【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】

•

2 j'aime•6,645 vues

【HITCON FreeTalk 2018 -暢談 CPU 處理器的歷史包袱】 ➠ Talk: Spectre & Meltdown 漏洞的修補策略與 risk mitigation ➠ Speaker: gasgas ➠共筆：https://hackmd.io/IYTgRsAMaQTAtAZhAEwGbwCxlgdniAMaIaGECmAjISoWAKzCbBA=?view ➠ Video: https://www.facebook.com/HITCON/videos/1732117933486188/

Technologie

HITCON Freetalk 20180119
Spectre & Meltdown 漏洞的
修補策略與 risk mitigation
gasgas

Risk = Vulnerability X Threat X Asset
資安風險

Spectre & Meltdown 漏洞因應流程
資產盤點漏洞檢查測試機測試
系統備份
DRP演練執行修補持續觀察

漏洞檢查: Unix 系統網址參考
• [1] https://github.com/speed47/spectre-meltdown-checker
• [2] https://capsule8.com/blog/detecting-meltdown-spectre-
detecting-cache-side-channels/
• [3] https://www.endgame.com/blog/technical-blog/detecting-
spectre-and-meltdown-using-hardware-performance-counters

漏洞檢查： Windows 系統
• 微軟提供查驗是否有效保護的程式
• 2018.01.03的漏洞更新修補先做
• 下載SpeculationControl (powershell)

漏洞檢查: Windows 系統網址參考
• [1] https://support.microsoft.com/en-gb/help/4073119/protect-
against-speculative-execution-side-channel-vulnerabilities-in
• [2] : https://support.microsoft.com/en-us/help/4073757/protect-
your-windows-devices-against-spectre-meltdown

漏洞檢查: browser 網址參考
• [1] http://xlab.tencent.com/special/spectre/spectre_check.html
• [2] Https://github.com/cgvwzq/spectre
• [3] http://xlab.tencent.com/special/spectre/js/check.js

CPU Level 修補: Firmware Update
• Intel’s microcode update
• AMD will make optional microcode updates

CPU Level修補網址參考
• [1] https://downloadcenter.intel.com/download/27431/Linux-
Processor-Microcode-Data-File
• [2] https://www.amd.com/en/corporate/speculative-execution
• [3] https://www.theverge.com/2018/1/11/16880922/amd-spectre-
firmware-updates-ryzen-epyc
• [4]
https://software.intel.com/sites/default/files/managed/c5/63/33699
6-Speculative-Execution-Side-Channel-Mitigations.pdf

BIOS Level 修補
• 主要以notebook等機器為主
• 詳見各家官網

BIOS Level修補網址參考
• Lenovo Desktop https://support.lenovo.com/tw/en/solutions/len-
18282#desktop
• Lenovo Thinkpad https://support.lenovo.com/tw/en/solutions/len-
18282#thinkpad
• Lenovo all products https://support.lenovo.com/tw/en/solutions/len-
18282
• Dell http://www.dell.com/support/article/tw/en/twdhs1/sln308587/
• CERT/CC https://www.kb.cert.org/vuls/id/584653

OS Level 修補
• Windows
• Linux
• MacOS
• others

Application Level 修補
• 程式重新編譯
• Google 的Retpoline 方式
• 有GCC版本跟LLVM版本
• Microsoft 的MSVC方式
• Visual Studio 2017 version 15.5, /Qspectre選項

Application Level修補網址參考
• [1] https://support.google.com/faqs/answer/7625886
• [2] https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-
msvc/
• [3] LLVM https://reviews.llvm.org/D41723
• [4] GCC http://git.infradead.org/users/dwmw2/gcc-
retpoline.git/shortlog/refs/heads/gcc-7_2_0-retpoline-20171219

Contenu connexe

Tendances

Web Application Detection with SNORT

Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP

Breaking the cyber kill chain!

Nahidul Kibria

CSW2017 chuanda ding_state of windows application security

CanSecWest

MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET

MITRE - ATT&CKcon

The geopolitical conflicts in the Middle East have deepened in the last few years. Syria is no exception, with the crisis there taking many forms, and the cyberspace conflict is intensifying as sides try to tilt the struggle in their favor by exploiting cyber intelligence and using distortion. The Global Research & Analysis Team (GReAT) at Kaspersky Lab has discovered new malware attacks in Syria, using some techniques to hide and operate malware, in addition to proficient social engineering tricks to deliver malware by tricking and tempting victims to open and launch malicious files. The malware files were found on activist sites and social networking forums, some other files were also reported by local organizations like CyberArabs and Technicians for Freedom. All technical details are available in this report ans related blog post at https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/. For any inquire please contact intelreports@kaspersky.com

Syrian Malware

Kaspersky

Secure Coding for Java - An Introduction

Sebastien Gioria

Malware Evasion Techniques

Thomas Roccia

MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...

