft
Az aukció vége: 2018-08-10 06:51
          If for some reason you're still using TKIP crypto on your Wi-Fi, ditch it Lin ...      Cache   Translate Page   Web Page Cache   

It’s been a mildly rough week for Wi-Fi security: hard on the heels ofa WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on linux, Android, and other operating systems.

The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a vulnerable device and its wireless access point and decrypt and snoop on data sent over the air without having to know the Wi-Fi password. wpa_supplicant is used by Linux distributions and Android, and a few others, to configure the Wi-Fi for computers, gadgets, and handhelds.

This key is used in networks that employ EAPOL (Extensible Authentication Protocol over LAN). The good news is that no more than around 20 per cent of wireless networks will be vulnerable, it is estimated, because the attack requires TKIP and WPA2 to be in use and no one should be using TKIP in 2018 .

In this paper [PDF], “Symbolic Execution of Security Protocol Implementations: Handling Cryptographic Primitives," to be presented at the Usenix Workshop on Offensive Technologies symposium next week , Mathy Vanhoef and Frank Piessens of the Katholieke Universiteit Leuven in Belgium, explained how a decryption oracle can be used to perform unauthorized decryption of wireless network traffic. Doing back, er, bit flips

In this Twitter thread , Vanhoef summarized what’s going on: “The problem is that data is decrypted with RC4, and then processed, without its authenticity being checked. So you can flip bits, see how to client reacts, and based on that, recover plaintext.”

And as wpa_supplicant maintainer Jouni Malinen explained in his advisory on Wednesday: “It is possible for an attacker to modify the [EAPOL] frame in a way that makes wpa_supplicant decrypt the key data field without requiring a valid MIC [Message Integrity Code] value in the frame, ie: without the frame being authenticated.”

Malinen added that WPA2 shouldn’t be set up with TKIP as the latter isknown to be weak anyway. However, as Vanhoef noted, there's still people out there using this combination. So, in short, just ensure TKIP is disabled. Malinen added that to recover group encryption keys, a snooper would have to make 128 connection attempts per octet, because an attacker’s bit-flips will make the four-way authentication handshake fail. Not only is this slow, it could crash the access point under attack.

Vanhoef conceded that an attack would be slow to pull off, taking around 20 minutes per byte recovered. “Several clients can be attacked in parallel, but it's still a non-trivial attack. Patch, but don't worry too much,” he said.

Nonetheless, the wpa_supplicant team has taken the bug seriously, and developed a fix that should hopefully or eventually trickle down to netizens. Access points and devices will need an update for networks to be free from the flaw. Malinen said if possible, affected users should just kill off TKIP in their networks.

The wpa_supplicant maintainers have pushed out a hotfix here , and the next version, 2.7, will carry the fix. Vanhoef has a proof-of-concept of his attack over on GitHub .

Sponsored: Following Bottomline’s journey to the Hybrid Cloud


          Hackers found a way to alter sent WhatsApp messages, but don’t freak out just yet      Cache   Translate Page   Web Page Cache   
Facebook’s WhatsApp chat app is one of the most popular messaging applications out there. It’s available on virtually any platform, making possible encrypted chats and voice communication across devices. Unlike Facebook’s Messenger, which has plenty of users of its own, WhatsApp is end-to-end encrypted, just like Apple’s iMessage, which means your chats and calls are secure over WhatsApp. But hackers did find a way to alter sent messages in conversations, a flaw that WhatsApp isn’t going to fix. You shouldn’t worry about it because it might not do any harm. Check Point Software Technologies discovered that, by creating a hacked version of WhatsApp, attackers could change the quoting feature. That’s a way to reply to distinct messages, with the reply including the original quote. The purpose of this attack would be to give someone the impression that someone sent a message that wasn’t actually sent. The company told The New York Times that it “carefully reviewed this issue and it’s the equivalent of altering an email.” WhatsApp says it’s not a flaw, and it won’t fix it. WhatsApp also said it’s working on a way of finding and removing anyone using a fake WhatsApp app. On the other hand, WhatsApp is currently dealing with a wave of criticism regarding the spread of fake news in markets including India and Brazil. But, as long as hackers aren't abusing the quotation hack to spread misinformation, you shouldn't worry about it. Deploying a permanent fix would be possible, but burdensome to the system, which would have to check the authenticity of sent messages. Even worse, the only way to do it is to keep track of all conversations happening on WhatsApp on a server somewhere — and with more than 1.5 billion users, WhatsApp chats would generate a lot of data. Storage isn’t necessarily the problem. But copying all messages would mean disabling end-to-end encryption. That's something we don’t want Facebook to do with WhatsApp. So far, WhatsApp and Check Point did not see anyone abuse the quote hack. Check Point also discovered a hack that would affect group chats. It’s possible sending a message to a specific individual who would think the entire group saw the news, and then respond accordingly would respond accordingly.
          Leaky Amazon S3 Buckets: Challenges, Solutions and Best Practices      Cache   Translate Page   Web Page Cache   

Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Here are five solutions you can use to evaluate the security of data stored in your S3 buckets.

For business professionals, the public cloud is a smorgasbord of micro-service offerings which provide rapid delivery of hardware and software solutions. For security and IT professionals, though, public cloud adoption represents a constant struggle to secure data and prevent unexpected exposure of private and confidential information. Balancing these requirements can be tricky, especially when trying to adhere to your organization’s unique Corporate Information Security Policies and Standards.

Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Industry researchers and analysts most often attribute the root cause of the data loss to misconfigured services, vulnerable applications/tools, wide-open permissions, and / or usage of default credentials.

Recent examples of data leaks from AWS storage buckets include:

Data leakage is only one of the many risks presented by misuse of AWS S3 buckets. For example, attackers could potentially replace legitimate files with malicious ones for purposes of cryptocurrency mining or drive-by attacks.

To make matters worse for organizations (and simpler for hackers), automated tools are available to help find insecure S3 buckets.

How to protect data stored in AWS S3 buckets

Going back to the basics provides the most direct path to protecting your data. Recommended best practices for S3 buckets include always applying the principle of least privileges by using IAM policies and resource-based controls via Bucket Policies and Bucket ACLs.

Another best practice is to define a clear strategy for bucket content by taking the following steps:

  • Creating automated monitoring / audits / fixes of S3 bucket security changes via Cloud Trail, Cloud Watch and Lambda.
  • Creating a bucket lifecycle policy to transfer old data to an archive automatically based on usage patterns and age.
  • When creating new buckets, applying encryption by default via server-side encryption (SSE-S3/SSE-C/SSE-KMS) and / or client-side encryption.
  • Creating an S3 inventory list to automatically report inventory, replication and encryption in an easy to use CSV / ORC format.
  • Testing, testing and testing some more to make sure the controls mentioned above have been implemented effectively and the data is secure.

Here at Tenable, I have researched five additional solutions you can use to evaluate the security of data stored in S3 buckets. These five solutions, when implemented correctly and incorporated into daily operational checklists, can help you quickly assess your organization’s cyber exposure in the public cloud and help you determine next steps for securing your business-critical data.

  • Amazon Macie: Automates data discovery and classification. Uses Artificial Intelligence to classify data files on S3 by leveraging a rules engine that identifies application data, correlates file extensions and predictable data themes, with strong regex matching to determine data type, cloud trail events, errors and basic alerts.
  • Security Monkey: An open source bootstrap solution on github provided by Netflix. This implements monitoring, alerting and an auditable history of Cloud configurations across S3, IAM, Security Groups, Route 53, ELBs and SQS services.
  • Amazon Trusted Advisor: Helps perform multiple other functions apart from identifying insecure buckets.
  • Amazon S3 Inventory Tool: Provides either a CSV or ORC which further aids in auditing the replication and encryption status of objects in S3.
  • Custom S3 bucket scanning solutions: Scripts available on github can be used to scan and check specific S3 buckets. These include kromtech’s S3-Inspector and sa7mon’s S3Scanner. In addition, avineshwar’s slurp clone monitors certstream and enumerates s3 buckets from each domain.

With the business demanding speed and ease of use, we expect to see the continued evolution of applications, systems and infrastructure away from on-premises data centers secured behind highly segregated networks to cloud-based “X-as-a-Service” architectures. The solutions and guidance highlighted above will help you identify security gaps in your environment and bootstrap solutions to automate resolution, alerting and auditing, thereby helping you meet your organization's Corporate Information Security Policies and Standards.

Learn more:


          #168 - Encryption Up and Down the Stack      Cache   Translate Page   Web Page Cache   
Youtube Episode #18 w/Mike Foley
          #173 - Container Encryption      Cache   Translate Page   Web Page Cache   
Virtuozzo
          South America Cloud Encryption Market is projected to grow with a brisk CAGR of XX% during 2018-2024 owing to the increasing applications in BFSI end user.      Cache   Translate Page   Web Page Cache   
(EMAILWIRE.COM, August 10, 2018 ) The report“South America Cloud Encryption Market”:By Component (Solutions and Services); By Service Model (Infrastructure as-a-Service, Software as-a-Service, and Platform as-a-Service); By Organization size (Small& Medium-size enterprise, and Large enterprise);...
          ISC StormCast for Friday, August 10th 2018      Cache   Translate Page   Web Page Cache   
Vulnerabilities in Pacemaker Programmer and Insulin Pumps
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/

          Comment on Skys new EFL deal means more games by Richard Shannon      Cache   Translate Page   Web Page Cache   
From a CS point of view, does the interactive "red button" content have the same encryption as the S*y Sports channels?
          Network Administrator - The Tatitlek Corporation - Arlington, VA      Cache   Translate Page   Web Page Cache   
Have experience with VPN encryption devices, such as Cisco routers, Cisco ASA’s and Nortel Connectivity....
From The Tatitlek Corporation - Sat, 23 Jun 2018 05:47:50 GMT - View all Arlington, VA jobs
          Bluetooth kihangosító autóba SZIVRGYÚJTÓS - Jelenlegi ára: 5 600 Ft      Cache   Translate Page   Web Page Cache   
AAutós kihangosító mobiltelefonokhoz.
- bármely bluetooth-tal rendelkező mobiltelefonnal, okostelefonnal, PDA-val használható
- beépített mikrofon és hangszóró
- egyszerű kialakítású forma, bármely autóban használható.
- szivargyújtó aljzatba kell csatalkoztatni
- 10 méteres hatótáv, bluetooth verzió V2. 0.  
Specifikáció:
1) Bluetooth V2. 0
2) Hatótáv: 10 méter(33 láb)
3) Audió kód: 15 bits resolution, S/N >60dB
4) Frekvencia: 2. 4 GHz-2. 4835 GHz ISM Band
5) Méret: (L) 63mm*(W) 47mm*(H) 58mm
6) Kapcsolódás: Point-to-point
7) Súly: 90g
8) Teljesítmény: 0dBm(class II)
9) Binztonság: 128 bits encryption
10) Fogysztás: 17mA működés közben, 500μ A készenlét
11) Működési hőmérséklet: -10-55 °C
12) Tárolási hőmérséklet: -20-60 °C
Bluetooth kihangosító autóba SZIVRGYÚJTÓS
Jelenlegi ára: 5 600 Ft
Az aukció vége: 2018-08-10 06:57
          MOBILTEL Bluetooth kihangosító autóba SZIVRGYÚJTÓS - Jelenlegi ára: 5 600 Ft      Cache   Translate Page   Web Page Cache   
AAutós kihangosító mobiltelefonokhoz.
- bármely bluetooth-tal rendelkező mobiltelefonnal, okostelefonnal, PDA-val használható
- beépített mikrofon és hangszóró
- egyszerű kialakítású forma, bármely autóban használható.
- szivargyújtó aljzatba kell csatalkoztatni
- 10 méteres hatótáv, bluetooth verzió V2. 0.  
Specifikáció:
1) Bluetooth V2. 0
2) Hatótáv: 10 méter(33 láb)
3) Audió kód: 15 bits resolution, S/N >60dB
4) Frekvencia: 2. 4 GHz-2. 4835 GHz ISM Band
5) Méret: (L) 63mm*(W) 47mm*(H) 58mm
6) Kapcsolódás: Point-to-point
7) Súly: 90g
8) Teljesítmény: 0dBm(class II)
9) Binztonság: 128 bits encryption
10) Fogysztás: 17mA működés közben, 500μ A készenlét
11) Működési hőmérséklet: -10-55 °C
12) Tárolási hőmérséklet: -20-60 °C
MOBILTEL Bluetooth kihangosító autóba SZIVRGYÚJTÓS
Jelenlegi ára: 5 600 Ft
Az aukció vége: 2018-08-10 06:59
          MOBILTEL Bluetooth kihangosító autóba SZIVRGYÚJTÓS - Jelenlegi ára: 5 600 Ft      Cache   Translate Page   Web Page Cache   
AAutós kihangosító mobiltelefonokhoz.
- bármely bluetooth-tal rendelkező mobiltelefonnal, okostelefonnal, PDA-val használható
- beépített mikrofon és hangszóró
- egyszerű kialakítású forma, bármely autóban használható.
- szivargyújtó aljzatba kell csatalkoztatni
- 10 méteres hatótáv, bluetooth verzió V2. 0.  
Specifikáció:
1) Bluetooth V2. 0
2) Hatótáv: 10 méter(33 láb)
3) Audió kód: 15 bits resolution, S/N >60dB
4) Frekvencia: 2. 4 GHz-2. 4835 GHz ISM Band
5) Méret: (L) 63mm*(W) 47mm*(H) 58mm
6) Kapcsolódás: Point-to-point
7) Súly: 90g
8) Teljesítmény: 0dBm(class II)
9) Binztonság: 128 bits encryption
10) Fogysztás: 17mA működés közben, 500μ A készenlét
11) Működési hőmérséklet: -10-55 °C
12) Tárolási hőmérséklet: -20-60 °C
MOBILTEL Bluetooth kihangosító autóba SZIVRGYÚJTÓS
Jelenlegi ára: 5 600 Ft
Az aukció vége: 2018-08-10 07:00
          Bluetooth kihangosító autóba SZIVRGYÚJTÓS - Jelenlegi ára: 5 600 Ft      Cache   Translate Page   Web Page Cache   
AAutós kihangosító mobiltelefonokhoz.
- bármely bluetooth-tal rendelkező mobiltelefonnal, okostelefonnal, PDA-val használható
- beépített mikrofon és hangszóró
- egyszerű kialakítású forma, bármely autóban használható.
- szivargyújtó aljzatba kell csatalkoztatni
- 10 méteres hatótáv, bluetooth verzió V2. 0.  
Specifikáció:
1) Bluetooth V2. 0
2) Hatótáv: 10 méter(33 láb)
3) Audió kód: 15 bits resolution, S/N >60dB
4) Frekvencia: 2. 4 GHz-2. 4835 GHz ISM Band
5) Méret: (L) 63mm*(W) 47mm*(H) 58mm
6) Kapcsolódás: Point-to-point
7) Súly: 90g
8) Teljesítmény: 0dBm(class II)
9) Binztonság: 128 bits encryption
10) Fogysztás: 17mA működés közben, 500μ A készenlét
11) Működési hőmérséklet: -10-55 °C
12) Tárolási hőmérséklet: -20-60 °C
Bluetooth kihangosító autóba SZIVRGYÚJTÓS
Jelenlegi ára: 5 600 Ft
Az aukció vége: 2018-08-10 07:03
          [Free] 2018(Aug) Dumps4cert Microsoft 70-411 Dumps with VCE and PDF Download 101-110      Cache   Translate Page   Web Page Cache   
Dumps4cert.com : Latest Dumps with PDF and VCE Files 2018 Aug Microsoft Official New Released 70-411100% Free Download! 100% Pass Guaranteed! Administering Windows Server 2012 Question No: 101 HOTSPOT – (Topic 2) You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre- shared keys. What should you modify? To answer, select the appropriate object in the answer area. Answer: Explanation: The four types of tunneling protocols used with a VPN/RAS server running on Windows Server 2012 include: Point-to-Point Tunneling Protocol (PPTP): A VPN protocol based on the legacy Point-to- Point protocol used with modems. The PPTP specification does not describeencryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality. Layer 2 Tunneling Protocol (L2TP): Used with IPsec to provide security. L2TP supports either computer certificates or a preshared key as the authentication method for IPsec. IKEv2: IKE is short for Internet Key Exchange, which is a tunneling protocol that uses IPsec Tunnel Mode protocol. The message is encrypted with one of the following protocols by using encryption keys that are generated from the IKEv2 negotiation process. Secure Socket Tunneling Protocol (SSTP): Introduced with Windows Server 2008, which uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls References: http: //en. wikipedia. org/wiki/Point-to-Point_Tunneling_Protocol Question No: 102 DRAG DROP – (Topic 2) You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. All of the VPN servers on your network use Server1 for RADIUS authentication. You create a security group named Group1. You need to configure Network Policy and Access Services (NPAS) to meet the following requirements: -> Ensure that only the members of Group1 can establish a VPN connection to the VPN servers. -> Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later. Which type of policy should you create for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Answer: Question No: 103 – (Topic 2) Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do? Configure a local Group Policy object (GPO)... Read More
          Russian ban on Telegram messenger remains after Supreme Court rejects company’s appeal      Cache   Translate Page   Web Page Cache   
Preview The Appeals Collegium of the Russian Supreme Court has rejected an appeal by the company behind Telegram, upholding an order to block the messenger over its refusal to hand encryption keys over to security services.
Read Full Article at RT.com
          Wifi antenna adapter USB 300mbit - Jelenlegi ára: 11 700 Ft      Cache   Translate Page   Web Page Cache   
A Wifi USB adapter segítségével kapcsolatot hozhat létre vezeték nélküli hálózatokkal. A számítógép USB portjára kell csatlakoztatni. Tartalmazza az IEEE 802. 11b/g/n szabványokat és max. 300Mbit sebességű adatforgalom is elérhető ideális körülmények között.  
Specifikáció:
1) Szabványok: IEEE 802. 11n(draft2. 0), IEEE802. 11g, IEEE802. 11B.
2) Csatlakozás: USB 2. 0/1. 1.
3) Adatsebességek: 802. 11b: 11Mbps , 802. 11g : 54Mbps, 802. 11n: TX: 150Mbps RX: 300Mbps
4) Biztonság: 64/128bit WEP encryption , WPA/WPA2 and WPA-PSK/WPA2-PSK encryptions, Wi-Fi Protected Setup(WPS).
5) Működési frekvenciák: FCC: 2412-2462MHZ(Ch1-Ch11), ETSI: 2412-2472MHZ(Ch1-Ch13)
6) RF frekvenciák: 2412-2462MHz (Észak-Amerika) , 2412-2472MHz (Európa) , 2412-2484 MHz(Japán)
7) Antenna típusa: belső PCN antenna + nagy erejű antenna
8) LED állapot jelző: kapcsolat, forgalom
9) Működési környezet: Működési hőmérséklet: 0°C~ 40°C, Páratartalom: 10%-85% RH
10) Támogatott operációs rendszerek : Windows2000, XP, Vista, Windows7, Linux and MAC OS X
Wifi antenna adapter USB 300mbit
Jelenlegi ára: 11 700 Ft
Az aukció vége: 2018-08-10 06:40
          Wifi antenna adapter USB 300mbit - Jelenlegi ára: 11 700 Ft      Cache   Translate Page   Web Page Cache   
A Wifi USB adapter segítségével kapcsolatot hozhat létre vezeték nélküli hálózatokkal. A számítógép USB portjára kell csatlakoztatni. Tartalmazza az IEEE 802. 11b/g/n szabványokat és max. 300Mbit sebességű adatforgalom is elérhető ideális körülmények között.  
Specifikáció:
1) Szabványok: IEEE 802. 11n(draft2. 0), IEEE802. 11g, IEEE802. 11B.
2) Csatlakozás: USB 2. 0/1. 1.
3) Adatsebességek: 802. 11b: 11Mbps , 802. 11g : 54Mbps, 802. 11n: TX: 150Mbps RX: 300Mbps
4) Biztonság: 64/128bit WEP encryption , WPA/WPA2 and WPA-PSK/WPA2-PSK encryptions, Wi-Fi Protected Setup(WPS).
5) Működési frekvenciák: FCC: 2412-2462MHZ(Ch1-Ch11), ETSI: 2412-2472MHZ(Ch1-Ch13)
6) RF frekvenciák: 2412-2462MHz (Észak-Amerika) , 2412-2472MHz (Európa) , 2412-2484 MHz(Japán)
7) Antenna típusa: belső PCN antenna + nagy erejű antenna
8) LED állapot jelző: kapcsolat, forgalom
9) Működési környezet: Működési hőmérséklet: 0°C~ 40°C, Páratartalom: 10%-85% RH
10) Támogatott operációs rendszerek : Windows2000, XP, Vista, Windows7, Linux and MAC OS X
Wifi antenna adapter USB 300mbit
Jelenlegi ára: 11 700 Ft
Az aukció vége: 2018-08-10 06:39
          The Internet of Things Needs Food Safety-Style Ratings for Privacy and Security      Cache   Translate Page   Web Page Cache   

By now, we’re all intimately-familiar with the comically-bad security and privacy standards that plague most modern, internet-connected devices in the internet of things era.

Thanks to companies and evangelists that prioritize profits over privacy and security, your refrigerator can now leak your gmail credentials , your kids' Barbie doll can now be used as a surveillance tool , and your Wi-Fi-enabled tea kettle can open your wireless network to attack .

The paper-mache grade security on many of these devices also makes it trivial to quickly compromise and integrate them into botnets, resulting in the rise in historically-unprecedented DDoS attacks over the last few years. Security is so lacking, many devices can be hacked and integrated into botnets in a matter of just minutes once connected to the internet.

Security researchers like Bruce Schneier have dubbed this a sort of “ invisible pollution .” Pollution, he notes, nobody wants to address because neither the buyer or seller in this chain of dysfunction tends to give much of a damn.

“The owners of those devices don't care,” notes Schneier. “Their devices were cheap to buy, they still work, and they don't even know (the victims of DDoS attacks). The sellers of those devices don't care: they're now selling newer and better models, and the original buyers only cared about price and features.”

In short the market has failed, creating millions of new potential attack vectors annually as an ocean of such devices are mindlessly connected to the internet.

One potential solution? To incorporate security and privacy grades in all product and service reviews moving forward.

“Until now, reviewers have primarily focused on how smart gadgets work, but not how they fail: it's like reviewing cars but only by testing the accelerator, and not the brakes,” activist and author Cory Doctorow told Motherboard.

“The problem is that it's hard to tell how a device fails,” Doctorow said. “‘The absence of evidence isn't the evidence of absence,’ so just because you don't spot any glaring security problems, it doesn't mean there aren't any.”

Countless hardware vendors field products with absolutely zero transparency into what data is being collected or transmitted. As a result, consumers can often find their smart cameras and DVRs participating in DDOS attacks, or their televisions happily hoovering up an ocean of viewing data , which is then bounced around the internet sans encryption .

Product reviews that highlight these problems at the point of sale could go a long way toward discouraging such cavalier behavior toward consumer welfare and a healthy internet, pressuring companies to at least spend a few fleeting moments pretending to care about privacy and security if they value their brand reputation.

To that end, Consumer Reports announced last year it would begin working with non-profit privacy research firm Ranking Digital Rights (RDR) and nonprofit software security-testing organization Cyber Independent Testing Lab (CITL) on a new open source standard intended to help make internet-connected hardware safer.

“If Consumer Reports and other public-interest organizations create a reasonable standard and let people know which products do the best job of meeting it, consumer pressure and choices can change the marketplace. We’ve seen this repeatedly over our 80-year history,” the group argued.

This week, those efforts began taking shape.

Consumer Reports’ latest rankings of mobile payment platforms is the first time security and privacy have factored into the organization’s ratings for any product or service. It’s a practice Geoffrey MacDougall, Consumer Reports' head of partnership and strategy, says will soon be expanded to the organization’s reviews of internet-connected products.


The Internet of Things Needs Food Safety-Style Ratings for Privacy and Security

Such a practice being standardized in service and hardware reviews could go a long way in addressing things like “smart” televisions that spend as much time watching you as you do watching them, or internet-connected door locks that leave you less secure than the dumb alternatives they were supposed to supplant.

Doctorow calls the Consumer Reports’ effort both “welcome and long overdue,” but notes it needs to be the first step in a broader reform campaign.

Passing meaningful consumer privacy rules, like the FCC broadband protections killed by Congress last year , will also play a role. As will efforts to improve transparency, like the Princeton computer science department’s IOT Inspector , which provides the end user with more insight into what IoT devices are actually up to online.

Thwarting efforts by numerous companies to punish and intimidate security researchers also needs to be addressed, notes Doctorow.

“I think the next logical step is to start explicitly calling out companies that reserve the right to sue security researchers through laws like Section 1201 of the DMCA and the Computer Fraud and Abuse Act,” he said. “We know from long experience that just the possibility of retaliation

for criticizing products by pointing out their defects is enough to chill the speech of security researchers.”

For years the internet of things space has been the butt of justified jokes , as we collectively laugh at how we need to approve an overlong TOS just to use our shiny new oven , or the fact we can’t use our thermostat or TV because they were infected by ransomware.

But researchers like Schneier have warned that with millions of new attack vectors being introduced annually thanks to apathetic companies and oblivious consumers, it’s only a matter of time before this systemic dysfunction results in some massive, potentially fatal attacks on essential infrastructure .

With that understood, helping consumers better understand which companies couldn’t care less about privacy and security seems like the very least we can do.


          Systems Administrator II - Blue Federal Credit Union - Cheyenne, WY      Cache   Translate Page   Web Page Cache   
Experience with the CISCO Voice over IP and Encryption technologies preferred. Our purpose at Blue is to help our members and teams succeed in doing the things...
From Blue Federal Credit Union - Sat, 04 Aug 2018 10:37:32 GMT - View all Cheyenne, WY jobs
          Wifi antenna adapter USB 300mbit - Jelenlegi ára: 11 700 Ft      Cache   Translate Page   Web Page Cache   
A Wifi USB adapter segítségével kapcsolatot hozhat létre vezeték nélküli hálózatokkal. A számítógép USB portjára kell csatlakoztatni. Tartalmazza az IEEE 802. 11b/g/n szabványokat és max. 300Mbit sebességű adatforgalom is elérhető ideális körülmények között.  
Specifikáció:
1) Szabványok: IEEE 802. 11n(draft2. 0), IEEE802. 11g, IEEE802. 11B.
2) Csatlakozás: USB 2. 0/1. 1.
3) Adatsebességek: 802. 11b: 11Mbps , 802. 11g : 54Mbps, 802. 11n: TX: 150Mbps RX: 300Mbps
4) Biztonság: 64/128bit WEP encryption , WPA/WPA2 and WPA-PSK/WPA2-PSK encryptions, Wi-Fi Protected Setup(WPS).
5) Működési frekvenciák: FCC: 2412-2462MHZ(Ch1-Ch11), ETSI: 2412-2472MHZ(Ch1-Ch13)
6) RF frekvenciák: 2412-2462MHz (Észak-Amerika) , 2412-2472MHz (Európa) , 2412-2484 MHz(Japán)
7) Antenna típusa: belső PCN antenna + nagy erejű antenna
8) LED állapot jelző: kapcsolat, forgalom
9) Működési környezet: Működési hőmérséklet: 0°C~ 40°C, Páratartalom: 10%-85% RH
10) Támogatott operációs rendszerek : Windows2000, XP, Vista, Windows7, Linux and MAC OS X
Wifi antenna adapter USB 300mbit
Jelenlegi ára: 11 700 Ft
Az aukció vége: 2018-08-10 06:39
          Wifi antenna adapter USB 300mbit - Jelenlegi ára: 11 700 Ft      Cache   Translate Page   Web Page Cache   
A Wifi USB adapter segítségével kapcsolatot hozhat létre vezeték nélküli hálózatokkal. A számítógép USB portjára kell csatlakoztatni. Tartalmazza az IEEE 802. 11b/g/n szabványokat és max. 300Mbit sebességű adatforgalom is elérhető ideális körülmények között.  
Specifikáció:
1) Szabványok: IEEE 802. 11n(draft2. 0), IEEE802. 11g, IEEE802. 11B.
2) Csatlakozás: USB 2. 0/1. 1.
3) Adatsebességek: 802. 11b: 11Mbps , 802. 11g : 54Mbps, 802. 11n: TX: 150Mbps RX: 300Mbps
4) Biztonság: 64/128bit WEP encryption , WPA/WPA2 and WPA-PSK/WPA2-PSK encryptions, Wi-Fi Protected Setup(WPS).
5) Működési frekvenciák: FCC: 2412-2462MHZ(Ch1-Ch11), ETSI: 2412-2472MHZ(Ch1-Ch13)
6) RF frekvenciák: 2412-2462MHz (Észak-Amerika) , 2412-2472MHz (Európa) , 2412-2484 MHz(Japán)
7) Antenna típusa: belső PCN antenna + nagy erejű antenna
8) LED állapot jelző: kapcsolat, forgalom
9) Működési környezet: Működési hőmérséklet: 0°C~ 40°C, Páratartalom: 10%-85% RH
10) Támogatott operációs rendszerek : Windows2000, XP, Vista, Windows7, Linux and MAC OS X
Wifi antenna adapter USB 300mbit
Jelenlegi ára: 11 700 Ft
Az aukció vége: 2018-08-10 06:40
          WhatsApp Vulnerability Lets Attackers Alter Your Messages And Spread Fake News      Cache   Translate Page   Web Page Cache   

A new vulnerability has surfaced in WhatsApp’s encryption method that allows attackers to alter messages and user identities in group chats. This could prove devastating as attackers could potentially harm people sending false texts. We have already seen how fake messages circulated on WhatsApp took several lives in India which forced the Facebook-owned company to […]

The post WhatsApp Vulnerability Lets Attackers Alter Your Messages And Spread Fake News appeared first on Fossbytes.


          Database Encryption Market | Global Key Players (Symantec Corporation, Intel Security , Mcafee), Microsoft Corporation, Oracle Corporation) | Future Prospects 2018 – 2025      Cache   Translate Page   Web Page Cache   
Database Encryption Market | Global Key Players (Symantec Corporation, Intel Security , Mcafee), Microsoft Corporation, Oracle Corporation) | Future Prospects 2018 – 2025 Database Encryption Industry 2018 Market Research report gives estimation of the factors that are boosting the development of the Database Encryption market and it also gives the analytical data of Market Size, Share, Growth, Application, Opportunity analysis, and forecast on

          I don’t trust Signal      Cache   Translate Page   Web Page Cache   

Occasionally when Signal is in the press and getting a lot of favorable discussion, I feel the need to step into various forums, IRC channels, and so on, and explain why I don’t trust Signal. Let’s do a blog post instead.

Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don’t view “but that makes it harder for the average person” as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries.

Making promises about security without explaining the tradeoffs you made in order to appeal to the average user is unethical. Tradeoffs are necessary - but self-serving tradeoffs are not, and it’s your responsibility to clearly explain the drawbacks and advantages of the tradeoffs you make. If you make broad and inaccurate statements about your communications product being “secure”, then when the political prisoners who believed you are being tortured and hanged, it’s on you. The stakes are serious. Let me explain why I don’t think Signal takes them seriously.

Google Play

Why do I make a big deal out of Google Play and Google Play Services? Well, some people might trust Google, the company. But up against nation states, it’s no contest - Google has ties to the NSA, has been served secret subpoenas, and is literally the world’s largest machine designed for harvesting and analyzing private information about their users. Here’s what Google Play Services actually is: a rootkit . Google Play Services lets Google do silent background updates on apps on your phone and give them any permission they want. Having Google Play Services on your phone means your phone is not secure.

For the longest time, Signal wouldn’t work without Google Play Services, but Moxie (the founder of Open Whisper Systems and maintainer of Signal) finally fixed this in 2017. There was also a long time when Signal was only available on the Google Play Store. Today, you can download the APK directly from signal.org , but… well, we’ll get to that in a minute.

F-Droid

There’s an alternative to the Play Store for Android. F-Droid is an open source app “store” (repository would be a better term here) which only includes open source apps (which Signal thankfully is). By no means does Signal have to only be distributed through F-Droid - it’s certainly a compelling alternative. This has been proposed, and Moxie has definitively shut the discussion down . Admittedly this is from 2013, but his points and the arguments against them haven’t changed. Let me quote some of his positions and my rebuttals:

No upgrade channel. Timely and automatic updates are perhaps the most effective security feature we could ask for, and not having them would be a real blow for the project.

F-Droid supports updates. If you’re concerned about moving your updates quickly through the (minimal) bureaucracy of F-Droid, you can always run your own repository. Maybe this is a lot of work?I wonder how the workload compares to animated gif search , a very important feature for security concious users. I bet that 50 million dollar donation could help, given how many people operate F-Droid repositories on a budget of $0.

No app scanning. The nice thing about market is the server-side APK scanning and signature validation they do. If you start distributing APKs around the internet, it’s a reversion back to the PC security model and all of the malware problems that came with it.

Try searching the Google Play Store for “flashlight” and look at the permissions of the top 5 apps that come up. All of them are harvesting and selling the personal information of their users to advertisers. Is this some kind of joke? F-Droid is a curated repository, like linux distributions. Google Play is a malware distributor. Packages on F-Droid are reviewed by a human being and are cryptographically signed . If you run your own F-Droid repo this is even less of a concern.

I’m not going to address all of Moxie’s points here, because there’s a deeper problem to consider. I’ll get into more detail shortly. You can read the 6-year-old threads tearing Moxie’s arguments apart over and over again until GitHub added the feature to lock threads, if you want to see a more in-depth rebuttal.

The APK direct download

Last year Moxie added an official APK download to signal.org. He said this was up for “ harm reduction ”, to avoid people using unofficial builds they find around the net. The download page is covered in warnings telling you that it’s for advanced users only, it’s insecure, would you please go to the Google Play store you stupid user. I wonder, has Moxie considered communicating to people the risks of using the Google Play version?

The APK direct download doesn’t even accomplish the stated goal of “harm reduction”. The user has to manually verify the checksum, and figure out how to do it on a phone, no less. A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want. The app has to update itself, using a similarly insecure mechanism. F-Droid handles updates and actually signs their packages. This is a no brainer, Moxie, why haven’t you put Signal on F-Droid yet?

Why is Signal like this?

So if you don’t like all of this, if you don’t like how Moxie approaches these issues, if you want to use something else, what do you do?

Moxie knows about everything I’ve said in this article. He’s a very smart guy and I am under no illusions that he doesn’t understand everything I’ve put forth. I don’t think that Moxie makes these choices because he thinks they’re the right thing to do. He makes arguments which don’t hold up, derails threads, leans on logical fallacies, and loops back around to long-debunked positions when he runs out of ideas. I think this is deliberate. An open source software team reads this article as a list of things they can improve on and gets started. Moxie reads this and prepares for war. Moxie can’t come out and say it openly, but he’s made the decisions he has made because they serve his own interests.

Lots of organizations which are pretending they don’t make self-serving decisions at their customer’s expense rely on argumentative strategies like Moxie does. If you can put together an argument which on the surface appears reasonable, but requires in-depth discussion to debunk, passerby will be reassured that your position is correct, and that the dissenters are just trolls. They won’t have time to read the lengthy discussion which demonstrates that your conclusions wrong, especially if you draw the discussion out like Moxie does. It can be hard to distinguish these from genuine positions held by the person you’re talking to, but when it conveniently allows them to make self-serving plays, it’s a big red flag.

This is a strong accusation, I know. The thing which convinced me of its truth is Signal’s centralized design and hostile attitude towards forks. In open source, when a project is making decisions and running things in a way you don’t like, you can always fork the project. This is one of the fundamental rights granted to you by open source. It has a side effect Moxie doesn’t want, however. It reduces his power over the project. Moxie has a clever solution to this: centralized servers and trademarks.

Trust, federation, and peer-to-peer chat

Truly secure systems do not require you to trust the service provider. This is the point of end-to-end encryption. But we have to trust that Moxie is running the server software he says he is. We have to trust that he isn’t writing down a list of people we’ve talked to, when, and how often. We have to trust not only that Moxie is trustworthy, but given that Open Whisper Systems is based in San Francisco we have to trust that he hasn’t received a national security letter, too (by the way, Signal doesn’t have a warrant canary). Moxie can tell us he doesn’t store these things, but he could. Truly secure systems don’t require trust .

There are a couple of ways to solve this problem, which can be used in tandem. We can stop Signal from knowing when we’re talking to each other by using peer-to-peer chats. This has some significant drawbacks, namely that both users have to be online at the same time for their messages to be delivered to each other. You can still fall back to peer-to-server-to-peer when one peer is offline, however. But this isn’t the most important of the two solutions.

The most important change is federation. Federated services are like email, in that Alice can send an email from gmail.com to Bob’s yahoo.com address. I should be able to stand up a Signal server, on my own hardware where I am in control of the logs, and communicate freely with other Signal servers, including Open Whisper’s servers. This distributes the security risks across hundreds of operators in many countries with various data extradition laws. This turns what would today be easy for the United States government to break and makes it much, much more difficult. Federation would also open the possibility for bridging the gap with several other open source secure chat platforms to all talk on the same federated network - which would spurn competition and be a great move for users of all chat platforms.

Moxie forbids you from distributing branded builds of the Signal app, and if you rebrand he forbids you from using the official Open Whisper servers. Because his servers don’t federate, that means that users of Signal forks cannot talk to Signal users . This is a truly genius move. No fork of Signalto date has ever gained any traction, and never will, because you can’t talk to any Signal users with them. In fact, there are no third-party applications which can interact with Signal users in any way. Moxie can write as many blog posts which appeal to wispy ideals and “moving ecosystems” as he wants, but those are all really convenient excuses for an argument which allows him to design systems which serve his own interests.

No doubt these are non-trivial problems to solve. But I have personally been involved in open source projects which have collectively solved similarly difficult problems a thousand times over with a combined budget on the order of tens of thousands of dollars.

What were you going to do with that 50 million dollars again?

P.S. If you’re looking for good alternatives to Signal, I can recommend Matrix .


          Hasleo BitLocker Anywhere 4.0 Technician (x64)      Cache   Translate Page   Web Page Cache   

Hasleo BitLocker Anywhere 4.0 Technician (x64)
Hasleo BitLocker Anywhere 4.0 (x64) Technician | 17.1 Mb

Hasleo BitLocker Anywhere is the world's first and only BitLocker solution for ShiChuang 10/8.1/8/7 Home, ShiChuang 8 Core and ShiChuang 7 Professional Editions. With it you can enjoy almost all the features of BitLocker Drive Encryption in these editions of ShiChuang.

          FREE CABLE TV IN 5 MINUTES ON ALL DEVICES IN HD QUALITY – NO KODI, NO APK REQUIRED!      Cache   Translate Page   Web Page Cache   

🔐Get protected military grade encryption when watching Kodi and TV apps🔐 NEWTECH CHANNEL EXCLUSIVE SPECIAL DEAL ⚠️57% ⚠️OFF: $5.20/month 👉 http://bit.ly/vpn60off Telegram Community: https://t.me/joinchat/H6xgQBDHihZr1je… Install Filelinked with some Important information this tutorial teaches you: FREE CABLE FREE IPTV BEST IPTV BEST FREE CABLE IPTV Remember all content is also available on http://streamtips.info How to GET […]

The post FREE CABLE TV IN 5 MINUTES ON ALL DEVICES IN HD QUALITY – NO KODI, NO APK REQUIRED! appeared first on Kodi 17 Krypton.


          NEWEST MOVIES + TV SHOW APK NO BUFFER NO KODI 100% FREE      Cache   Translate Page   Web Page Cache   

🔐Get protected military grade encryption when watching Kodi and TV apps🔐 NEWTECH CHANNEL EXCLUSIVE SPECIAL DEAL ⚠️57% ⚠️OFF: $5.20/month 👉 http://bit.ly/vpn60off Telegram Community: https://t.me/joinchat/H6xgQBDHihZr1je… Install Filelinked with some Important information this tutorial teaches you: FREE MOVIES FREE TV SHOWS MOVIES APK Remember all content is also available on http://streamtips.info How to GET KODI WORKING again? […]

The post NEWEST MOVIES + TV SHOW APK NO BUFFER NO KODI 100% FREE appeared first on Kodi 17 Krypton.