MITRE - ATT&CKcon

Qinghai Tang, pacsec english-version-final

PacSecJP

CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT

CanSecWest

Gang gong, escalate privilege by vulnerabilities in android system services

PacSecJP

Tick group @avar2019 20191111 cha minseok_publish

Minseok(Jacky) Cha

DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents

Christopher Gerritz

Andrea Lelli, Microsoft My presentation will trace the end-to-end WannaCrypt (also known as WannaCry) attack. I will start with an analysis of the underlying SMBv1 remote code execution kernel-mode exploit dubbed "Eternalblue", a powerful cyberweapon leaked by a hacker group known as "The Shadow Brokers". I will then describe how the Wannacrypt ransomware works, and show how the cybercriminals leveraged the EternalBlue exploit to spread the ransomware and achieve a massive and unprecedented infection rate, leaving hundreds of thousands of machines affected. I will highlight the Windows 10 kernel mitigations that granted the OS immunity from the attack. I will also focus on some interesting characteristics that make WannaCrypt particularly sophisticated, like the file-wiping and space-consuming capabilities designed to make the recovery of the original files nearly impossible. I will conclude with a look into how much the perpetrators might have likely earned from the attack. An analysis of the Bitcoin transactions shows that the cybercriminals pooled around $137 dollars to date, which is a huge amount of money, but doesn’t seem to scale with the extent of infection. Not to mention, Bitcoin is a double-edged sword and there’s a good chance that the cybercriminals may not be able to cash out a dime. In this section I will also mention some copycat malware that tried to spread using the same SMB vulnerability (e.g. NotPetya). I will end the presentation with advice on preventing, detecting, and responding to ransomware attacks.

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

BlueHat Security Conference

In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.

Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016

grecsl

Cyphort Labs has discovered an extensive data theft campaign that we have named NightHunter. The campaign, active since 2009, is designed to steal login credentials of users. Targeted applications include Google, Yahoo, Facebook, Dropbox and Skype. Attackers have many options to leverage the credentials and the potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks.

Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...

Cyphort

The Rising Threat of Fileless Malware

Chelsea Sisson

A Threat Hunter Himself

Sergey Soldatov

Spice world 2014 hacker smackdown

AlienVault

"Giving the bad guys no sleep"

Christiaan Beek

Tendances (20)

Web Application Detection with SNORT

Breaking the cyber kill chain!

CSW2017 chuanda ding_state of windows application security

MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET

Syrian Malware

Secure Coding for Java - An Introduction

Malware Evasion Techniques

MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...

Qinghai Tang, pacsec english-version-final

CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT

Gang gong, escalate privilege by vulnerabilities in android system services

Tick group @avar2019 20191111 cha minseok_publish

DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016

Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...

The Rising Threat of Fileless Malware

A Threat Hunter Himself

Spice world 2014 hacker smackdown

"Giving the bad guys no sleep"

Similaire à 【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

ITCamp

AktaionPPTv5_JZedits

Rod Soto

CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...

Cristian Garcia G.

Malware Analysis

Ramin Farajpour Cami

01_Metasploit - The Elixir of Network Security

Harish Chaudhary

Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...

Symantec

CheckPoint: Anatomy of an evolving bot

Group of company MUK

The importance of Cybersecurity

Benoit Callebaut

Conference: BsidesSP Description: SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, Cisco, HP, IBM, Google, China Telecom, Huawei and others by providing more virtualized services that can be scheduled, managed and monitored faster, more efficient and in a less costly manner than the usual solutions. Defining routes, switching, QoS treatment and security policies that happened in stocky and specific hardware now has performed his duties in higher layers of software, installed on virtualized machine. But how can we test this? First, we'll address an overview of the SDN architecture, soon after, it will be explained how to find SDN controllers, and if present in our network, steal critical information so that we can proceed with our exploitation. In the end, we will take possession of the controllers and make unexpected. There will be a smattering of codes for metasploit that will be demonstrated. Does a controller can control us? We'll see.