          (USA-VA-Springfield) Sr. Network Engineer 4      Cache   Translate Page   Web Page Cache   
Northrop Grumman Technology Systems sector is seeking a Sr. Network Engineer to join our team of qualified, diverse individuals. This position will be located in Springfield VA. The qualified applicant will become part of Northrop Grumman's DS-ENM engineering team. This is a contract to provide the US Department of State with professional, technical, and support services to support the global enterprise network development, deployment, and support for on-premise and future cloud environments. Roles and Responsibilities: Working with the stakeholder community to determine network requirements Working experience with large enterprise WAN network designs (BGP and OSPF) Developing and documenting requirements system designs for design reviews Documenting the network design using Visio Configuring network equipment (ASR and ISR routers, switches, etc.) for routing and encryption Working with field staff to: Walk field staff through the installation process and checkout; Remotely turn up and test the network equipment and connectivity; and Troubleshoot remote network sites **Basic Qualifications:** To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below: B.S. degree in Electrical Engineering, Computer Science, Mathematics, or other STEM discipline with 9 years of experience 6 years of related network design, configuration, and Tier III support Must have experience with Cisco ASR - ISR Routers and Switches Must have an active Top Secret security clearance Good working skills in Microsoft office (Word PowerPoint, Project, and Excel) Must have good written and presentation skills for customer presentations. **Preferred Qualifications:** Candidates with theses desired skills will be given preferential considerations: Knowledge of cloud based transport (i.e., Microsoft's Express Route) and cloud infrastructures (i.e., IaaS, PaaS and SaaS) Good working skills in Remedy trouble ticketing and asset management system Cisco Certifications Previous working experience at DoS is desirable, but not required ITIL experience or certifications Experience using PowerShell Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.
          (USA-MN-Maple Grove) System Desktop Administrator - 63033959 - TV      Cache   Translate Page   Web Page Cache   
System Desktop Administrator - 63033959 - TV Job Code: 63033959Job Location: Maple Grove, MNCategory: Software EngineeringLast Updated: 08/09/2018Apply Now! Job Description: Job duties: • Support customer issues and requests by creating, tracking, and documenting solution in a support database and monitoring the support queue. • Install, configure, test, maintain and troubleshoot customer workstations and related hardware and software. • Perform analysis and diagnosis of complex problems for customers and recommend and implement corrective solutions. • Troubleshoot network connectivity issues including wireless access points, devices connected to the wireless network, preliminary bandwidth issues and printer routing problems. • Act as designated IT point of contact for facilities in case of any IT-related emergency or maintenance. • Consult with customers to assist in obtaining hardware, software, and services and assist the customer in obtaining the training necessary to use the product(s). • Maintain tact and composure in stressful situations; communicate effectively and work cooperatively with other staff members and customers of technical services; and establish and maintain effective working relationships with management, team members, other staff, and customers. • Must be able to interpret and make decisions in accordance with regulations and established policies. • Supervised by Manager, Regional Service Support US/Canada through reports, meetings, and conferences regarding results expected and achieved. • Act as overflow to the Service Desk during high volume times. • Inventory Control tasks may include verifying serial numbers on equipment and updating records • Performs other related duties as assigned. • Travel to remote sites and meetings as needed. Requirements: • A degree in Information Systems preferred OR 7 years of technical and strong customer service experience required. Customer service experience is most critical need. • Must have excellent PC troubleshooting skills • Must be able to troubleshoot wireless and wired networks, from a PC perspective • Must be able to troubleshoot printer connectivity. • Must have good understanding of how to image a machine using tools, not so much a USB drive. • Must understand what reimaging process is from start to finish. • Must have background on skype and office 365. Need to be able to explain detail. • Proficiency with Microsoft Office Products (Office365). • Corporate experience directly supporting Windows 7 and 10. • PC encryption • Experience delivering hands-on customer training. • Skilled with Polycom AV conferencing devices (Trios and Group Series) • Experience with the following is preferred: Windows 7 & 10, Mac OS X, Mobile Devices, TCP/IP communication protocol, Microsoft Office, Microsoft Exchange, Skype for Business, VPN, Remedy Call Tracking System, LANDesk, Dell and Lenovo laptops and desktops, HP, Dell and Ricoh printers. For more information about this position, please contact the Entegee New Hope, MN office at 763-577-9000 or softwareteam@entegee.com. Please reference job # 63033959TV Equal Opportunity Employer Minorities/Women/Veterans/Disabled
          Offer - Airtel broadband book online in panchkula - INDIA      Cache   Translate Page   Web Page Cache   
Generally, users don’t keep strong passwords for their broadband connections. Hence, it becomes easy to detect password and use their broadband connection, without letting them know. It is advised to keep strong encryption password. To improve your internet experience, you can also take the services of Airtel broadband book online. The Airtel broadband connection assures you of providing the best services in your region. For more info visit here: https://www.airtelbroadbandschandigarh.com/Call: +91 9041409999
          DevSecOps - PinPoint Talent - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Previous Experience in Ethical Hacking, Penetration Testing and Encryption. You'll be working with cutting edge technology to build, deploy and automate...
From PinPoint Talent Inc. - Mon, 30 Jul 2018 13:39:42 GMT - View all Ottawa, ON jobs
          DevOps Security Engineer - Qlik - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Encryption technologies, ethical hacking and penetration testing. Provide advice on hacking tools and techniques including advanced malware detection....
From Qlik - Fri, 20 Jul 2018 02:17:32 GMT - View all Ottawa, ON jobs
          IT Support Technician III - Sierra Nevada Corporation - Madison, WI      Cache   Translate Page   Web Page Cache   
Dell 32-/64-bit platforms (mobile and stationary), HP &amp; Xerox printers / plotters, scanning systems, PGP encryption, wired &amp; wireless equipment, VoIP, Citrix,...
From Sierra Nevada Corporation - Tue, 19 Jun 2018 17:07:21 GMT - View all Madison, WI jobs
          Webform Encrypt: Create a Bulk Encryption/Decryption Service Class      Cache   Translate Page   Web Page Cache   

Problem/Motivation

In #2925621: Encryption of pre-existing data we need the ability to encrypt pre-existing data, for this we would need the ability to encrypt a large amount of submissions in one shot.

The motivation for dealing with the bulk encryption/decryption separately is that the class could be created and tested independently of any UI improvements that would be needed and be more contentious, such as when to call such a function during the changing of an encryption profile.

Proposed resolution

Create a BulkEncryption service class to facilitate these kinds of bulk operations, the current uninstall hook decryption could then be replaced by a call to this class.

I think it makes sense for these to be batch operations that can be called progressively or non-progressively depending on the situation.

Remaining tasks

Create the class
Create test coverage for all the sceanrios:

  • Turning off encryption for a field.
  • Changing a field from one encryption profile to another.
  • @todo define all possible scenarios e.g. can we hook into the deletion of an encryption profile etc.

Consult with @gambry to ensure that public key cryptography is taken into account. see #2943231: Support for Public-key cryptography


          Amazon DynamoDB Accelerator (DAX) Adds Support for Encryption at Rest      Cache   Translate Page   Web Page Cache   

Amazon DynamoDB Accelerator (DAX) now supports encryption at rest for new DAX clusters to help you accelerate reads from Amazon DynamoDB tables in security-sensitive applications that are subject to strict compliance and regulatory requirements.

DAX provides you a fully-managed, highly available, in-memory cache that is capable of accelerating reads from DynamoDB tables by up to 10x, even at millions of requests per second. You can use DAX without making changes to your existing application logic and using your existing DynamoDB APIs calls. DAX manages cache invalidation and data population on your behalf. With the new encryption at rest support, you can also encrypt the storage for your DAX clusters to help you protect data on your DAX nodes, such as configuration and log files. This data is encrypted using AWS Key Management Service (AWS KMS).

DAX is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), South America (São Paulo), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions.

To learn more about DAX and encryption at rest, see DAX Encryption at Rest.
 


          IT Support Technician III - Sierra Nevada Corporation - Madison, WI      Cache   Translate Page   Web Page Cache   
Microsoft, Lotus Notes, McAfee Antivirus, PGP encryption, wireless, Citrix, Dell laptops/desktops, and HP Printers....
From Sierra Nevada Corporation - Tue, 19 Jun 2018 17:07:21 GMT - View all Madison, WI jobs
          IT Project Technician - START DATE 10/01 - Smartech & Associates, LP - Ferndale, WA      Cache   Translate Page   Web Page Cache   
Enable McAfee Encryption (Laptop only). SMARTECH is a growing IT service provider connecting certified IT personnel with multiple major clients in the industry....
From Indeed - Thu, 26 Jul 2018 19:41:16 GMT - View all Ferndale, WA jobs
          Systems Administrator II - Blue Federal Credit Union - Cheyenne, WY      Cache   Translate Page   Web Page Cache   
Experience with the CISCO Voice over IP and Encryption technologies preferred. Our purpose at Blue is to help our members and teams succeed in doing the things...
From Blue Federal Credit Union - Sat, 04 Aug 2018 10:37:32 GMT - View all Cheyenne, WY jobs
          Network Administrator - The Tatitlek Corporation - Arlington, VA      Cache   Translate Page   Web Page Cache   
Have experience with VPN encryption devices, such as Cisco routers, Cisco ASA’s and Nortel Connectivity....
From The Tatitlek Corporation - Sat, 23 Jun 2018 05:47:50 GMT - View all Arlington, VA jobs
          Update: Photos Protector (Business)      Cache   Translate Page   Web Page Cache   

Photos Protector 3.0.1


Device: Mac OS
Category: Business
Price: Free, Version: 1.0.6 -> 3.0.1 (iTunes)

Description:

Photos Protector is an easy to use utility to store and encrypt your privacy photos.
Store and encrypt photos - 2 Steps:
1. Launch "Photos Protector", set your password. (First time required).

2. Click the 'Add Photos...' button to add photos. If you choose a directory, you will add all the photos below. Supports nearly every image format(png,jpg,tiff,gif,etc…).

Once photos are added to the application, they are password-protected and can only be accessed by entering a user-defined password. This helps to prevent other people from viewing private photos and ensures higher protection against thefts. 100 privacy photos can be stored and encrypted for free. Unlimited photos storage and encryption.(in-app purchase required).

Decrypt and move photos - 1 step:
1. Click the ’Move to…’ button to decrypt and move photos to other directories.

Delete useless photos - 1 step:
1. Click the ‘Delete’ button to delete the useless photos.

Lock the Application - 1 step:
1. Click the ‘Lock’ button to lock the app immediately.

What's New

Fixed minor bugs.

Photos Protector


          Update: Ivideon Client (Lifestyle)      Cache   Translate Page   Web Page Cache   

Ivideon Client 6.6.0


Device: Mac OS
Category: Lifestyle
Price: Free, Version: 6.5.0 -> 6.6.0 (iTunes)

Description:

What is Ivideon Client?
Ivideon Client is an app you can use to watch archived videos and online feeds from the cameras hooked up to Ivideon’s cloud-based video surveillance service.

What is Ivideon?
Ivideon is an online video surveillance service that gives you eyes on the ground, lets you know when important events happen, and saves recordings of them in the cloud. Do you just need to hook up a few cameras to keep track of what’s going on at your house? Or does your business need hundreds or thousands of cameras in different cities and even countries? Then look no further!

Ivideon is perfect for video surveillance users no matter how many cameras they have.
• Enjoy high-quality videos complete with sound on any device.
• Store video locally and in the cloud, where it’s safer and more secure.
• Quickly find videos using our convenient timeline.
• Receive push and email notifications whenever there’s a suspicious sound or movement.
• Hook up an unlimited number of cameras.
• Set up camera access for other users.
• Watch high-quality videos even over a weak or 3G connection.
• Rest assured that your data is safe thanks to SSL encryption.
• Tell the world about what you do by embedding video in your website and sharing the link.

Oh, and by the way: we already have more than 1,500,000 users!
Why? Most existing video surveillance systems are tricky to set up and prohibitively expensive. The Ivideon engineering team made sure our service marries all the functionality you need in a professional video surveillance system to availability and ease of use.

What can Ivideon Client do on a Mac?
Watch online feeds and archived videos from wherever you are.
Features:
• Simple camera name search
• Quality control for videos as they’re being watched
• Full screen mode
• Fast video archive search by date
• Scalable timeline
• Fast-forward for archived videos
Organize how your camera feeds are laid out to make sure you stay organized.
Features:
• Simultaneous viewing of online feeds and archived videos
• Camera layout management
For Ivideon business accounts: manage camera groups however you want.
Features:
• Group cameras to match your organizational structure
• Give different employees and your security service access to different groups of cameras
• Delegate administration of your camera groups to your employees

Try Ivideon smart video surveillance right now for free!

What's New

Okay, so basically, all of us here at Ivideon are inveterate optimists, always believing in nothing but the best. But the world isn’t perfect. Neither are internet channels.

Sure, lots of our customers have internet so fast that the videos in Ivideon Client load at a speed Schumacher would have been proud of. On the other hand, we’re always forgetting that not all of our customers are in that boat.

There are quite a few of you who could use a few more ticks to be completely happy, and you have to deal with lag and poor video quality in the Ivideon apps. And while we can’t do anything about your internet, we can certainly do something about Ivideon Desktop Client.

So anyway, here’s a new version that will have you loading video with far less lag no matter what kind of internet you’re dealing with. It’s less resource-intensive, too.

If you have a lot of cameras, you’ll be the first to notice the difference. And most importantly, we made sure there won’t be any distortion at lower qualities.

In keeping with tradition, we also squashed a bunch of bugs and added a few minor features:
• The ability to limit the number of windows you have open
• Automatic updating should you so desire it
• An option to keep your screen from turning off while Ivideon Desktop Client is open

Ivideon Client


          Знакомство с криптографией. Серверный шифровальщик на PHP. Mcrypt и SHA256      Cache   Translate Page   Web Page Cache   
Advanced Encryption Standard — это симметричный алгоритм блочного шифрования. Блочное шифрование — это когда информация разбивается на блоки и шифруется кратными блоками например, 8-ми или 16 байтам. Данный алгоритм был принят правительством США в качестве стандарта https://codeby.net/forum/threads/kratkoe-znakomstvo-s-algoritmami-servernyj-shifrovalschik-na-php-mcrypt-i-sha256.64390/

https://codeby.net
          Encryption doesn't stop him or her or you... from working out what Thing 1 is up to      Cache   Translate Page   Web Page Cache   

Why we hardly have to sniff the packet to know you play tennis with an IoT racket

You don't need to sniff clear-text Internet of Things traffic to comprehensively compromise a gadget-fan's home privacy: mere traffic profiles will do the job nicely, a group of researchers has found.…


          Hackers reportedly breach PGA of America's servers      Cache   Translate Page   Web Page Cache   

Hackers have compromised some of the PGA of America's computer servers, according to a report by Golfweek.

The magazine reported Wednesday afternoon that PGA staff members discovered the breach when attempts to access the files generated the following message: "Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm [sic]."

The message went on to warn that any attempt to break the encryption would result in the loss of the files.

Golfweek also reported that the message included a Bitcoin wallet number in an apparent extortion attempt, but stopped short of saying what the hackers required from the PGA of America to regain access to the files.

The magazine reported that the affected files include promotional banners and logos used in digital and print communications for the PGA Championship, which began Thursday at Bellerive Country Club in St. Louis, and next month’s Ryder Cup in France.

The PGA of America declined Golfweek's request for a comment on the situation, saying it was an ongoing investigation.


          IT Support Technician III - Sierra Nevada Corporation - Madison, WI      Cache   Translate Page   Web Page Cache   
Dell 32-/64-bit platforms (mobile and stationary), HP &amp; Xerox printers / plotters, scanning systems, PGP encryption, wired &amp; wireless equipment, VoIP, Citrix,...
From Sierra Nevada Corporation - Tue, 19 Jun 2018 17:07:21 GMT - View all Madison, WI jobs
          General Dynamics Launches Enterprise-Level Encryptor Manager      Cache   Translate Page   Web Page Cache   
General Dynamics‘ mission systems business has launched a new remote platform built to help customers manage encryption devices on an enterprise level. The company said Thursday the GEM One R1.1 works to facilitate the management of health, status and connectivity in enterprise networks containing dispersed encryption devices. The platform is also designed to help users […]
          Systems Administrator II - Blue Federal Credit Union - Cheyenne, WY      Cache   Translate Page   Web Page Cache   
Experience with the CISCO Voice over IP and Encryption technologies preferred. Our purpose at Blue is to help our members and teams succeed in doing the things...
From Blue Federal Credit Union - Sat, 04 Aug 2018 10:37:32 GMT - View all Cheyenne, WY jobs
          黑客演示让心脏起搏器发出危及生命的电击      Cache   Translate Page   Web Page Cache   
安全研究人员称,心脏起搏器制造商 Medtronic 没有使用加密保护固件更新,让黑客能远程安装恶意固件危及患者的生命。在美国拉斯维加斯举行的 Black Hat 安全会议上,Billy Rios 和 Jonathan Butts 称,他们早在 2017 年 1 月就将漏洞报告给了 Medtronic,然而至今他们开发的概念验证攻击仍然有效。他们演示了对控制心脏起搏器的设备 CareLink 2090 programmer 的攻击。由于 Medtronic 没有使用 HTTPS 加密连接和数字签名固件,研究人员能迫使设备安装恶意固件,利用这个控制设备改变治疗方法去危及患者生命,比如增加电击次数。Medtronic 随后发表声明声称该攻击只对旧型号有效,而且需要改变默认设置启用远程功能。


          A Review of MongoDB Backup Options      Cache   Translate Page   Web Page Cache   

Database backup is nothing but a way to protect or restore data. It is the process of storing the operational state, architecture, and data of your database. It can be very useful in situations of technical outage or disaster. So it is essential to keep the backup of your database and that your database has a good and easy process for backup.

MongoDB provides several tools/techniques to backup your databases easily.

In this article, we will discuss some of the top MongoDB backup and restore workflows.

Generally, there are three most common options to backup your MongoDB server/cluster.

Mongodump/Mongorestore MongoDB Cloud Manager Database Snapshots

Apart from these general options, there are other ways to backup your MongoDB. We will discuss all these options as well in this article. Let’s get started.

MongoDump/MongoRestore

If you have a small database (<100GB) and you want to have full control of your backups, then Mongodump and Mongorestore are your best options. These are mongo shell commands which can be used to manually backup your database or collections. Mongodump dumps all the data in Binary JSON(BSON) format to the specified location. Mongorestore can use this BSON files to restore your database.

Backup a Whole Database $ sudo mongodump --db mydb --out /var/backups/mongo

Output:

2018-08-20T10:11:57.685-0500 writing mydb.users to /var/backups/mongo/mydb/users.bson 2018-08-20T10:11:57.907-0500 writing mydb.users metadata to /var/backups/mongo/mydb/users.metadata.json 2018-08-20T10:11:57.911-0500 done dumping mydb.users (25000 documents) 2018-08-20T10:11:57.911-0500 writing mydb.system.indexes to /var/backups/mongo/mydb/system.indexes.bson

In this command, the most important argument is --db. It specifies the name of the database that you want to backup. If you don’t specify this argument then the Mongodump command will backup all your databases which can be very intensive process.

Backup a Single Collection $ mongodump -d mydb -o /var/backups/mongo --collection users

This command will backup only users collection in mydb database. If you don’t give this option then, it will backup all the collection in the database by default.

Taking Regular Backups Using Mongodump/Mongorestore

As a standard practice, you should be making regular backups of your MongoDB database. Suppose you want to take a backup every day at 3:03 AM, then in a linux system you can do this by adding a cron entry in crontab.

$ sudo crontab -e

Add this line in crontab:

3 3 * * * mongodump --out /var/backups/mongo Restore a Whole Database

For restoring the database, we can use Mongorestore command with --db option. It will read the BSON files created by Mongodump and restore your database.

$ sudo mongorestore --db mydb /var/backups/mongo/mydb

Output

2018-07-20T12:44:30.876-0500 building a list of collections to restore from /var/backups/mongo/mydb/ dir 2018-07-20T12:44:30.908-0500 reading metadata file from /var/backups/mongo/mydb/users.metadata.json 2018-07-20T12:44:30.909-0500 restoring mydb.users from file /var/backups/mongo/mydb/users.bson 2018-07-20T12:45:01.591-0500 restoring indexes for collection mydb.users from metadata 2018-07-20T12:45:01.592-0500 finished restoring mydb.users (25000 documents) 2018-07-20T12:45:01.592-0500 done Restore a whole collection

To restore just a single collection from db, you can use the following command:

$ mongorestore -d mydb -c users mydb/users.bson

If your collection is backed up in JSON format instead of BSON then you can use the following command:

$ mongoimport --db mydb --collection users --file users.json --jsonArray Advantages Very simple to use You have full access to your backup You can put your backups at any location like NFS shares, AWS S3 etc. Disadvantages Every time it will take a full backup of the database, not just the difference. For large databases, it can take hours to backup and restore the database. It’s not point-in-time by default, which means that if your data changes while backing it up then your backup may result in inconsistency. You can use --oplog option to resolve this problem. It will take a snapshot of the database at the end of mongodump process. MongoDB Ops Manager

Ops Manager is a management application for MongoDB which runs in your data center. It continuously backs up your data and provides point-in-time restore processes for your database. Within this application, there is an agent which connects to your MongoDB instances. It will first perform an initial sync to backup the current state of the database. The agent will keep sending the compressed and encrypted oplog data to Ops Manager so that you can have a continuous backup. Using this data, Ops Manager will create database snapshots. It will create a snapshot of your database every 6 hours and oplog data will be stored for 24 hours. You can configure the snapshot schedule anytime using the Ops Manager.

Advantages It’s point-in-time by default Doesn’t impact the production performance except for initial sync Support for consistent snapshots of sharded clusters Flexibility to exclude non-critical collections Disadvantages Network latency increases with the snapshot size while restoring the database. MongoDB Cloud Manager

MongoDB Cloud Manager is cloud-based backup solution which provides point-in-time restore, continuous and online backup solution as a fully managed service. You can simply install the Cloud Manager agent to manage backup and restore of your database. It will store your backup data in MongoDB cloud.

Advantages Very simple to use. Good GUI. Continuous backup of queries and oplog. Disadvantages No control on backup data. It is stored in MongoDB cloud. Cost depends on the size of the data and the amount of oplog changes. Restore process is slow. Snapshot Database Files

This is the simplest solution to backup your database. You can copy all the underlying files (content of data/ directory) and place it to any secure location. Before copying all the files, you should stop all the ongoing write operations to a database to ensure the data consistency. You can use db.fsyncLock() command to stop all the write operations.

There are two types of snapshots: one is cloud level snapshots and another is OS level snapshots.

If you are storing database data with a cloud service provider like AWS then you have to take AWS EBS snapshots for backup. In contrast, if you are storing DB files in native OS like Linux then you have to take LVM snapshots. LVM snapshots are not portable to other machines. So cloud bases snapshots are better than OS based snapshots.

Advantages Easy to use. Full control over snapshots. You can move it to any data center. These snapshots are diff snapshots which store only the differences from previous snapshots. No need to download the snapshots for restoring your database. You can just create a new volume from your snapshot. Disadvantages Using this method, you can only restore your database at breakup points. Maintenance becomes very complex sometimes. To coordinate backups across all the replica sets (in sharded system), you need a special devops team.

ClusterControl

Single Console for Your Entire Database Infrastructure

Find out what else is new in ClusterControl

Install ClusterControl for FREE

MongoDB Consistent Backup tool

MongoDB consistent backup is a tool for performing consistent backups of MongoDB clusters. It can backup a cluster with one or many shards to a single point of the database. It uses Mongodump as a default backup method. Run the following command to take backup using this tool.

$ mongodb-consistent-backup -H localhost -P 27017 -u USERNAME -p PASSWORD -l /var/backups/mongo

All the backups generated by this commands are MongoRestore compatible. You can user mongorestore command with --oplogReplay option to ensure consistency.

$ mongorestore --host localhost --port 27017 -u USERNAME -p PASSWORD --oplogReplay --dir /var/backups/mongo/mydb/dump Advantages Fully open source Works with sharded cluster Provides an option for remote backup such as Amazon S3 Auto-scaling available Very easy to install and run Disadvantage Not fully mature product Very few remote upload options Doesn’t support data encryption before saving to disk Official code repository lacks proper testing ClusterControl Backup

ClusterControl is an all in one automated database management system. It lets you monitor, deploy, manage & scale your database clusters with ease. It supports mysql, MongoDB, PostgreSQL, Percona XtraDB and Galera Cluster. This software automates almost all the database operations like deploying a cluster, adding or removing a node from any cluster, continuous backups, scaling the cluster etc. All these things, you can do from one single GUI provided by the ClusterControl system.

ClusterControl provides a very nice GUI for MongoDB backup management with support for scheduling and creative reports. It gives you two options for backup methods.

Mongodump Mongodb consistent backup

So users can choose any option according to their needs. This tool assigns a unique ID to all the backups and stores it under this path: ClusterControl > Settings > Backup > BackupID. If the specified node is not live while taking the backup then the tool will automatically find the live node from the cluster and carry on the backup process on that node. This tool also provides an option for scheduling the backups using any of the above backup methods. You can enable/disable any scheduling job by just toggling a button. ClusterControl runs the backup process in background so it won’t affect the other jobs in the queue.

Advantages Easy installation and very simple to use Multiple options for backup methods Backup scheduling is very easy using a simple GUI form Automated backup verification Backup reports with status Disadvantage Both backup methods internally use mongodump, which has some issues with handling very large databases. Conclusion

A good backup strategy is a critical part of any database management system. MongoDB offers many options for backups and recovery/restore. Along with a good backup method, it is very important to have multiple replicas of the database. This helps to restore the database without having the downtime of even one second. Sometimes for larger databases, the backup process can be very resource intensive. So your server should be equipped with good CPU, RAM, and more disk space to handle this kind of load. The backup process can increase the load on the server because of these reasons so you should run the backup process during the nights or non-peak hours.


          How do I encrypt Ubuntu system partitions without encrypting the whole drive?      Cache   Translate Page   Web Page Cache   
The problem I'm having is with some of the limited encryption options on the install disc. The option for encryption is... ---Quote--- "encrypt the new ubuntu installation for security" ---End Quote--- but from what I can it's for full disk encryption, which I don't want because I want my...
          Smart Cryptography with Superdog and Vault      Cache   Translate Page   Web Page Cache   
Superdog - the Crypto library for Vault from Hashicorp At XOR Data Exchange we deal with a lot of sensitive data for our customers. We needed to be able to support strong encryption with key rotation in a simple and practical way. So we wrote superdog to help with this task. Superdog is a library for managing strong cryptography in both development/test environments. Superdog provides an elegant wrapper to the Vault API that allows you to manage your cryptographic keys using any code that implements the KeyProvider interface.
          Database Encryption Market to Set Phenomenal Growth by 2025 | Leading Key Players: Microsoft, Oracle, Netapp      Cache   Translate Page   Web Page Cache   
none
          WDRL — Edition 238: Chrome 67 Client Hints, Safari ITP Debugger, the Cost of JavaScript in 2018, and the not so nice impact of Open Source Projects.      Cache   Translate Page   Web Page Cache   

Hey,

welcome to another edition of my newsletter. Please note that for the next two weeks I’ll be on vacation and not writing a list but before that, I found quite a couple of very good articles and resources worth reading this week.

Eric Meyer has published an article this week, elaborating the problems of the effort to make the web HTTPS only — where he reveals that developing countries suffer a lot from this development as they often have bad internet connections and due to the encryption, they now experience more website errors than previously. Ben Werdmüller jumped in and published his article “Stop building for San Francisco” in which he points out one of the biggest problems we have as developers: We use priviledged hardware and infrastructure. We build experiences using the latest iPhones, Macbooks with Gigabit or fast 4G connections but never consider that most people we’re building for use far less equipped devices and infrastructures. And while it’s a great idea to make the web more secure, we should always keep in mind who this might impact, who will not be able to access your site anymore.

News

Generic

  • If you have an Open Source project or are building a new one, you have to decide which license it should use. Now there’s a new option, the Just World License. It’s for developers that agree in general with the principles of open source software, but are uncomfortable with their software being used as part of efforts to destroy lives, our environment and our future.
  • Eric Meyer has published an article this week, elaborating the problems of the effort to make the web HTTPS only — where he reveals that developing countries suffer a lot from this development as they often have bad internet connections and due to the encryption, they now experience more website errors than previously. Ben Werdmüller jumped in and published his article “Stop building for San Francisco” in which he points out one of the biggest problems we have as developers: We use priviledged hardware and infrastructure. We build experiences using the latest iPhones, Macbooks with Gigabit or fast 4G connections but never consider that most people we’re building for use far less equipped devices and infrastructures. And while it’s a great idea to make the web more secure, we should always keep in mind who this might impact, who will not be able to access your site anymore.

Tooling

  • Prashant Palikhe wrote a long story about the art of debugging with Chrome’s Developer Tools, which I can highly recommend as it’s a very complete reference to getting to know the developer tools of a browser. If you use another browser, that’s not a big problem as most tools are quite similar.

Security

  • And another new Observer is around now: The ReportingObserver API lets you know when your site uses a deprecated API or runs into a browser intervention and is available in Chrome 69 so far. You could easily use this to send such errors that previously were only available in the Console to your backend or error handling service.

Accessibility

JavaScript

  • Addy Osmani researched the cost of JavaScript in 2018 and wrote a summary article, sharing evidence that every byte of JavaScript is still the most expensive resource we can send to mobile phones because it can delay interactivity in large ways. This is increasingly becoming a problem with not so capable phones that are widely used outside the tech industry.

CSS

Work & Life

  • Paris Marx on why lifestyle entrepreneurs ignore communities at home and abroad and digital nomads are not the future, according to him. He shares why location independence is only possible because of communication infrastructures built with public funds and why it’s not fair to abuse it.

Go beyond…

  • Jeremy Nagel lets us all think about the impact we do when we publish open source code: As developers we tend to think that this is an amazing move but then we make our source code available to bad players in the world as well — to coal miners, to pollution-contributing companies, to those who use humans to get rich while mistreating them, to those who rip you off indirectly, to people who make money and don’t give you anything back by using your free, open source code. It’s not that you can’t do anything about it but to do so, you have to be aware of these issues and apply a better license or add a dedicated statement to your code. Want an example? Philip Morris International’s website uses jQuery and Bootstrap, a company that contributes to people getting cancer. Do you want to be attributed this way with your software?

—Anselm


          Court rejects appeal: Russian ban on Telegram messenger service remains      Cache   Translate Page   Web Page Cache   
The Appeals Collegium of the Russian Supreme Court has rejected an appeal by the company behind Telegram, upholding an order to block the messenger over its refusal to hand encryption keys over to security services. On Thursday, the Appeals Collegium looked into the complaint filed by a team of lawyers representing the UK-registered company Telegram LLP - a major business that owns and promotes a messenger and blog platform known as Telegram. Its lawyers sought to overturn a court order issued in April that compelled Telegram to hand over encryption keys for clients' messages to the Federal Security Service (FSB). They tried to prove that the FSB did not have sufficient power to issue the original request for encryption keys, and also that the out-of-court handover procedure could reveal Telegram users' correspondence to an "unidentified circle of people."
          Database Encryption Market to Set Phenomenal Growth by 2025 | Leading Key Players: Microsoft, Oracle, Netapp      Cache   Translate Page   Web Page Cache   
none
          Associate IT Technician - Plenty - Laramie, WY      Cache   Translate Page   Web Page Cache   
Apple\Microsoft certifications, G Suite Experience, familiarity with full disk encryption solutions, helpdesk ticketing systems, file sharing solutions, Android...
From Plenty - Fri, 06 Jul 2018 16:06:20 GMT - View all Laramie, WY jobs
          DevSecOps - PinPoint Talent - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Previous Experience in Ethical Hacking, Penetration Testing and Encryption. You'll be working with cutting edge technology to build, deploy and automate...
From PinPoint Talent Inc. - Mon, 30 Jul 2018 13:39:42 GMT - View all Ottawa, ON jobs
          DevOps Security Engineer - Qlik - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Encryption technologies, ethical hacking and penetration testing. Provide advice on hacking tools and techniques including advanced malware detection....
From Qlik - Fri, 20 Jul 2018 02:17:32 GMT - View all Ottawa, ON jobs
          Associate IT Technician - Plenty - Laramie, WY      Cache   Translate Page   Web Page Cache   
Apple\Microsoft certifications, G Suite Experience, familiarity with full disk encryption solutions, helpdesk ticketing systems, file sharing solutions, Android...
From Plenty - Fri, 06 Jul 2018 16:06:20 GMT - View all Laramie, WY jobs
          MEA Cybersecurity Market Worth $31.82 Billion by 2023      Cache   Translate Page   Web Page Cache   

https://mma.prnewswire.com/media/660509/MarketsandMarkets_Logo.jpg?p=captionPUNE, India, August 10, 2018 /PRNewswire/ -- According to a new market research report "MEA Cybersecurity Market by Solution (IAM, Encryption, DLP, UTM, Antivirus/Antimalware, Firewall, IDS/IPS, Disaster Recovery), Service (Professional and Managed), Security Type, Deployment Mode,...



           More Government Websites Encrypt as Google Chrome Warns Users Non-HTTPS Sites are 'Not Secure'       Cache   Translate Page   Web Page Cache   

Google Chrome, the most widely used Internet browser, has officially started warning users that unencrypted Web pages are “not secure.” Among those “not secure,” as of Aug. 9: The front pages of the official government websites for 14 states and four of the nation’s 10 most populous cities.

Encryption — most easily represented with an “HTTPS” rather than “HTTP” in front of a site’s Web address — is the practice of encoding data traveling between a website and its visitor so that any third parties who are able to peek into the data don’t know what’s happening. With encryption, users can reasonably expect that their connection is private. Without it, bad actors can do things like steal information and change a Web page’s content without the user realizing it.

It has become more or less the standard for the Internet. According to Google, 93 percent of Web traffic on Chrome takes place on encrypted pages. The tech giant started labeling non-HTTPS pages as “not secure” to push laggards toward encryption.

“Historically, that’s when you would encrypt websites … when there was sensitive information like payment card data,” said Andrew Hanks, Montana’s chief information security officer. “Back a decade ago, it was expensive to encrypt, to get the certificates to work. Now that’s not the case and encryption is the standard.”

Google’s tactic appears to be working. The number of government websites without encryption on the front page has actually been dropping somewhat quickly. Since the last time Government Technology checked in on this subject in March, 15 states — Arkansas, Connecticut, Indiana, Kansas, Kentucky, Maine, Michigan, Montana, New Jersey, New York, Oregon, Rhode Island, South Carolina, Washington and Wisconsin — have all encrypted their front pages. Two of the 10 biggest cities — New York City and San Antonio — have done the same.

Several IT officials in state government pointed to Google as a force driving the move toward encryption. A common concern is the worry, or even confusion, that the “not secure” message might cause for a citizen visiting their government’s website.

“We certainly don’t want to alarm anybody,” said Audrey Hinman, chief of Montana’s Application Technology Services Bureau. “We were going to encrypt anyway but the timing of it definitely was focused on Google’s announcement.”

The states with unencrypted front pages are represented in a map above. The major cities lacking front-page encryption are Houston, Philadelphia, Dallas and San Jose — although a message on the Philadelphia front page says it will move to a new website "this summer."

It’s actually not the case that all of these websites lack encryption completely. Most, if not all, have encryption on pages that handle sensitive information such as credit card payments or home addresses. Many of the front pages have encryption too — but users have to take the time to type out “HTTPS://” before the site address in order to access it. If they type in the address without that, they will be taken to an unencrypted page.

Trust with citizens is important for government IT shops. Government websites these days handle licensing and permitting, they take property tax payments and give people election night voting totals.

Recent cybersecurity breaches in Mecklenburg County, N.C., Atlanta and other places probably doesn’t help.

“In addition to stopping malicious hacking attempts, encryption helps assure users that they’re on a trusted site,” wrote John Dipko, communications director for Wisconsin’s Department of Administration, in an email. “Because some search engines and all browsers visually discourage visits to untrusted sites by displaying that to the user, using SSL [Secure Sockets Layer, a standard way to secure data in transit] helps maintain traffic to our Web properties and boosts our search result rankings compared to untrusted sites.”

Jim Flynn, director of information security for the company CivicPlus — which provides Web services to governments, including website setup — said that citizens might get confused in situations where some pages on a government website are encrypted and others aren’t. Worse, those websites might be undermining their own protection of user data, because they’re giving attackers the ability to access cookies related to a user’s activities on a non-encrypted portion of the website.

“If there’s any sensitive information stored in the cookie and that information is not secured over HTTPS, that could be exposed to man-in-the-middle attacks,” he said.

Since there are thousands and thousands of local governments in the U.S., it would be difficult for any individual organization to get a good idea of how many of them have encrypted websites. But CivicPlus, which has deployed more than 3,000 websites on its CivicEngage platform, can come up with a sampling.

About a year ago, Flynn said, about 15 percent of CivicEngage sites had an SSL certificate. Only 1 percent had HTTPS by default — that is, users were automatically sent to encrypted pages sitewide.

CivicPlus undertook a campaign to drive that number up, acquiring certificates for its websites and streamlining the testing process inherent in migrating to HTTPS. Today, Flynn said, all CivicEngage sites have a certificate and 20 percent are HTTPS by default.

He expects that number to increase as awareness about encryption spreads.

“We’ve seen a major spike, an increase in this,” Flynn said. “It’s a very positive thing. We’ve seen a major spike since May, we’ve seen 300 sites migrate to HTTPS by default.”

One of the larger obstacles in the way of Web page encryption appears to be “mixed content,” — that is, content on the page that is loaded through an unencrypted path. A common example would be a picture. According to Flynn, mixed content can either cause the browser to mark the page as unencrypted or could even cause the page to fail to load.

A lot of time government IT shops spend migrating sites to HTTPS is done performing tests to find mixed content. Flynn attributes much of CivicPlus’ success transferring customers to encryption to the company’s streamlining of that process.

Chris Rein, New Jersey’s new CTO, said the problem with mixed content can be especially common in governments like his, where agencies have historically been responsible for their own websites, as opposed to a central authority handling them.

“You may have heard the cliché, if you’ve seen one website you’ve seen one website,” Rein said. “There’s such diversity among the content, the age, the genre of what tools are used. In New Jersey we provide services to over 50 offices and state agencies in the executive branch and over time there have been a lot of different [website] management styles.”

Another issue, perhaps more ancillary, is network security. Ironically, some network administrators might see HTTPS as a step backward in cybersecurity because encryption gives them less visibility into the traffic coming over a network, hindering their ability to identify malicious activity.

Most people don’t seem to think that’s enough to justify keeping a website unencrypted.

“I think as encryption became adopted as a practice, that was probably more true yesterday … than it is now,” Rein said. “There are tools and measures that are in use right now that actually are able to inspect traffic coming in, traffic going out, even if it’s encrypted.”

Those include tools that look at the metadata that comes through the network, rather than the core information itself, for red flags.

At the end of the day, Montana’s Hinman said the state just didn’t see any good reasons not to encrypt.

“From my perspective, it’s easy to be attained technically, and there’s nothing that we give up by doing it, so why not have that protection?” Hinman said.


          Smartphone Voting Is Happening, but No One Knows if It's Safe      Cache   Translate Page   Web Page Cache   

When news hit this week that West Virginian military members serving abroad will become the first people to vote by phone in a major US election this November, security experts were dismayed. For years, they have warned that all forms of online voting are particularly vulnerable to attacks, and with signs that the midterm elections are already being targeted , they worry this is exactly the wrong time to roll out a new method. Experts who spoke to WIRED doubt that Voatz, the Boston-based startup whose app will run the West Virginia mobile voting, has figured out how to secure online voting when no one else has. At the very least, they are concerned about the lack of transparency.

“From what is available publicly about this app, it's no different from sending voting materials over the internet,” says Marian Schneider, president of the nonpartisan advocacy group Verified Voting. “So that means that all the built-in vulnerability of doing the voting transactions over the internet is present.”

And there are a lot of vulnerabilities when it comes to voting over the internet. The device a person is using could be compromised by malware. Or their browser could be compromised. In many online voting systems, voters receive a link to an online portal in an email from their election officials―a link that could be spoofed to redirect to a different website. There’s also the risk that someone could impersonate the voter. The servers that online voting systems rely on could themselves be targeted by viruses to tamper with votes or by DDoS attacks to bring down the whole system. Crucially, electronic votes don’t create the paper trail that allows officials to audit elections after the fact, or to serve as a backup if there is in fact tampering.

But the thing is, people want to vote by phone. In a 2016 Consumer Reports survey of 3,649 voting-age Americans , 33 percent of respondents said that they would be more likely to vote if they could do it from an internet-connected device like a smartphone. (Whether it would actually increase voter turnout is unclear; a 2014 report conducted by an independent panel on internet voting in British Columbia concludes that, when all factors are considered, online voting doesn’t actually lead more people to vote.)

Thirty-one states and Washington, DC, already allow certain people, mostly service members abroad, to file absentee ballots online, according to Verified Voting . But in 28 of those states―including Alaska, where any registered voter can vote online―online voters must waive their right to a secret ballot, underscoring another major risk that security experts worry about with online voting: that it can't protect voter privacy.