BsidesSP: Pentesting in SDN - Owning the Controllers

Roberto Soares

Mnx solutions cybersecurity presentation monroe mi

nwilkens

Overall, malware activity is increasing day by day; the automation of malware analysis using sandbox system has become widespread. Such automated analysis systems are created to clarify the behavior of programs on Windows, such as communication and file registry creation. However, malware analysts spend more time extracting the configuration data embedded in the malware than grasping such behavior of the malware. There are two reasons. The first is that many malware variants only differ in their configuration data, and have the same code. It means that the analysis of malware is complete if only the malware type and setting configuration are known. The second reason is that malware configuration data often contains attacking campaign information and the encryption keys of malware communication. These pieces of data are essential clues in advancing incident response. However, such data is often encrypted and can not be easily extracted. It is necessary to clarify the details of each malware by static analysis to extract the configuration data. To bridge the gap of the sandbox system and malware analysts, we developed a new tool. It supports the task of extracting malware configuration data for malware analysts and incident responders. With these tools, we could automatically extract the known malware's configuration data and reduce the time spent on malware analysis. Furthermore, these tools can also use for memory forensics. By using it in memory forensics, victims affected by a malware infection can quickly obtain the data necessary for investigating, such as the destination hosts associated with the malware and the communication encryption keys.

[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...

CODE BLUE

The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform. Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security. For more signup(it's free): www.cisoplatform.com

RIoT (Raiding Internet of Things) by Jacob Holcomb

Priyanka Aash

Exploits Attack on Windows Vulnerabilities

Amit Kumbhar

Co Speaker: Cheryl Biswas Talk Description: How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed. We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies. We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.

Blue team reboot - HackFest

Haydn Johnson

Intrusion Techniques

Festival Software Livre

How to Audit

ayousif

Monitoring ICS Communications

Digital Bond

If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...

Marina Krotofil

[CLASS2014] Palestra Técnica - Franzvitor Fiorim

TI Safe

Unit 42 researches threat activity and publishes detailed reports on attack campaigns launched by these adversaries. One of these adversaries, known as Sofacy, has been carrying out attack campaigns on high profile targets for many years and has continued into 2018. To understand how to defend against these threats, an analyst has to read our reports, process them and mentally map them to their defenses. In most cases we expect readers just "block" all of the indicators we include in the report and assume they are covered. Last year we started using ATT&CK to codify the techniques we observed, linking those techniques to indicator patterns and encoding them into STIX 2 objects, with the goal of creating something that a defender can use to answer the question: "How am I defending against this adversary?" We call these documents, "Adversary Playbooks" as they contain our best approximation of how the adversary launches their attacks. This talk describes the concept of Adversary Playbooks, as well as provides an overview of the attack campaigns Unit 42 has attributed to the Sofacy group in 2018. It uses the discussed attacks to show how these playbooks are constructed and explain some of the challenges of incorporating ATT&CK and STIX 2 together for this purpose.

MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...

MITRE - ATT&CKcon

Similaire à 【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】 (20)

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

AktaionPPTv5_JZedits

CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...

Malware Analysis

01_Metasploit - The Elixir of Network Security

Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...

CheckPoint: Anatomy of an evolving bot

The importance of Cybersecurity

BsidesSP: Pentesting in SDN - Owning the Controllers

Mnx solutions cybersecurity presentation monroe mi

[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...

RIoT (Raiding Internet of Things) by Jacob Holcomb

Exploits Attack on Windows Vulnerabilities

Blue team reboot - HackFest

Intrusion Techniques

How to Audit

Monitoring ICS Communications

If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...

[CLASS2014] Palestra Técnica - Franzvitor Fiorim

MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...

Plus de Hacks in Taiwan (HITCON)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二：Cyber War - 網路戰與地緣政治】

Hacks in Taiwan (HITCON)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一：資安地圖 - 資安領域與趨勢介紹】

Hacks in Taiwan (HITCON)

HITCON CISO Summit 2023 - Closing

Hacks in Taiwan (HITCON)

HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享

Hacks in Taiwan (HITCON)

HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記

Hacks in Taiwan (HITCON)

HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think

Hacks in Taiwan (HITCON)

【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】

Hacks in Taiwan (HITCON)

【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...

Hacks in Taiwan (HITCON)

【HITCON FreeTalk】Supply Chain Attack

Hacks in Taiwan (HITCON)

【HITCON FreeTalk】HITCON 2017 下半年活動介紹

Hacks in Taiwan (HITCON)

HITCON TALK 技術解析 SWIFT Network 攻擊

Hacks in Taiwan (HITCON)

HITCON TALK ATM 金融攻擊事件解析

Hacks in Taiwan (HITCON)

HITCON TALK 產業視野下的 InfoSec

Hacks in Taiwan (HITCON)

HITCON TALK 台灣駭客協會年度活動簡介

Hacks in Taiwan (HITCON)

HITCON CTF 導覽

Hacks in Taiwan (HITCON)

Ctf hello,world!

Hacks in Taiwan (HITCON)

Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果

Hacks in Taiwan (HITCON)

2015 資安從業人員的寶（鬼）島求生

Hacks in Taiwan (HITCON)

CTF 經驗分享

Hacks in Taiwan (HITCON)

台灣資安人才培育現況

Hacks in Taiwan (HITCON)

Plus de Hacks in Taiwan (HITCON) (20)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二：Cyber War - 網路戰與地緣政治】

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一：資安地圖 - 資安領域與趨勢介紹】

HITCON CISO Summit 2023 - Closing

HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享

HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記

HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think

【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】

【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...