"Because of current technological limitations, and the unique challenges of running public elections, it is impossible to maintain separation of voters’ identities from their votes when Internet voting is used," concludes a 2016 joint report from Common Cause, Verified Voting, and the Electronic Privacy Information Center. That's true whether those votes were logged by email, fax, or an online portal.

Enter Voatz

Voatz says it’s different. The 12-person startup, which raised $2.2 million in venture capital in January, has worked on dozens of pilot elections , including primaries in two West Virginia counties this May. On a website FAQ , it notes, “There are several important differences between traditional Internet voting and the West Virginia pilot―mainly, security.”

Voatz CEO Nimit Sawhney says the app has two features that make it more secure than other forms of online voting: the biometrics it uses to authenticate a voter and the blockchain ledger where it stores the votes.

The biometrics part occurs when a voter authenticates their identity using a fingerprint scan on their phones. The app works only on certain Androids and recent iPhones with that feature. Voters must also upload a photo of an official ID―which Sawhney says Voatz verifies by scanning their barcodes―and a video selfie, which Voatz will match to the ID using facial-recognition technology. (“You have to move your face and blink your eyes to make sure you are not taking a video of somebody else or taking a picture of a picture,” Sawhney says.) It’s up to election officials to decide whether a voter should have to upload a new selfie or fingerprint scan each time they access the app or just the first time.

"We feel like that extra level of anonymization on the phone and on the network makes it really really hard to reverse-engineer."

Nimit Sawhney, Voatz

The blockchain comes in after the votes are entered. “The network then verifies it―there’s a whole bunch of checks―then adds it to the blockchain, where it stays in a lockbox until election night,” Sawhney says. Voatz uses a permissioned blockchain, which is run by a specific group of people with granted access, as opposed to a public blockchain like Bitcoin. And in order for election officials to access the votes on election night, they need Voatz to hand deliver them the cryptographic keys.

Sawhney says that election officials print out a copy of each vote once they access them, in order to do an audit. He also tells WIRED that in the version of the app that people will use in November, Voatz will add a way for voters to take a screenshot of their vote and have that separately sent to election officials for a secondary audit.

To address concerns about ballot secrecy, Sawhney says Voatz deletes all personal identification data from its servers, assigns each person a unique but anonymous identifier within the system, and employs a mix of network encryption methods. “We feel like that extra level of anonymization on the phone and on the network makes it really really hard to reverse-engineer,” he says.

Experts Are Concerned

Very little information is publicly available about the technical architecture behind the Voatz app. The company says it has done a security audit with three third-party security firms, but the results of that audit are not public. Sawhney says the audit contains proprietary and security information that can’t leak to the public. He invited any security researchers who want to see the audit to come to Boston and view it in Voatz’s secure room after signing an NDA.

This lack of transparency worries people who’ve been studying voting security for a long time. “In over a decade, multiple studies by the top experts in the field have concluded that internet voting cannot be made secure with current technology. VOATZ claims to have done something that is not doable with current technology, but WON'T TELL US HOW,” writes Stanford computer scientist and Verified Voting founder David Dill in an email to WIRED.

Voatz shared one white paper with WIRED, but it lacks the kind of information experts might expect―details on the system architecture, threat tests, how the system responds to specific attacks, verification from third parties. “In my opinion, anybody purporting to have securely and robustly applied blockchain technology to voting should have prepared a detailed analysis of how their system would respond to a long list of known threats that voting systems must respond to, and should have made their analysis public,” Carnegie Mellon computer scientist David Eckhardt wrote in an email.

Ideally, experts say, Voatz would have held a public testing period of its app before deploying it in a live election. Back in 2010, for example, Washington, DC, was developing an open-source system for online voting and invited the public to try to hack the system in a mock trial. Researchers from the University of Michigan were able to compromise the election server in 48 hours and change all the vote tallies, according to their report afterward . They also found evidence of foreign operatives already in the DC election server. This kind of testing is now considered best practice for any online voting implementation, according to Eckhardt. Voatz’s trials have been in real primaries.

"West Virginia is handing over its votes to a mystery box."

David Dill, Stanford University

Voatz's use of blockchain itself does not inspire security experts, either, who dismissed it mostly as marketing. When asked for his thoughts on Voatz’s blockchain technology, University of Michigan computer scientist Alex Halderman, who was part of the group that threat-tested the DC voting portal in 2010, sent WIRED a recent XKCD cartoon about voting software. In the last panel, a stick figure with a microphone tells two software engineers, “They say they’ve fixed it with something called ‘blockchain.’” The engineers’ response? “Aaaaa!!!” “Whatever they’ve sold you, don’t touch it.” “Bury it in the desert.” “Wear gloves.”

“Voting from an app on a mobile phone is as bad an idea as voting online from a computer,” says Avi Rubin, technical director of the Information Security Institute at Johns Hopkins, who has studied electronic voting systems since 1997. “The fact that someone is throwing around the blockchain buzzword does nothing to make this more secure. This is as bad an idea as there is.”

Blockchain has its own limitations, and it’s far from a perfect security solution for something like voting. First of all, information can be manipulated before it enters the chain. "In fact, there is an entire industry in viruses to manipulate cryptocurrency transactions before they enter the blockchain, and there is nothing to prevent the use of similar viruses to change the vote," says Poorvi Vora, a computer scientist and election security expert at George Washington University.

She adds that if the blockchain is a permissioned version, as Voatz’s is, “It is possible for those maintaining the blockchain to collude to change the data, as well as to introduce denial of service type attacks.”

Sawhney pushes back against this last critique, telling WIRED that the blockchain verifiers in the Voatz system is a collection of vetted stakeholders such as Voatz itself, election officials, nonprofit voting auditors, and politicians.

And even though the transaction is through an app rather than a browser, Vora says previously identified risks of internet voting remain. "Both the browser and the app run on the operating system underneath, and both, hence, inherit the vulnerabilities that go with relying entirely on software," she says.

Sawhney admits the concern about malware on a person’s device is legitimate but thinks that creating a program to manipulate votes would be so hard as to be impractical. “It’s theoretically possible, if that malware had been specifically written to intercept votes passing, to reverse-engineer our application, break all our keys, specifically modify if somebody marks oval A change it to oval B, and then bypass the identifier and send it to the network, but that is so, so hard to do in real time," he says. "It is possible, but we haven’t found a way to do it.” He adds that the app checks the phone for malware before downloading on a device, though he admits it could be possible for malware to go undetected.

The role of facial recognition in authenticating voter identities is another thing that concerns experts. Schneider worries that there could be ways to trick that technology using videos available elsewhere on the internet, for instance. And Vora notes that facial-recognition technology has knownracial biases that could affect who even is able to access Voatz.

Sawhney tells WIRED that Voatz has people manually check the facial-recognition authorization. This is possible at the moment but could become an issue if the technology were to be introduced to a wider electorate, as Voatz states on its website is the ultimate goal. In fact, Voatz has already encountered a scaling problem. When Utah GOP voters tried to use the app during their caucus in April, many couldn’t get it to work. You can read about many voters’ experience in bad reviews of Voatz they left in Apple’s App Store. Sawhney tells WIRED that the issues stemmed from voters attempting to download the app and authenticate themselves minutes before polls closed, which didn’t give Voatz enough time.

Though Voatz has answers for much of the criticism it has faced this week, none of its responses are likely to convince security experts that the smartphone voting app is ready for November. At the very least, the security world's reaction to Voatz underscores how important transparency is in the rollout of any new voting system. “West Virginia is handing over its votes to a mystery box,” Dill says.

But election officials in West Virginia are enthusiastic about the app. “They used it in the primary in a couple of the other counties to do a test drive, and they said it was wonderful,” says Kanawha County Clerk Vera McCormick, who oversees voting in the state capital of Charleston and plans to allow the 60 overseas military members registered in her county to use Voatz to vote. “We're excited and my understanding is the security is wonderful, so we'll find out.”

More Great WIRED Stories How to make millions charging prisonersto send an email Bioengineers are closer than ever tolab-grown lungs It's never too late tobe a reader again The danger of invisible government deeds How to secure your accounts withbetter 2FA Looking for more? Sign up for our daily newsletter and never miss our latest and greatest stories
          Researchers help close security hole in popular encryption software      Cache   Translate Page   Web Page Cache   

Researchers help close security hole in popular encryption software
Analysis of the AM-modulated signal showing the portion relevant to the security of the encryption software. Credit: Georgia Tech

Cybersecurity researchers at the Georgia Institute of Technology have helped close a security vulnerability that could have allowed hackers to steal encryption keys from a popular security package by briefly listening in on unintended "side channel" signals from smartphones.

The attack, which was reported to software developers before it was publicized, took advantage of programming that was, ironically, designed to provide better security. The attack used intercepted electromagnetic signals from the phones that could have been analyzed using a small portable device costing less than a thousand dollars. Unlike earlier intercept attempts that required analyzing many logins, the "One & Done" attack was carried out by eavesdropping on just one decryption cycle.

"This is something that could be done at an airport to steal people's information without arousing suspicion and makes the so-called 'coffee shop attack' much more realistic," said Milos Prvulovic, associate chair of Georgia Tech's School of Computer Science. "The designers of encryption software now have another issue that they need to take into account because continuous snooping over long periods of time would no longer be required to steal this information."

The side channel attack is believed to be the first to retrieve the secret exponent of an encryption key in a modern version of OpenSSL without relying on the cache organization and/or timing. OpenSSL is a popular encryption program used for secure interactions on websites and for signature authentication. The attack showed that a single recording of a cryptography key trace was sufficient to break 2048 bits of a private RSA key.

Results of the research, which was supported in part by the National Science Foundation, the Defense Advanced Research Projects Agency (DARPA), and the Air Force Research Laboratory (AFRL) will be presented at the 27th USENIX Security Symposium August 16th in Baltimore.

After successfully attacking the phones and an embedded system board―which all used ARM processors―the researchers proposed a fix for the vulnerability, which was adopted in versions of the software made available in May.

Side channel attacks extract sensitive information from signals created by electronic activity within computing devices during normal operation. The signals include electromagnetic emanations created by current flows within the devices computational and power-delivery circuitry, variation in power consumption, and also sound, temperature and chassis potential variation. These emanations are very different from communications signals the devices are designed to produce.


Researchers help close security hole in popular encryption software
Milos Prvulovic and Alenka Zajic use tiny probe near the phone to captures the signal that is digitized by a radio receiver to accomplish the side channel attack. Credit: Allison Carter, Georgia Tech

In their demonstration, Prvulovic and collaborator Alenka Zajic listened in on two different Android phones using probes located near, but not touching the devices. In a real attack, signals could be received from phones or othermobile devices by antennas located beneath tables or hidden in nearby furniture.

The "One & Done" attack analyzed signals in a relatively narrow (40 MHz wide) band around the phones' processor clock frequencies, which are close to 1 GHz (1,000 MHz). The researchers took advantage of a uniformity in programming that had been designed to overcome earlier vulnerabilities involving variations in how the programs operate.

"Any variation is essentially leaking information about what the program is doing, but the constancy allowed us to pinpoint where we needed to look," said Prvulovic. "Once we got the attack to work, we were able to suggest a fix for it fairly quickly. Programmers need to understand that portions of the code that are working on secret bits need to be written in a very particular way to avoid having them leak."

The researchers are now looking at other software that may have similar vulnerabilities, and expect to develop a program that would allow automated analysis of security vulnerabilities.

"Our goal is to automate this process so it can be used on any code," said Zajic, an associate professor in Georgia Tech's School of Electrical and Computer Engineering. "We'd like to be able to identify portions of code that could be leaky and require a fix. Right now, finding these portions requires considerable expertise and manual examination."

Side channel attacks are still relatively rare, but Prvulovic says the success of "One & Done" demonstrates an unexpected vulnerability. The availability of low-cost signal processing devices small enough to use in coffee shops or airports could make theattacks more practical.

"We now have relatively cheap and compact devices―smaller than a USB drive―that are capable of analyzing these signals," said Prvulovic. "Ten years ago, the analysis of this signal would have taken days. Now it takes just seconds, and can be done anywhere―not just in a lab setting."

Producers of mobile devices are becoming more aware of the need to protect electromagnetic signals of phones, tablets and laptops from interception by shielding their side channel emissions. Improving the software running on the devices is also important, but Prvulovic suggests that users of mobile devices must also play a security role.

"This is something that needs to be addressed at all levels," he said. "A combination of factors―better hardware, better software and cautious computer hygiene―make you safer. You should not be paranoid about using your devices in public locations, but you should be cautious about accessing banking systems or plugging yourdevice into unprotected USB chargers."

In addition to those already mentioned, the research involved Monjur M. Alam, Haider A. Khan, Moutmita Dey, Nishith Sinha and Robert Callen, all of Georgia Tech.


          FakesApp: A Vulnerability in WhatsApp      Cache   Translate Page   Web Page Cache   

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu

As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent every day. With so much chatter, the potential for online scams, rumours and fake news is huge. It doesn’t help then, if threat actors have an additional weapon in their arsenal to leverage the platform for their malicious intentions.

Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.

Our teamobserved three possible methods of attack exploiting this vulnerability all of which involve social engineering tactics to fool end-users. A threat actor can:

Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group. Alter the text of someone else’s reply, essentially putting words in their mouth. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.

Following the process of Responsible Disclosure, Check Point Research informed WhatsApp of their findings. From Check Point Research’s view, we believe these vulnerabilities to be of the utmost importance and require attention.

Please read below for our full technical analysis.

Demonstration Video of the Attacks in Action

Technical Analysis

As is well known, WhatsApp encrypts every message, picture, call, video or any other type of content you send so that only the recipient can see it. What’s more, not even WhatsApp has the ability to view those messages.


FakesApp: A Vulnerability in WhatsApp

Figure 1:WhatsApp Encrypted Chat

These encryption processes caught our attention and we decided to try to reverse WhatsApp’s algorithm to decrypt the data. Indeed, after decrypting the WhatsApp communication we found that WhatsApp is using the “ protobuf2 protocol ” to do so.

By converting this protobuf2 data to Json we were able to see the actual parameters that are sent and manipulate them in order to check WhatsApp’s security.

The outcome of our research is a Burp Suit Extension and 3 Manipulation methods .

To start the manipulation, though, we first have to get the private and public key of our session and fill it in our burpsuit extension.

If you are interested in a detailed explanation about how the encryption actually works behind the scenes, please read the encryption paragraph at the end of this blog post.

Accessing the Keys

The keys can be obtained from the key generation phase from WhatsApp Web before the QR code is generated:


FakesApp: A Vulnerability in WhatsApp

Figure 2:Public and Private Key of the Communication

After we take these keys we need to take the “secret” parameter which is sent by the mobile phone to WhatsApp Web while the user scans the QR code:


FakesApp: A Vulnerability in WhatsApp

Figure 3:The Secret Key from the WebSocket

As a result of this, our extension will look like the below:


FakesApp: A Vulnerability in WhatsApp

Figure 4:WhatsApp Decoder Burp Extension

After clicking on “Connect”, the extension connects to the extension’s local server, which will perform all the tasks required for the extension.

Manipulating WhatsApp

By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues.

This resulted in us being able to carry out a variety of attack types, which are described below.

Attack 1: Change the Identity of a Sender in a Group Chat, Even If They Are Not a Member of the Group

In this attack, it is possible to spoof a reply message to impersonate another group member and even a non-existing group member, for example, ‘Mickey Mouse’.

To impersonate someone from the group, all the attacker need do is catch the encrypted traffic:


FakesApp: A Vulnerability in WhatsApp

Figure 5:Encrypted WhatsApp Communication

Once the traffic is captured, he can simply send it to an extension which will then decrypt the traffic:


FakesApp: A Vulnerability in WhatsApp

Figure 6:Decrypting the WhatsApp Message

By Using Our Extension

The interesting parameters to note here are:

conversation This is the actual content which is sent. participant This is the participant that actually sent the content. fromMe This parameter indicates if I sent the data or someone else in the group. remoteJid This parameter indicates to which group/contact the data is sent. id The id of the data. The same id will appear in the phone databases.

And this is the point where interesting things begin to happen…

For example, we can change the conversation to something else. The message with the content “ Great! ” sent by a member of a group, for instance, could be changed to something else like: “ I’m going to die, in a hospital right now ” and the participant parameter could also be changed to someone else from the group:


FakesApp: A Vulnerability in WhatsApp

Figure 7:ASpoofed Reply Message

Note that we have to change the id to something else because it is already sent and appears in the database.

In order to make everyone see the new spoofed message the attacker needs to reply to the message he spoofed, quoting and changing that message (“Great”) in order for it be sent to everyone in the group.

As you can see in the below screenshot, we created a new group where no previous messages were sent, and by using the method from above we were able to create a fake reply.
FakesApp: A Vulnerability in WhatsApp

Figure 8:The Original Conversation

The ‘participant’ parameter can also be a text or a phone number of someone that is not in the group, which would cause everyone in the group to believe that it actually is sent from this participant.

For example:
FakesApp: A Vulnerability in WhatsApp

Figure 9:Changing The Content Of The Message

By Using Our Debugging Tool

…and the result will look like this:


          IT Support Technician III - Sierra Nevada Corporation - Madison, WI      Cache   Translate Page   Web Page Cache   
Microsoft, Lotus Notes, McAfee Antivirus, PGP encryption, wireless, Citrix, Dell laptops/desktops, and HP Printers....
From Sierra Nevada Corporation - Tue, 19 Jun 2018 17:07:21 GMT - View all Madison, WI jobs
          IT Project Technician - START DATE 10/01 - Smartech & Associates, LP - Ferndale, WA      Cache   Translate Page   Web Page Cache   
Enable McAfee Encryption (Laptop only). SMARTECH is a growing IT service provider connecting certified IT personnel with multiple major clients in the industry....
From Indeed - Thu, 26 Jul 2018 19:41:16 GMT - View all Ferndale, WA jobs
          Database Encryption Market to Set Phenomenal Growth by 2025 | Leading Key Players: Microsoft, Oracle, Netapp      Cache   Translate Page   Web Page Cache   
Database Encryption Market HTF MI recently introduced Global Database Encryption Market study with in-depth overview, describing about the Product / Industry Scope and elaborates market outlook and status to 2023.
          Comment on Automatic Login And Why You Should Never Use It by Gary Rosenzweig      Cache   Translate Page   Web Page Cache   
Ian: Aren't you using the Time Machine encryption option? If so, then they wouldn't be able to access the data on your Time Machine drive without your password. As for clones, perhaps the cloning software you use has an encryption option. Or, maybe consider simply using Time Machine for a second backup instead of a clone. Consider the reasons why you have a clone too -- they aren't as useful as a real incremental backup like Time Machine and this security issue could be a big downside for you.
          Trading apps expose investors to cybercriminals, report finds      Cache   Translate Page   Web Page Cache   
Some apps store subscribers' passwords or data on trading without encryption.
          ‘Side-Channel’ Cyber Attacks Rare, But Chilling      Cache   Translate Page   Web Page Cache   

Not all heroes wear capes: Researchers at the Georgia Institute of Technology helped close a vulnerability that allowed hackers to steal encryption keys from OpenSSL. With the right equipment (available commercially for less […]

The post ‘Side-Channel’ Cyber Attacks Rare, But Chilling appeared first on Geek.com.


          ‘Side-Channel’ Cyber Attacks Rare, But Chilling      Cache   Translate Page   Web Page Cache   

Not all heroes wear capes: Researchers at the Georgia Institute of Technology helped close a vulnerability that allowed hackers to steal encryption keys from OpenSSL. With the right equipment (available commercially for less […]

The post ‘Side-Channel’ Cyber Attacks Rare, But Chilling appeared first on Geek.com.


          FoxRansom Ransomware      Cache   Translate Page   Web Page Cache   
The FoxRansom Ransomware is a file-encryption Trojan, which is still in development by what appears to be a Polish cybercriminal. The good news is that this project is not very elaborate since the author has opted to use the source code of the HiddenTear project as a foundation for the FoxRansom Ransomware. This means that […]
          Zoldon Ransomware      Cache   Translate Page   Web Page Cache   
The Zoldon Ransomware (also seen as ZOLDON Crypter V3.0) is a file-encryption Trojan which, sadly, is not compatible with any of the ransomware decrypters available currently. This means that its victims will not be able to rely on free decryption software and, instead, they will need to look into alternative file restoration options that may […]
          Documentary -The Blockchain and Us, Also, Blockchain and World Poverty and Blockchain Solutions to Mischief and Poverty. Conservative Podcasts. Show 3133.       Cache   Translate Page   Web Page Cache   

Show 3133 Documentary -The Blockchain and Us, Also, Blockchain and World Poverty and Blockchain Solutions to Mischief and Poverty.

Segment 1- Documentary. The Blockchain and Us.

https://youtu.be/2iF73cybTBs

Manuel Stagars

A film by Manuel Stagars http://www.blockchain-documentary.com For more interviews about the brave new world of blockchain technology and cryptocurrencies, see Manuel's podcast: http://www.theblockchainandus.com. In 2008, Satoshi Nakamoto invented bitcoin and the blockchain. For the first time in history, his invention made it possible to send money around the globe without banks, governments or any other intermediaries. The concept of the blockchain isn’t very intuitive. But still, many people believe it is a game changer. Economist and filmmaker Manuel Stagars portrays this exciting technology in interviews with software developers, cryptologists, researchers, entrepreneurs, consultants, VCs, authors, politicians, and futurists from the United States, Canada, Switzerland, the UK, and Australia. The Blockchain and Us is no explainer video of the technology. It gives a view on the topic, makes it accessible and starts a conversation about its potential wider implications in a non-technical way. The film deliberately poses more questions than it answers. For a deep dive, see all full-length interviews from the film here: http://www.blockchain-documentary.com...     Published on Apr 4, 2017

 

Segment 2- How Blockchain Will End World Poverty

https://youtu.be/3GL0i0fOdUg

Aksel Sindre Farstad

William Blair partner Brian Singer explains how Bitcoin and blockchain encryption has a greater ability to bring more of the world's population out of poverty than anything we've seen in decades. Published on May 17, 2016

 

Segment 3- From The Mises Institute.

Why We Fight: Blockchain Solutions to Mischief and Poverty | Patrick Byrne

 

Sources and Acknowledgements.

 

Subscribe to FORBES: http://www.youtube.com/forbes Check out our full video catalog: http://www.youtube.com/user/forbes/vi... For more FORBES content: http://forbes.com Follow FORBES on Twitter: http://twitter.com/forbes Like FORBES on Facebook: http://fb.com/forbes Follow FORBES on Instagram: http://instagram.com/forbes If you want a well paid job in cryptocurrency and blockchain, feel free to contact me: If you want to work with us, please contact me at: Skype: aksel.sindre.farstad Facebook: www.facebook.com/akself E-post: aksel@onecoinnorway.com Landing page: www.ocfutureofpayments.com/volbeat Also check other videoes in my YouTube channel clicking my name. Watch video Join us in Team Intowin. We will take good care of you.

 

Go to - Mises Institute

---------------------------------------------------------------------------------------------

HELP ACU SPREAD THE WORD!

Please send to friends, post on Facebook, twitter, etc…

Over 3,000 commercial free archived shows are available on our podcast site here.  

 

Ways to subscribe to the American Conservative University Podcast

Click here to subscribe via iTunes

Click here to subscribe via RSS

You can also subscribe via Stitcher

You can also subscribe via SoundCloud

If you like this episode head on over to iTunes and kindly leave us a rating, a review and subscribe! People find us through our good reviews.

 

FEEDBACK + PROMOTION

You can ask your questions, make comments, submit ideas for shows and lots more. Let your voice be heard.

Download our FREE iOS App.

Download our FREE Android App.

Email us at americanconservativeuniversity@americanconservativeuniversity.com


          DevSecOps - PinPoint Talent - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Previous Experience in Ethical Hacking, Penetration Testing and Encryption. You'll be working with cutting edge technology to build, deploy and automate...
From PinPoint Talent Inc. - Mon, 30 Jul 2018 13:39:42 GMT - View all Ottawa, ON jobs
          DevOps Security Engineer - Qlik - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Encryption technologies, ethical hacking and penetration testing. Provide advice on hacking tools and techniques including advanced malware detection....
From Qlik - Fri, 20 Jul 2018 02:17:32 GMT - View all Ottawa, ON jobs
           Embedded Computing Needs Hardware-Based Security       Cache   Translate Page   Web Page Cache   
Embedded Computing Needs Hardware-Based Security

Embedded systems are in a profound transition: from physically isolated, autonomous devices to Internet-connected, accessible devices. Designers are learning—often to their dismay—that the mutation requires far more than just gluing a network interface onto the bus and adding an Internet Protocol stack. In many ways, these Internet-aware designs are coming to look less like traditional […]

Embedded systems are in a profound transition: from physically isolated, autonomous devices to Internet-connected, accessible devices. Designers are learning—often to their dismay—that the mutation requires far more than just gluing a network interface onto the bus and adding an Internet Protocol stack. In many ways, these Internet-aware designs are coming to look less like traditional embedded systems and more like miniaturized enterprise data centers.

Much data-center technology—multitasking, multiprocessing, and fast private networks, for example—is already familiar to designers of large embedded systems, albeit on a far smaller scale. But one data-center technology—system security—may prove novel. Yet the same needs that shape data-center security architectures magically appear in embedded systems–once you connect them to the Internet. Unlike compute, storage, or connectivity requirements though, the demands of security don’t diminish much when you scale the system down from a warehouse-sized data center to a connected embedded device.

Data Center Security

So what is it that data centers—and connected embedded systems–need in the way of security? First, they need to protect themselves from external attacks and internal subversion by their own applications. This means providing a protected envelope in which any attempt to read or write code or data will be authenticated before it is performed. It also means that all system code and data—for operating systems, hypervisors, management, or maintenance—must be strongly encrypted when it is in storage or in transit outside that trusted envelope.

Second, data centers must support the security needs of their applications. Apps may provide transport-layer security (TLS, once known as secure socket layer, or SSL) for their clients, or they may use public-key authentication and encryption. They may also require authenticated and encrypted inter-process communication and storage, often using symmetric-key cryptography. They will look to the data center for key management and, often, crypto algorithm acceleration.

There are three common elements to all of these needs. They all require a secure, accelerated environment (Figure 1) in which to execute cryptographic algorithms. They need a safe way to create, store, send, and receive cryptographic keys. And, in order to create strong keys, they need a true random number generator based on a physical source of entropy.

Figure 1. Extreme measures are necessary to protect encryption keys and codes.

Crypto algorithms need a special environment for two reasons. First, they must be kept secure from corruption and monitoring. They are the ideal point of attack in the data center. Second, they can place an unsupportable computing burden on application CPUs, driving up latency in just the places where apps are most latency-sensitive. Both of these arguments suggest a physically secure proprietary hardware accelerator.

The problem of cryptographic key management presents similar issues. Secret keys must of course be kept secret. Less obviously, public keys must be protected from tampering. If a hacker can substitute a key she created for a public key you obtained from a certificate authority, you will authenticate messages from the hacker instead of genuine messages. These concerns preclude allowing unencrypted keys to ever be in server memory or storage. In fact some experts argue that they preclude allowing even encrypted keys into shared memory.

The random number problem is more mathematical. In order to generate a new key, you start with a random number. If the number is not truly random, but follows a statistical pattern, you have just narrowed the space in which an attacker must search to discover the key. Software random-number generators, though, can only approximate a genuinely random distribution. The poorer the approximation, the easier it will be for an attacker to find the key through directed trial and error. So ideally, you would get your random number by sampling a truly random physical process, such as delay-line jitter, RF noise or semiconductor junction noise. There is strong motivation to have a hardware-based random-number generator.

The HSM

These considerations led vendors to develop, and most data centers to install, a specialized appliance called a hardware security module (HSM). In either board or box form factor, the HSM meets the requirements outlined above, with several distinctive features.

First, the HSM is physically tamper-resistant, in much the same manner as a smartcard. The package may be designed to resist penetration, voltage manipulation, thermal attacks, and even examination by x-rays or ion beams. Such events should trigger the module to delete internal memory. Ideally, the module should also block side-channel attacks such as differential power analysis.

Second, the HSM should provide proprietary hardware for crypto algorithm acceleration, key storage, and random-number generation.

Third, the HSM must have a highly restrictive, bullet-proof firewall. The device should only respond to authenticated requests for a small number of pre-defined actions, such as to encrypt or decrypt a string or to create, read, write, or apply a key. Private or secret keys should only be readable under rigorous conditions, and only in encrypted form. Two special functions, key back-and up and restore, usually to a smartcard, and firmware update, must be very carefully controlled, ideally by multi-party authentication involving at least one trusted human.

By providing multiple levels of security, from external tamper protection to strong encryption of internal data and code, the HSM becomes so hard to hack that for most attackers it just isn’t worth the bother (Figure 2). Sadly, in practice it usually isn’t worth the bother because some other part of the data center is much more vulnerable. In any case, the HSM establishes the foundation on which the rest of the data-center security architecture is constructed.

.Figure 2. Full security requires multiple layers of defenses.

Understandably, HSM vendors are uninterested in describing the architectures of their modules. But it is possible to make some generalizations about just what is in a typical box-level HSM (Figure 3).

Figure 3. A typical HSM has a relatively simple structure.

The tamper resistance functions require hardware support, including motion, capacitive, radiation, voltage, and temperature sensors. There will be a secure microcontroller, ideally with in-line encryption/decryption on the memory and I/O interfaces. It will be the job of this MCU to monitor the sensors and supervise the other functions of the HSM. It will also read some sort of analog device to get a seed for random number generation. The MCU should of course also be secure against side-channel attacks.

In addition, there should be secure memory for key storage. Ideally this should be a custom device resistant to scanning from outside and instantly erasable when intrusion is detected. But the very large amount of memory that may be necessary for key storage and for buffers for encryption and decryption tasks in a data center may make DRAM the only practical solution, and the security features will have to be incorporated into the DIMMs.

Since the firewall is so restrictive, it can probably be implemented in a hardware state machine, relieving the MCU of some overhead and reducing the risk of a successful attack on the MCU software. And last but not least, our HSM will include a crypto algorithm accelerator. This would usually be a hardware data path optimized for the necessary encryption and authentication algorithms.

But there is a problem in that last statement. There are dozens of key-exchange, authentication, and encryption algorithms in wide use. Murphy’s Law dictates that a data center will have to support a large subset of them, plus some proprietary algorithms dreamed up by apps developers. Covering all these needs with a fixed hardware accelerator might mean either accelerating only very primitive operations, as in a large bank of multiply-accumulators, and shifting a lot of the work back onto the MCU, or else building a very complex—and very hard to verify—reprogrammable state machine. If the latter approach is taken, there will immediately be pressure from data center managers to make the accelerator more general and more accessible to users for application acceleration. HSM vendors must balance these desires against the absolute need to keep the accelerator verifiable during the design process and secure during operation. Some security experts, though, argue that user programmability and security are fundamentally incompatible. If you want the accelerator to be incorruptible, you must define and verify its functions at design time.

The custom hardware—primarily the crypto datapath—could be done in an easy ASIC, but it would require special attention to ensure that differential power attacks could glean no information from the ASIC’s supply rails, and that the circuitry was protected against voltage and temperature exploits—not unsimilar to the precautions you would take designing a smartcard chip. With these provisions, a secure MCU core could be included in the ASIC as well, if the design team had the necessary expertise or access to appropriate intellectual property (IP). ARM, for example, is now offering a tamper-resistant line of processor IP cores based on the Cortex*-M architecture and called SecureCore. These might prove adequate if the heavy lifting of the crypto algorithms stays in the accelerator.

This custom design could also be done in an FPGA. But use of an FPGA raises some new issues. Most FPGAs are volatile and configured at power-up from an external memory. This boot process can be protected by encryption, and vendors provide for that. Also, most FPGAs have limited or no mixed-signal capabilities, so it might be impossible to integrate the range of sensor inputs required for tamper detection without external analog-to-digital converters (ADCs), which would themselves add to the attack surface and have to be protected. There are exceptions to both the need for external configuration ROM and lack of mixed-signal circuits, but the exceptions tend to be smaller devices, such as the Intel® MAX® 10 device family.

FPGAs also introduce some new opportunities. Because the accelerator datapath would be run-time reconfigurable, the crypto accelerator could be reconfigured for each algorithm family as needed, bypassing the dilemma of flexibility versus security. Additionally, there has been some work in creating entropy sources in FPGAs for use by true random number generators.

All of these implementation options raise another important question. With so many ways to implement the HSM, how can a user know how secure a particular device actually is? The answer is independent certification. The main standard used for HSMs, Federal Information Processing Standard (FIPS) 140-2, was created by the US National Institute of Standards and Technology (NIST). FIPS 140-2 defines four levels of security, ranging from just an unprotected crypto engine on the weak end to an engine and storage subsystem fully enclosed by intrusion and tamper resistant or detecting hardware on the strong end. Each individual design must be certified by a third-party lab recognized under a certification program jointly operated by NIST and Canada’s Communications Security Establishment.

HSMs may also be evaluated at the product level under the international Common Criteria for Information Technology Security Evaluation (glibly known as CC), ISO 15408. This certification process is also done by recognized third-party labs. But unlike FIPS 140-2, which evaluates the overall actual security level of the HSM, CC evaluation in effect only checks that claims submitted by the vendor are supportable. This approach, which may or may not involve actual testing of the product, has been used to, for example, get various versions of Microsoft Windows certified under the CC. So it is pretty much up to the user to determine what was actually certified, at what level, and what the implications are for their own use case.

An Embedded HSM?

The challenges that brought HSMs to the data center are now present in edge computing, with a few important differences. Embedded systems are likely to use just a few crypto algorithms compared to the plethora a data center would face. And similarly, connected embedded systems probably would need to manage far fewer keys than a data center. Both of these differences could simplify the one big problem with bringing HSMs to embedded systems.

That problem is scale. Depending on capabilities and level of security, data-center HSMs cost from hundreds to thousands of dollars. The range in size from PCIe* cards to pizza-sized boxes. For an edge-computing rack full of servers that is not a serious problem. But for a more typical embedded system, supposed to fit into a small box or onto a circuit board inside a mechanical assembly, it is a non-starter. There is a clear need for HSM technology to scale down from the pizza box to chip level without compromising functionality or security.

But is this feasible? Technically, the answer appears to be yes. As we have seen, all the functions of an HSM could in principle be absorbed into an ASIC or FPGA, with the exception of some sensors and the more mechanical elements of physical intrusion detection. And MCU vendors have already offered pieces of a full solution, including secure software-execution modes, on-chip private memories, and limited crypto accelerators. As one report observed, even ordinary smartcard hardware could be used as a reasonably secure but very limited HSM. So an embedded design team with the requisite skills and motivation should be able to produce a chip-level HSM.

But such a project would face several serious challenges. The requisite skills include secure processor and memory design, a good grasp of cryptography, and experience with physical tamper protection. That’s not a common skill set in embedded design teams. The design should get FIPS 140-2 certification. But that can be an expensive and time-consuming process, as can ISO 15408, running into the hundreds of thousands of dollars and months of delays. And all this work could only be amortized across the relatively tiny volumes of the embedded system under design.

Most serious, perhaps would be a less tangible challenge: convincing management to take system security seriously enough to ignore halfway measures and undertake an HSM chip design. Unfortunately, there is still in management a great deal of magical thinking about the threats facing connected embedded systems, even in applications like power generation and transportation where the potential for damage is vast.

But there is another way. Perhaps it is time for a semiconductor vendor, with its far broader market and great access to specialized expertises, to undertake a FIPS 140-2 certified HSM chip. At some point, after a few more high-profile attacks on too-important and too-vulnerable physical plants, further progress in edge computing may require it.


       Contact Us  |  New User  |  Site Map  |  Privacy  |  Legal Notice 
        Copyright © 1995-2016 Altera Corporation, 101 Innovation Drive, San Jose, California 95134, USA
Update feed preferences

           Embedded Computing on the Edge       Cache   Translate Page   Web Page Cache   
Embedded Computing on the Edge

Embedded computing has passed—more or less unscathed—through many technology shifts and marketing fashions. But the most recent—the rise of edge computing—could mean important new possibilities and challenges. So what is edge computing (Figure 1)? The cynic might say it is just a grab for market share by giant cloud companies that have in the past struggled […]

Embedded computing has passed—more or less unscathed—through many technology shifts and marketing fashions. But the most recent—the rise of edge computing—could mean important new possibilities and challenges.

So what is edge computing (Figure 1)? The cynic might say it is just a grab for market share by giant cloud companies that have in the past struggled in the fragmented embedded market, but now see their chance. That theory goes something like this.

Figure 1. Computing at the network edge puts embedded systems in a whole new world.

With the concept of the Internet of Things came a rather naïve new notion of embedded architecture: all the embedded system’s sensors and actuators would be connected directly to the Internet—think smart wall switch and smart lightbulb—and all the computing would be done in the cloud. Naturally, this proved wildly impractical for a number of reasons, so the gurus of the IoT retreated to a more tenable position: some computing had to be local, even though the embedded system was still very much connected to the Internet.

Since the local processing would be done at the extreme periphery of the Internet, where IP connectivity ended and private industrial networks or dedicated connections began, the cloud- and network-centric folks called it edge computing. They saw the opportunity to lever their command of the cloud and network resources to redefine embedded computing as a networking application, with edge computing as its natural extension.

A less cynical and more useful view looks at edge computing as one facet of a new partitioning problem that the concurrence of cloud computing, widespread broadband access, and some innovations in LTE cellular networks have created. Today, embedded systems designers must, from requirements definition on through the design process, remember that there are several very different processing sites available to them (Figure 2). There is the cloud. There is the so-called fog. And there is the edge. Partitioning tasks and data among these sits has become a necessary skill to the success of an embedded design project. If you don’t use the new computing resources wisely, you will be vulnerable to a competitor who does—not only in terms of features, performance, and cost advantages to be gained, but in consideration of the growing value of data that can be collected from embedded systems in operation.

.Figure 2. Edge computing offers the choice of three different kinds of processing sites.

The Joy of Partitioning

Unfortunately, partitioning is not often a skill embedded-system designers cultivate. Traditional embedded designs employ a single processor, or at worst a multi-core SoC with an obvious division of labor amongst the cores.

But edge computing creates a new scale of difficulty. There are several different kinds of processing sites, each with quite distinct characteristics. And the connections between processors are far more complicated than the nearly transparent inter-task communications of shared-memory multicore systems. So, doing edge computing well requires a rather formal partitioning process. It begins with defining the tasks and identifying their computing, storage, bandwidth, and latency requirements. Then the process continues by characterizing the compute resources you have available, and the links between them. Finally, partitioning must map tasks onto processors and inter-task communications onto links so that the system requirements are met. This is often an iterative process that at best refines the architecture and at worst turns into a protracted, multi-party game of Whack-a-Mole. It is helpful, perhaps, to look at each of these issues: tasks, processing and storage sites, and communications links, in more detail.

The Tasks

There are several categories of tasks in a traditional embedded system, and a couple of categories that have recently become important for many designs. Each category has its own characteristic needs in computing, storage, I/O bandwidth, and task latency.

In any embedded design there are supervisory and housekeeping tasks that are necessary, but are not particularly compute- or I/O- intensive, and that have no hard deadlines. This category includes most operating-system services, user interfaces, utilities, system maintenance and update, and data logging.

A second category of tasks with very different characteristics is present in most embedded designs. These tasks directly influence the physical behavior of the system, and they do have hard real-time deadlines, often because they are implementing algorithms within feedback control loops responsible for motion control or dynamic process control. Or they may be signal-processing or signal interpretation tasks that lie on a critical path to a system response, such as object recognition routines behind a camera input.

Often these tasks don’t have complex I/O needs: just a stream or two of data in and one or two out. But today these data rates can be extremely high, as in the case of multiple HD cameras on a robot or digitized radar signals coming off a target-acquisition and tracking radar. Algorithm complexity has traditionally been low, held down by the history of budget-constrained embedded designs in which a microcontroller had to implement the digital transfer function in a control loop. But as control systems adopt more modern techniques, including stochastic state estimation, model-based control, and, recently, insertion of artificial intelligence into control loops, in some designs the complexity of algorithms inside time-critical loops has exploded. As we will see, this explosion scatters shrapnel over a wide area.

The most important issue for all these time-critical tasks is that the overall delay from sensor or control input to actuator response be below a set maximum latency, and often that it lies within a narrow jitter window. That makes partitioning of these tasks particularly interesting, because it forces designers to consider both execution time—fully laden with indeterminacies, memory access and storage access delays—and communications latencies together. The fastest place to execute a complex algorithm may be unacceptably far from the system.

We also need to recognize a third category of tasks. These have appeared fairly recently for many designers, and differ from both supervisory and real-time tasks. They arise from the intrusion of three new areas of concern: machine learning, functional safety, and cyber security. The distinguishing characteristic of these tasks is that, while each can be performed in miniature with very modest demands on the system, each can quickly develop an enormous appetite for computing and memory resources. And, most unfortunately, each can end up inside delay-sensitive control loops, posing very tricky challenges for the design team.

Machine learning is a good case in point. Relatively simply deep-learning programs are already being used as supervisory tasks to, for instance, examine sensor data to detect progressive wear on machinery or signs of impending failure. Such tasks normally run in the cloud without any real-time constraints, which is just as well, as they do best with access to huge volumes of data. At the other extreme, trained networks can be ported to quite compact blocks of code, especially with the use of small hardware accelerators, making it possible to use a neural network inside a smart phone. But a deep-learning inference engine trained to detect, say, excessive vibration in a cutting tool during a cut or the intrusion of an unidentified object into a robot’s planned trajectory—either of which could require immediate intervention—could end up being both computationally intensive and on a time-critical path.

Similarly for functional safety and system security, simple rule-based safety checks or authentication/encryption tasks may present few problems for the system design. But simple often, in these areas, means weak. Systems that must operate in an unfamiliar environment or must actively repel novel intrusion attempts may require very complex algorithms, including machine learning, with very fast response times. Intrusion detection, for instance, is much less valuable as a forensic tool than as a prevention.

Resources

Traditionally, the computing and storage resources available to an embedded system designer were easy to list. There were microcontroller chips, single-board computers based on commercial microprocessors, and in some cases boards or boxes using digital signal processing hardware of one sort or another. Any of these could have external memory, and most could attach, with the aid of an operating system, mass storage ranging from a thumb drive to a RAID disk array. And these resources were all in one place: they were physically part of the system, directly connected to sensors, actuators, and maybe to an industrial network.

But add Internet connectivity, and this simple picture snaps out of focus. The original system is now just the network edge. And in addition to edge computing, there are two new locations where there may be important computing resources: the cloud, and what Cisco and some others are calling the fog.

The edge remains much as it has been, except of course that everything is growing in power. In the shadow of the massive market for smart-phone SoCs, microcontrollers have morphed into low-cost SoCs too, often with multiple 32-bit CPU cores, extensive caches, and dedicated functional IP suited to a particular range of applications. Board-level computers have exploited the monotonically growing power of personal computer CPU chips and the growth in solid-state storage. And the commoditization of servers for the world’s data centers has put even racks of data-center-class servers within the reach of well-funded edge computing sites, if the sites can provide the necessary space, power, and cooling.

Recently, with the advent of more demanding algorithms, hardware accelerators have become important options for edge computing as well. FPGAs have long been used to accelerate signal-processing and numerically intensive transfer functions. Today, with effective high-level design tools they have broadened their use beyond these applications into just about anything that can benefit from massively parallel or, more importantly, deeply pipelined execution. GPUs have applications in massively data-parallel tasks such as vision processing and neural network training. And as soon as an algorithm becomes stable and widely used enough to have good library support—machine vision, location and mapping, security, and deep learning are examples—someone will start work on an ASIC to accelerate it.

The cloud, of course, is a profoundly different environment: a world of essentially infinite numbers of big x86 servers and storage resources. Recently, hardware accelerators from all three races—FPGAs, GPUs, and ASICs—have begun appearing in the cloud as well. All these resources are available for the embedded system end-user to rent on an as-used basis.

The important questions in the cloud are not about how many resources are available—there are more than you need—but about terms and conditions. Will your workload run continuously, and if not, what is the activation latency? What guarantees of performance and availability are there? What will this cost the end user? And what happens if the cloud platform provider—who in specialized application areas is often not a giant data-center owner, but a small company that itself leases or rents the cloud resources—suffers a change in situation? These sorts of questions are generally not familiar to embedded-system developers, nor to their customers.

Recently there has been discussion of yet another possible processing site: the so-called fog. The fog is located somewhere between the edge and the cloud, both physically and in terms of its characteristics.

As network operators and wireless service providers turn from old dedicated switching hardware to software on servers, increasingly, Internet connections from the edge will run not through racks of networking hardware, but through data centers. For edge systems relying on cloud computing, this raises an important question: why send your inter-task communications through one data center just to get it to another one? It may be that the networking data center can provide all the resources your task needs without having to go all the way to a cloud service provider (CSP). Or it may be that a service provider can offer hardware or software packages to allow some processing in your edge-computing system, or in an aggregation node near your system, before having to make the jump to a central facility. At the very least you would have one less vendor to deal with. And you might also have less latency and uncertainly introduced by Internet connections. Thus, you can think of fog computing as a cloud computing service spread across the network and into the edge, with all the advantages and questions we have just discussed.

Connections

When all embedded computing is local, inter-task communications can almost be neglected. There are situations where multiple tasks share a critical resource, like a message-passing utility in an operating system, and on extremely critical timing paths you must be aware of the uncertainly in the delay in getting a message between tasks. But for most situations, how long it takes to trigger a task and get data to it is a secondary concern. Most designs confine real-time tasks to a subset of the system where they have a nearly deterministic environment, and focus their timing analyses there.

But when you partition a system between edge, fog, and cloud resources, the kinds of connections between those three environments, their delay characteristics, and their reliability all become important system issues. They may limit where you can place particular tasks. And they may require—by imposing timing uncertainty and the possibility of non-delivery on inter-task messages—the use of more complex control algorithms that can tolerate such surprises.

So what are the connections? We have to look at two different situations: when the edge hardware is connected to an internet service provider (ISP) through copper or fiber-optics (or a blend of the two), and when the connection is wireless (Figure 3).

Figure 3. Tasks can be categorized by computational complexity and latency needs.

The two situations have one thing in common. Unless your system will have a dedicated leased virtual channel to a cloud or fog service provider, part of the connection will be over the public Internet. That part could be from your ISP’s switch plant to the CSP’s data center, or it could be from a wireless operator’s central office to the CSP’s data center.

That Internet connection has two unfortunate characteristics, from this point of view. First, it is a packet-switching network in which different packets may take very different routes, with very different latencies. So, it is impossible to predict more than statistically what the transmission delay between two points will be. Second, Internet Protocol by itself offers only best-effort, not guaranteed, delivery. So, a system that relies on cloud tasks must tolerate some packets simply vanishing.

An additional point worth considering is that so-called data locality laws—which limit or prohibit transmission of data outside the country of origin—are spreading around the world. Inside the European Union, for instance, it is currently illegal to transmit data containing personal information across the borders of a number of member countries, even to other EU members. And in China, which uses locality rules for both privacy and industrial policy purposes, it is illegal to transmit virtually any sort of data to any destination outside the country. So, designers must ask whether their edge system will be able to exchange data with the cloud legally, given the rapidly evolving country-by-country legislation.

These limitations are one of the potential advantages of the fog computing concept. By not traversing the public network, systems relying on ISP or wireless-carrier computing resources or local edge resources can exploit additional provisions to reduce the uncertainty in connection delays.

But messages still have to get from your edge system to the service provider’s aggregation hardware or data center. For ISPs, that will mean a physical connection, typically using Internet Protocol over fiber or hybrid copper/fiber connections, often arranged in a tree structure. Such connections allow for provisioning of fog computing nodes at points where branches intersect. But as any cable TV viewer can attest, they also allow for congestion at nodes or on branches to create great uncertainties in available bandwidth and latency. Suspension of net neutrality in the US has added a further uncertainty, allowing carriers to offer different levels of service to traffic from different sources, and to charge for quality-of-service guarantees.

If the connection is wireless, as we are assured many will be once 5G is deployed, the uncertainties multiply. A 5G link will connect your edge system through multiple parallel RF channels and multiple antennas to one or more base stations. The base stations may be anything from a small cell with minimal hardware to a large local processing site with, again, the ability to offer fog-computing resources, to a remote radio transceiver that relies on a central data center for all its processing. In at least the first two cases, there will be a separate backhaul network, usually either fiber or microwave, connecting the base station to the service provider’s central data center.

The challenges include, first, that latency will depend on what kind of base stations you are working with—something often completely beyond your control. Second, changes in RF transmission characteristics along the mostly line-of-site paths can be caused by obstacles, multipath shifts, vegetation, and even weather. If the channel deteriorates, retry rates will go up, and at some point the base station and your edge system will negotiate a new data rate, or roll the connection over to a different base station. So even for a fixed client system, the characteristics of the connection may change significantly over time, sometimes quite rapidly.

Partitioning

Connectivity opens a new world for the embedded-system designer, offering amounts of computing power and storage inconceivable in local platforms. But it creates a partitioning problem: an iterative process of locating tasks where they have the resources they need, but with the latencies, predictability, and reliability they require.

For many tasks location is obvious. Big-data analyses that comb terabytes of data to predict maintenance needs or extract valuable conclusions about the user can go in the cloud. So, can compute-intensive real-time tasks when acceptable latency is long, and the occasional lost message is survivable or handled in a higher-level networking protocol. A smart speaker in your kitchen can always reply “Let me think on that a moment,” or “Sorry, what?”

Critical, high-frequency control loops must stay at or very near the edge. Conventional control algorithms can’t tolerate the delay and uncertainty of any other choice.

But what if there is a conflict: a task too big for the edge resources, but too time-sensitive to be located across the Internet? Fog computing may solve some of these dilemmas. Others may require you to place more resources in your system.

Just how far today’s technology has enriched the choices was illustrated recently by a series of Microsoft announcements. Primarily involved in edge computing as a CSP, Microsoft has for some time offered the Azure Stack—essentially, an instance of their Azure cloud platform—to run on servers on the customer premises. Just recently, the company enriched this offering with two new options: FPGA acceleration, including the Microsoft’s Project Brainwave machine-learning acceleration, for Azure Stack installations, and Azure Sphere, a way of encapsulating Azure’s security provisions in an approved microcontroller, secure operating system, and coordinated cloud service for use at the edge. Similarly, Intel recently announced the OpenVINO™ toolkit, a platform for implementing vision-processing and machine intelligence algorithms at the edge, relying on CPUs with optional support from FPGAs or vision-processing ASICs. Such fog-oriented provisions could allow embedded-system designers to simply incorporate cloud-oriented tasks into hardware within the confines of their own systems, eliminating the communications considerations and making ideas like deep-learning networks within control loops far more feasible.

In other cases, designers may simply have to refactor critical tasks into time-critical and time-tolerant portions. Or they may have to replace tried and true control algorithms with far more complex approaches that can tolerate the delay and uncertainty of communications links. For example, a complex model-based control algorithm could be moved to the cloud, and used to monitor and adjust a much simpler control loop that is running locally at the edge.

Life at the edge, then, is full of opportunities and complexities. It offers a range of computing and storage resources, and hence of algorithms, never before available to most embedded systems. But it demands a new level of analysis and partitioning, and it beckons the system designer into realms of advanced system control that go far beyond traditional PID control loops. Competitive pressures will force many embedded systems into this new territory, so it is best to get ahead of the curve.

 

 

 

 


       Contact Us  |  New User  |  Site Map  |  Privacy  |  Legal Notice 
        Copyright © 1995-2016 Altera Corporation, 101 Innovation Drive, San Jose, California 95134, USA
Update feed preferences

          Ready-to-assemble homes provider wins Samsung start-up award      Cache   Translate Page   Web Page Cache   

Bengaluru: Jaipur-based Hexpressions, which offers affordable, ready-to- assemble homes made out of composite paper honeycomb panels was the winner of the Samsung Global Startup Acceleration Program award and was given a prize of Rs 200,000, the South Korean tech giant said on Friday.

Samsung organiseed the programme here in partnership with the International Institute of Information Technology Bangalore (IIIT-B) to mentor startups in varied fields in order to support the sustainable growth of local entrepreneurs in the country.

Bengaluru-based Ziroh Labs that works in the area of privacy engineering and runtime encryption of data emerged as the first runners up was given a prize of Rs 150,000 while New Delhi-based Olly Credit, with a business model around mobile micro credit cards for millennials, was judged the second runners up and was given a prize of Rs 100,000.

"At Samsung we strive to encourage young minds and nurture the spirit of innovation. With the Global Startup Acceleration Program, our experts and engineers from different domains are volunteering to support the sustainable growth of local entrepreneurs in the early stage," Aloknath De, Chief Technology Officer, Samsung R&D Institute, Bangaluru, said in a statement.

As part of the progaramme, a group of university students and employees from Samsung's global headquarters in South Korea mentored 20 shortlisted startups remotely for the last two months.

Since 2010, about 1,500 employees have joined this programme in 43 countries, Samsung said, adding that this year the company was focused on supporting local entrepreneurs and helping them build their businesses for a sustainable impact on society.

This programme is being held globally in India, Indonesia, Malaysia, South Africa between July and September with 80 selected startups, Samsung said.



          Exchange Server 2013 PowerShell Implicit Remoting over the Internet using IIS ARR as the Reverse Proxy      Cache   Translate Page   Web Page Cache   
Current Revision posted to TechNet Articles by Richard Mueller on 8/10/2018 7:52:19 AM

In this article

We will talk about, harnessing the power of IIS ARR the Reverse Proxy for Exchange Server to publish Exchange Management Shell cmdlets over the internet. Of course securely using HTTPS. This guide specifically talks about Exchange Server 2013, but it should be fairly applicable for Exchange 2010 as well.

Let’s have some background covered before we dive into setting up IIS ARR (Application Request Routing). (Click here to skip)

Background:

We can use PowerShell v2 (or higher), and connect to our Exchange server by establishing a persistent connection to it using the cmdlet New-PSSession

Implicit remoting

Implicit remoting is not full featured and colorful as the out of the box Exchange Management Shell (EMS), however it gives us the flexibility to connect and manage our exchange environment from virtually anywhere as long as you can connect to the /PowerShell endpoint on the IIS Website virtual directory.

Going on details of how implicit remoting works and the pre-requisites would be beyond scope of this document. Please refer to this article to know more about Implicit Remoting.

There are two common techniques where we use implicit remoting.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<CAS_FQDN>/PowerShell/ -Authentication Kerberos -Credential $UserCredential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection

If you go and check the Authentication Status on PowerShell virtual directory on the CAS 'Default Web Site\PowerShell’ , you would notice that all the authentication mechanisms are ‘Disabled’!

Now this will make you wonder, how it is working then.

If you have noticed the On-Premises version Authentication is on Kerberos and protocol is HTTP. Whereas O365 is Basic Authentication and on HTTPS.

By default PowerShell will be using Kerberos as the Authentication mechanism with HTTP (Read more here) and any other authentication mechanism would obviously fail.

We can use HTTP internally as Kerberos allows us to do that by securing and encrypting the session traffic. Check this article out to know how secure it is.

Whereas when we are on the internet we can no longer use Kerberos (Read more here why not, requirements for Kerberos Authentication), hence we use Basic authentication which would be plain text along with HTTPS (SSL), which secures and encrypts the connection for us over the internet.

I’m not quite clear why, but as per this article’s last para and my tests Kerberos with HTTPS doesn’t work for Exchange PowerShell, but we have these articles stating Kerberos works with HTTPS. If you try and force the PowerShell virtual directory to enforce SSL then you will not be able to connect. Anyways I wanted to point this out to you all. Figuring out why, would be something for another day.

It is worth pointing out that while you may be able to use Exchange remoting, it is separate from Windows remoting. And different TCP endpoints are used. By default Exchange remoting uses TCP 80\443, and Windows remoting uses 5985\5986 TCP (They are the same ports as WinRM). 

So, if we put it in a table for standard Exchange PowerShell authentication:

Protocol

Authentication

(Default)

Comments

HTTP

Kerberos

(Default-Enabled)

 

HTTPS

Basic

(Default- Disabled)

Negotiate - ‘Windows Authentication’ for Internal works too if enabled

Any other form of Authentication doesn’t seem to work, very well limited to my test is concerned.

By now you must have guessed how O365 does this. Incase wondering how, wouldn’t it be nice if you could manage your On-Premises Exchange environment over the Internet (Provided you have the go from the security guys, shouldn’t be a problem for you to convince them as MS Exchange Online has it open for all over the internet) All the security mechanism of OWA or rather SSL applies and your connection is secure indeed. I’ll also show some techniques which you can use to harden this up later.

I would have to admit that I’m inspired by Mike Pfeiffer’s excellent article on using Forefront TMG 2010 for publishing PowerShell over the internet for Exchange 2010.

As we all know, TMG is no longer in Microsoft’s development roadmap, we have the supported option to use ARR as the Reverse Proxy solution for Exchange 2013, which works pretty well. (You can refer to this link for the sizing of ARR servers which should be same as for TMG.)

Let’s begin the configuration now:

There are certain assumptions or rather pre-requisites prior to following the steps below:

Pre-requisites:

  1. You have already followed this guide (Part 1: Reverse Proxy for Exchange Server 2013 using IIS ARR) and have setup a working Reverse Proxy solution for OWA \ Autodiscover atleast.
  2. You have the required certificates in-place and is trusted by the external client machine.

[In my test I had used Self-Signed, the steps below to prep it:

  • Export the certificate used on the ARR server, that would be the Exchange CAS Server certificate itself
  • Use mmc ->certificates snap-in , goto Trusted Root Certification Authorities
  • Rt click Import.
  • The mail.contoso.com certificate would be visible]

NOTE:- We can use PSSessionOption –SessionOption to override this certificate check.


Screenshot of URL Rewrite Rules on ARR server.

If you are done with the pre-requisites there is nothing much into setting up the remaining part.

Steps on Exchange Server:

You need to have necessary permissions to make changes to the Windows Server or Exchange Components.

  1. Enable Basic Authentication for the PowerShell virtual directory:

 

                 a.       Using IIS Manager:

    • Open IIS Manager and navigate to ServerName\Sites\Default Web Site\PowerShell.
    • In Features View, double-click Authentication.
    • On the Authentication page, select Basic Authentication.
    • In the Actions pane, click Enable to use Basic authentication with the default settings.

Repeat the steps on every server you like to participate. For Eg. All members of the Internet-facing CAS Array or Load-Balanced name has to be modified for it to work seamlessly. 




                b.      Using cmd.exe

appcmd set config "Default Web Site/Powershell" /section:BasicAuthentication /enabled:true /commit:apphost

Repeat on all CAS servers.

 

            c.       Using Exchange Management Shell

Get-PowerShellVirtualDirectory | Set-PowerShellVirtualDirectory -BasicAuthentication $true

This command would modify the virtual directory on every CAS Exchange server in the organization, if you had more than one.

If you want to specify a particular server, use this:

     Get-PowerShellVirtualDirectory -Server EXCH1 | Set-PowerShellVirtualDirectory -BasicAuthentication $true

    2. Change SSL Settings to Ignore  Client certificates for the PowerShell virtual directory:

  • Open IIS Manager and navigate to ServerName\Sites\Default Web Site\PowerShell.
  • In Features View, double-click SSL Settings.
  • On the SSL Settings page, in the Client certificates area:
  • Select Ignore.
  • Ensure Require SSL is unchecked
  • In the Actions pane, click Apply.

Ensure you don’t check the Require SSL checkbox, else your Internal Kerberos Authentication would fail and things would start falling apart. Especially PowerShell EMS.

Repeat on all CAS servers.

How do you know it works? Simple, test it:

Using Internet Explorer or any other web browser over the internet:

You get a ‘200 OK’ message.   

Enter your credentials ’domain\username’ and password

               You are presented with a blank screen. Cool!


Using PowerShell to Manage Exchange 2013 over the internet:


On any client PC with PowerShell v2
  • Set-ExecutionPolicy RemoteSigned
  • $cred = Get-Credential
  • $exchangesession = New-PSSession -Credential $cred  -ConfigurationName Microsoft.Exchange -Authentication Basic -ConnectionUri https://mail.contoso.com/PowerShell -AllowRedirection
  • Import-PSSession $exchangesession
  • Get-Mailbox User1

At this point you should be getting the PowerShell tab completion for Exchange cmdlets and able to retrieve exchange related data.


NOTE: - When the Shell is started, it connects to an Exchange server and authenticates you. As part of the authentication process, Exchange checks RBAC to see what roles you're assigned. Each management role has a list of cmdlets and their parameters that users assigned the role can use. When the Shell creates your environment, only the cmdlets and parameters that you can access are added to the environment.

Troubleshooting:

Incase any of the above tests gave you an error. Find these common errors below:

  • 502 – Issue with the certificate (Can be client or the Server),
 

Solutions:

*Try using -SessionOption<PSSessionOption>  to ignore certificates with New-PSSession

*Install Exchange Server certificate on the ARR Trusted Root certification Authorities and Intermediate using MMC.

*Check CAS PowerShell Virtual Directory is set to Ignore Client certificates.

 

  • Kerberos error: HTTP Kerberos error on VIPName or load balanced DNS Record:

 

Solution: Use internal CASFQDN instead of VIPname in –ConnectionURi. You are not using the’ –Authentication Basic’ switch on http:// , its defaulting to Kerberos.

This doesn’t work on Alias names as Kerberos require you to have related SPNs (ServicePrincipalName) for the VIPNames. If you need to use Kerberos on alias itself use this guide, else simply add https:// and the switch ‘–Authentication Basic’ to the cmdlet to use Basic Authentication which doesn’t need SPNs.

 

  • HTTP bad request status (400) error: Internally you are not using the –Authentication Basic and using https:// it is defaulting to Negotiate.  Windows Authentication is disabled on PowerShell Virtual Directory, hence failing.

 

 

Solution: Enable Windows Authentication or use –Authentication Basic or other possible reasons you are using invalid credentials, cross check the credentials passed are correct.

  • Your client machine must find, mail.contoso.com. External DNS record must be pointing towards the ARR server, Public \External IP. You can make manual HOSTS file entry if required.

nslookup mail.contoso.com on client PC and ARR server, should resolve to ARR server and CAS server respectively.

  • If you are using a CNAME or Virtual name for the domain.com, check you have proper certificates with Subject Name and proper redirection\load-balancing is happening.
  • Trying to access Basic Authentication internally over http. 

 


Solution: Use https://. Configuration doesn’t allow you to connect to the PowerShell Endpoint without encryption.

  • HTTP with Negotiate Authentication Error  with Windows Authentication Enabled:

 

Solution: You can’t use http://, use https:// with Negotiate

  • You are connected to the session and tab completion works, but existing users are not listed or Get-Mailbox list only your\limited name.

 

Solution: You are logged in with lower permission credentials. When the Shell creates your environment, only the cmdlets and parameters that you can access are added to the environment.

PS C:\Users\administrator.BLUEBELL> (Get-Module tmp_ibxlmujv.rm4 | select -ExpandProperty ExportedFunctions).count

90

Same for an administrator:

PS C:\Users\administrator.BLUEBELL> (Get-Module tmp_t5jnf00a.4g0 | select -ExpandProperty ExportedFunctions).count

692

  • HTTP Status code of 403 Error: - Exchange Management Shell fails to connect.

 

Solution: Uncheck ‘Require SSL’ from the PowerShell Virtual Directory.

Still not working, you can follow this guide to enable Failed Request Logging and troubleshoot it in detail.

Benefits:

  • The best part is you can pull this off without breaking a thing in the existing internal setup and functionality.
  • Access is based on RBAC permissions model and very flexible
  • This works with DNS Round Robin or any other Load balanced solutions in place as well. You don’t have to setup complicated Kerberos –SPN setup for using a Virtual Name.
  • URL Rewrite is already enforcing HTTPS on external clients, without us enforcing it on /PowerShell virtual directory internally.
  • You can connect from any device capable of running PowerShell v2
  • Client doesn’t have to be on 64 bit hardware
  • Don’t have to worry about client side certificates or if its Domain Joined
  • As Mike Pfeiffer says in Core Solutions for Exchange 2013 Microsoft virtual academy course, you can be sitting at a beach, and working. (Ya… I know! What I’m doing at a beach if I have to work. But you can if you want, that’s the point)

Few Hardening Tips:

  • Dedicated CAS servers farm, which has Basic Authentication on PS Directory enabled.
  • Selective protocol Pattern ^PowerShell/* on URL Rewrite module (‘Part4 article - Additional Information 1 ‘for details).
  • Separate namespace for PowerShell, so that users can’t guess the ConnectionURi.
  • Ensure you don’t have http URL Rewrite rules on the ARR server enabled.
  • I’m sure this list can go on...

That’s it!

References:

  • Part 1,3: Reverse Proxy for Exchange Server 2013 using IIS ARR:

http://blogs.technet.microsoft.com/exchange/2013/07/19/part-1-reverse-proxy-for-exchange-server-2013-using-iis-arr/

http://blogs.technet.microsoft.com/exchange/2013/08/05/part-3-reverse-proxy-for-exchange-server-2013-using-iis-arr

  • How to Manage Your Exchange 2010 Organization with PowerShell Implicit Remoting over the Internet:

http://mikepfeiffer.net/2011/09/how-to-manage-your-exchange-2010-organization-with-powershell-implicit-remoting-over-the-internet/

  • AuthenticationMechanism Enumeration:

https://msdn.microsoft.com/en-us/library/system.management.automation.runspaces.authenticationmechanism%28VS.85%29.aspx

  • New-PSSession:

https://technet.microsoft.com/en-us/library/hh849717.aspx

  • New-PSSessionOption:

https://technet.microsoft.com/en-us/library/hh849703.aspx

  • How To Maximize Exchange Administrator Productivity With PowerShell–Part 2:

http://blogs.technet.com/b/rmilne/archive/2011/12/20/how-to-maximize-exchange-administrator-productivity-with-powershell-part-2.aspx   

  •  How secure Remote PowerShell is - techdays follow-up: remote powershell, what’s encrypted?

http://blogs.technet.com/b/ilvancri/archive/2010/03/31/techdays-follow-up-remote-powershell-what-s-encrypted.aspx  

  •  Directly Loading Exchange 2010 or 2013 SnapIn Is Not Supported :

http://blogs.technet.com/b/rmilne/archive/2015/01/28/directly-loading-exchange-2010-or-2013-snapin-is-not-supported.aspx

  •  What port does PowerShell remoting use?

http://blogs.technet.com/b/christwe/archive/2012/06/20/what-port-does-powershell-remoting-use.aspx

  •  Troubleshooting Exchange 2010 Management Tools startup issues:

http://blogs.technet.com/b/exchange/archive/2010/02/04/3409289.aspx

  •  Configuring Kerberos authentication for load-balanced Client Access servers:

https://technet.microsoft.com/en-us/library/ff808312%28v=exchg.150%29.aspx

NOTE:- The references has changed a bit pointing towards technet.com , http://blogs.technet.com/b/exchange/archive is now http://blogs.technet.microsoft.com/exchange. If you are  not able to find anything Bing the topic name and you should be redirected to the new URL.

 

Tags: Application Request Routing

          Cyber Risk Data Protection / Encryption / DLP Manager - Deloitte - Chicago, IL      Cache   Translate Page   Web Page Cache   
Explore Deloitte University, The Leadership Center. Check out recruiting tips from Deloitte professionals....
From Deloitte - Fri, 10 Aug 2018 06:05:47 GMT - View all Chicago, IL jobs
          DevSecOps - PinPoint Talent - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Previous Experience in Ethical Hacking, Penetration Testing and Encryption. You'll be working with cutting edge technology to build, deploy and automate...
From PinPoint Talent Inc. - Mon, 30 Jul 2018 13:39:42 GMT - View all Ottawa, ON jobs
          DevOps Security Engineer - Qlik - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Encryption technologies, ethical hacking and penetration testing. Provide advice on hacking tools and techniques including advanced malware detection....
From Qlik - Fri, 20 Jul 2018 02:17:32 GMT - View all Ottawa, ON jobs
          The Templar Archive [electronic resource] by Becker, James      Cache   Translate Page   Web Page Cache   
James Becker, New York Times bestselling author of The Lost Treasure of the Templars and The Lost Testament , delivers a breakneck thriller continuing the adventures of antiquarian bookseller Robin Jessop and encryption expert David Mallory. While trying to decipher what few clues they have managed to recover about the Templar's secrets, Jessop and Mallory discover that the legendary "treasure" they have been searching for may not be what they thought. Rather than gold or precious jewels, their
          How to Encrypt Android Internal Storage      Cache   Translate Page   Web Page Cache   

The official team of Android added a security option for the users to secure their internal memory and external memory from the privacy invaders. Not many people know about it because they don’t give it a shot due to lack of knowledge in the area. The Android can add powerful encryption to your Android internal…

The post How to Encrypt Android Internal Storage appeared first on TechLekh: Latest Tech News, Reviews, Startups and Apps in Nepal.


          Why Is Data Security Important for Everyone?      Cache   Translate Page   Web Page Cache   

Digital technology is now just a part of life. From online shopping to net banking and business to government infrastructure, digital technology plays a crucial role. Apart from the multiple advantages of digitization, cyber attacks are a black dot. In recent years, we’ve witnessed many high-profile cyber-attacks. In fact, we can say that the number of cyber attacks has grown rapidly in past few years. 

What Is Data Security?

Simply put, data security is the practice of securing your data. It’s also known as information security, IT Security, or electronic information security. Data can be secured using various hardware and software technologies. Some common tools are antivirus, encryption, firewalls, two-factor authentication, software patches, updates, etc.


          Комментарий к записи Ошибка RDP подключения: CredSSP encryption oracle remediation (Александр)      Cache   Translate Page   Web Page Cache   
СПАСИБО! Помогло!
          Associate IT Technician - Plenty - Laramie, WY      Cache   Translate Page   Web Page Cache   
Apple\Microsoft certifications, G Suite Experience, familiarity with full disk encryption solutions, helpdesk ticketing systems, file sharing solutions, Android...
From Plenty - Fri, 06 Jul 2018 16:06:20 GMT - View all Laramie, WY jobs
          Closing security hole in popular encryption software      Cache   Translate Page   Web Page Cache   
8/10/18
Encryption
Enable IntenseDebate Comments: 
Enable IntenseDebate Comments

Cybersecurity researchers at the Georgia Institute of Technology have helped close a security vulnerability that could have allowed hackers to steal encryption keys from a popular security package by briefly listening in on unintended “side channel” signals from smartphones.

read more


          EMAIL ENCRYPTION FOR ANDROID . Invite bids from Europe/US ONLY      Cache   Translate Page   Web Page Cache   
I need an email encryption and decryption app. Bid only if you are an encryption expert and know android inside out. ABSOLUTELY NO BIDS FROM INDIA PLEASE. Need design and code. In app payments required... (Budget: $250 - $750 USD, Jobs: Android, Mobile App Development)
          How to Choose Between Penetration Tests and Vulnerability Scans      Cache   Translate Page   Web Page Cache   
How to Choose Between Penetration Tests and Vulnerability Scans eli.zimmerman_9856 Fri, 08/10/2018 - 09:54

Even seasoned cybersecurity professionals confuse penetration tests with vulnerability scans. Both play an important role in the security practitioner’s toolkit, but they vary significantly in scope and expense. Here are answers to some common questions about the topic:

SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!

What is Penetration Testing?

During a penetration test, highly skilled cybersecurity professionals assume the role of attacker and try to break into an organization’s network. Just as an attacker would, they conduct reconnaissance on the network, seek out vulnerable systems and applications, and exploit those vulnerabilities to gain a foothold on the organization’s network.

The knowledge gained during these tests points out weaknesses that could be exploited by a real hacker and provides a roadmap for security remediation.

What Is a Vulnerability Scanner, and How Is it Used?

Vulnerability scanners are automated security testing tools that probe all of the systems connected to a network and identify vulnerabilities. They run thousands of security checks against each system they discover. Most organizations run automated vulnerability scans at least weekly to quickly identify vulnerabilities for remediation.

Vulnerability Scans vs. Penetration Tests: What’s the Difference?

While vulnerability scans and penetration tests both discover hidden weaknesses in systems, applications, network devices and other network-connected components, vulnerability scanning is highly automated, while penetration testing is manual and time-consuming.

When Should You Perform a Penetration Test vs. a Vulnerability Scan?

Most organizations combine the approaches, running vulnerability scans frequently and supplementing them with less frequent penetration tests.

Penetration tests provide the most comprehensive evaluation of a system’s or application’s security by exposing them to real attackers using modern hacking tools. However, it’s impossible for penetration testers to check every system and every vulnerability; the tests are usually a deep dive into a small group of target systems.

Vulnerability scans, on the other hand, can run constantly and scan very large networks. They cast a wide net but don’t include the human precision and creativity involved in a penetration test.

What Types of Vulnerabilities Are Usually Discovered?

Common issues include outdated OS versions that are missing security patches and are vulnerable to exploit; application security flaws, such as SQL injection and cross-site scripting vulnerabilities; and insecure configuration settings, such as weak encryption ciphers and the use of default passwords.

Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame. 


          SQL Server Encryption, What’s The Key Hierarchy All About?      Cache   Translate Page   Web Page Cache   
  I’m sure that we all know that SQL Server includes all sorts of interesting functionality to allow us to encrypt our data and like with all encryption techniques, that data is encrypted u ... - Source: www.sqlservercentral.com
          Systems Administrator II - Blue Federal Credit Union - Cheyenne, WY      Cache   Translate Page   Web Page Cache   
Experience with the CISCO Voice over IP and Encryption technologies preferred. Our purpose at Blue is to help our members and teams succeed in doing the things...
From Blue Federal Credit Union - Sat, 04 Aug 2018 10:37:32 GMT - View all Cheyenne, WY jobs
          DNA Encryption Could Someday be a Requirement      Cache   Translate Page   Web Page Cache   

To protect our genetic code, DNA encryption might someday become a reality.

read more



          DevSecOps - PinPoint Talent - Ottawa, ON      Cache   Translate Page   Web Page Cache   
Previous Experience in Ethical Hacking, Penetration Testing and Encryption. You'll be working with cutting edge technology to build, deploy and automate...
From PinPoint Talent Inc. - Mon, 30 Jul 2018 13:39:42 GMT - View all Ottawa, ON jobs
          黑客演示让心脏起搏器发出危及生命的电击      Cache   Translate Page   Web Page Cache   

安全研究人员称,心脏起搏器制造商 Medtronic 没有使用加密保护固件更新,让黑客能远程安装恶意固件危及患者的生命。在美国拉斯维加斯举行的 Black Hat 安全会议上,Billy Rios 和 Jonathan Butts 称,他们早在 2017 年 1 月就将漏洞报告给了 Medtronic,然而至今他们开发的概念验证攻击仍然有效。

阅读全文
          Systems Administrator II - Blue Federal Credit Union - Cheyenne, WY      Cache   Translate Page   Web Page Cache   
Experience with the CISCO Voice over IP and Encryption technologies preferred. Our purpose at Blue is to help our members and teams succeed in doing the things...
From Blue Federal Credit Union - Sat, 04 Aug 2018 10:37:32 GMT - View all Cheyenne, WY jobs


Next Page: 10000

Site Map 2018_01_14
Site Map 2018_01_15
Site Map 2018_01_16
Site Map 2018_01_17
Site Map 2018_01_18
Site Map 2018_01_19
Site Map 2018_01_20
Site Map 2018_01_21
Site Map 2018_01_22
Site Map 2018_01_23
Site Map 2018_01_24
Site Map 2018_01_25
Site Map 2018_01_26
Site Map 2018_01_27
Site Map 2018_01_28
Site Map 2018_01_29
Site Map 2018_01_30
Site Map 2018_01_31
Site Map 2018_02_01
Site Map 2018_02_02
Site Map 2018_02_03
Site Map 2018_02_04
Site Map 2018_02_05
Site Map 2018_02_06
Site Map 2018_02_07
Site Map 2018_02_08
Site Map 2018_02_09
Site Map 2018_02_10
Site Map 2018_02_11
Site Map 2018_02_12
Site Map 2018_02_13
Site Map 2018_02_14
Site Map 2018_02_15
Site Map 2018_02_15
Site Map 2018_02_16
Site Map 2018_02_17
Site Map 2018_02_18
Site Map 2018_02_19
Site Map 2018_02_20
Site Map 2018_02_21
Site Map 2018_02_22
Site Map 2018_02_23
Site Map 2018_02_24
Site Map 2018_02_25
Site Map 2018_02_26
Site Map 2018_02_27
Site Map 2018_02_28
Site Map 2018_03_01
Site Map 2018_03_02
Site Map 2018_03_03
Site Map 2018_03_04
Site Map 2018_03_05
Site Map 2018_03_06
Site Map 2018_03_07
Site Map 2018_03_08
Site Map 2018_03_09
Site Map 2018_03_10
Site Map 2018_03_11
Site Map 2018_03_12
Site Map 2018_03_13
Site Map 2018_03_14
Site Map 2018_03_15
Site Map 2018_03_16
Site Map 2018_03_17
Site Map 2018_03_18
Site Map 2018_03_19
Site Map 2018_03_20
Site Map 2018_03_21
Site Map 2018_03_22
Site Map 2018_03_23
Site Map 2018_03_24
Site Map 2018_03_25
Site Map 2018_03_26
Site Map 2018_03_27
Site Map 2018_03_28
Site Map 2018_03_29
Site Map 2018_03_30
Site Map 2018_03_31
Site Map 2018_04_01
Site Map 2018_04_02
Site Map 2018_04_03
Site Map 2018_04_04
Site Map 2018_04_05
Site Map 2018_04_06
Site Map 2018_04_07
Site Map 2018_04_08
Site Map 2018_04_09
Site Map 2018_04_10
Site Map 2018_04_11
Site Map 2018_04_12
Site Map 2018_04_13
Site Map 2018_04_14
Site Map 2018_04_15
Site Map 2018_04_16
Site Map 2018_04_17
Site Map 2018_04_18
Site Map 2018_04_19
Site Map 2018_04_20
Site Map 2018_04_21
Site Map 2018_04_22
Site Map 2018_04_23
Site Map 2018_04_24
Site Map 2018_04_25
Site Map 2018_04_26
Site Map 2018_04_27
Site Map 2018_04_28
Site Map 2018_04_29
Site Map 2018_04_30
Site Map 2018_05_01
Site Map 2018_05_02
Site Map 2018_05_03
Site Map 2018_05_04
Site Map 2018_05_05
Site Map 2018_05_06
Site Map 2018_05_07
Site Map 2018_05_08
Site Map 2018_05_09
Site Map 2018_05_15
Site Map 2018_05_16
Site Map 2018_05_17
Site Map 2018_05_18
Site Map 2018_05_19
Site Map 2018_05_20
Site Map 2018_05_21
Site Map 2018_05_22
Site Map 2018_05_23
Site Map 2018_05_24
Site Map 2018_05_25
Site Map 2018_05_26
Site Map 2018_05_27
Site Map 2018_05_28
Site Map 2018_05_29
Site Map 2018_05_30
Site Map 2018_05_31
Site Map 2018_06_01
Site Map 2018_06_02
Site Map 2018_06_03
Site Map 2018_06_04
Site Map 2018_06_05
Site Map 2018_06_06
Site Map 2018_06_07
Site Map 2018_06_08
Site Map 2018_06_09
Site Map 2018_06_10
Site Map 2018_06_11
Site Map 2018_06_12
Site Map 2018_06_13
Site Map 2018_06_14
Site Map 2018_06_15
Site Map 2018_06_16
Site Map 2018_06_17
Site Map 2018_06_18
Site Map 2018_06_19
Site Map 2018_06_20
Site Map 2018_06_21
Site Map 2018_06_22
Site Map 2018_06_23
Site Map 2018_06_24
Site Map 2018_06_25
Site Map 2018_06_26
Site Map 2018_06_27
Site Map 2018_06_28
Site Map 2018_06_29
Site Map 2018_06_30
Site Map 2018_07_01
Site Map 2018_07_02
Site Map 2018_07_03
Site Map 2018_07_04
Site Map 2018_07_05
Site Map 2018_07_06
Site Map 2018_07_07
Site Map 2018_07_08
Site Map 2018_07_09
Site Map 2018_07_10
Site Map 2018_07_11
Site Map 2018_07_12
Site Map 2018_07_13
Site Map 2018_07_14
Site Map 2018_07_15
Site Map 2018_07_16
Site Map 2018_07_17
Site Map 2018_07_18
Site Map 2018_07_19
Site Map 2018_07_20
Site Map 2018_07_21
Site Map 2018_07_22
Site Map 2018_07_23
Site Map 2018_07_24
Site Map 2018_07_25
Site Map 2018_07_26
Site Map 2018_07_27
Site Map 2018_07_28
Site Map 2018_07_29
Site Map 2018_07_30
Site Map 2018_07_31
Site Map 2018_08_01
Site Map 2018_08_02
Site Map 2018_08_03
Site Map 2018_08_04
Site Map 2018_08_05
Site Map 2018_08_06
Site Map 2018_08_07
Site Map 2018_08_08
Site Map 2018_08_09
Site Map 2018_08_10