【HITCON FreeTalk】Supply Chain Attack

【HITCON FreeTalk】HITCON 2017 下半年活動介紹

HITCON TALK 技術解析 SWIFT Network 攻擊

HITCON TALK ATM 金融攻擊事件解析

HITCON TALK 產業視野下的 InfoSec

HITCON TALK 台灣駭客協會年度活動簡介

HITCON CTF 導覽

Ctf hello,world!

Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果

2015 資安從業人員的寶（鬼）島求生

CTF 經驗分享

台灣資安人才培育現況

Dernier

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Dernier (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

How to Troubleshoot Apps for the Modern Connected Worker

A Domino Admins Adventures (Engage 2024)

HTML Injection Attacks: Impact and Mitigation Strategies

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

A Year of the Servo Reboot: Where Are We Now?

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Artificial Intelligence: Facts and Myths

Powerful Google developer tools for immediate impact! (2023-24 C)

Top 10 Most Downloaded Games on Play Store in 2024

Boost PC performance: How more available memory can improve productivity

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】

1. HITCON Freetalk 20180119 Spectre & Meltdown 漏洞的修補策略與 risk mitigation gasgas

2. 您認為資訊安全是!!!? 資訊系統可以得到100%的安全防護

3. 其實 …. 資訊安全應該是資訊安全是一種降低資安風險的程序

4. Risk = Vulnerability X Threat X Asset 資安風險

5. Spectre & Meltdown 漏洞因應流程資產盤點漏洞檢查測試機測試系統備份 DRP演練執行修補持續觀察

6. 檢查篇

7. 漏洞檢查: Unix 系統 • 網路上已有許多好心人士提供檢查程式

8. 漏洞檢查: Unix 系統網址參考 • [1] https://github.com/speed47/spectre-meltdown-checker • [2] https://capsule8.com/blog/detecting-meltdown-spectre- detecting-cache-side-channels/ • [3] https://www.endgame.com/blog/technical-blog/detecting- spectre-and-meltdown-using-hardware-performance-counters

9. 漏洞檢查： Windows 系統 • 微軟提供查驗是否有效保護的程式 • 2018.01.03的漏洞更新修補先做 • 下載SpeculationControl (powershell)

10. 漏洞檢查: Windows 系統網址參考 • [1] https://support.microsoft.com/en-gb/help/4073119/protect- against-speculative-execution-side-channel-vulnerabilities-in • [2] : https://support.microsoft.com/en-us/help/4073757/protect- your-windows-devices-against-spectre-meltdown

11. 漏洞檢查: browser

12. 漏洞檢查: browser 網址參考 • [1] http://xlab.tencent.com/special/spectre/spectre_check.html • [2] Https://github.com/cgvwzq/spectre • [3] http://xlab.tencent.com/special/spectre/js/check.js

13. 修補篇

14. CPU level 修補: 換掉CPU

15. CPU Level 修補: Firmware Update • Intel’s microcode update • AMD will make optional microcode updates

16. CPU Level修補網址參考 • [1] https://downloadcenter.intel.com/download/27431/Linux- Processor-Microcode-Data-File • [2] https://www.amd.com/en/corporate/speculative-execution • [3] https://www.theverge.com/2018/1/11/16880922/amd-spectre- firmware-updates-ryzen-epyc • [4] https://software.intel.com/sites/default/files/managed/c5/63/33699 6-Speculative-Execution-Side-Channel-Mitigations.pdf

17. BIOS Level 修補 • 主要以notebook等機器為主 • 詳見各家官網

18. BIOS Level修補網址參考 • Lenovo Desktop https://support.lenovo.com/tw/en/solutions/len- 18282#desktop • Lenovo Thinkpad https://support.lenovo.com/tw/en/solutions/len- 18282#thinkpad • Lenovo all products https://support.lenovo.com/tw/en/solutions/len- 18282 • Dell http://www.dell.com/support/article/tw/en/twdhs1/sln308587/ • CERT/CC https://www.kb.cert.org/vuls/id/584653

19. OS Level 修補 • Windows • Linux • MacOS • others

20. Application Level 修補 • 程式重新編譯 • Google 的Retpoline 方式 • 有GCC版本跟LLVM版本 • Microsoft 的MSVC方式 • Visual Studio 2017 version 15.5, /Qspectre選項

21. Application Level修補網址參考 • [1] https://support.google.com/faqs/answer/7625886 • [2] https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in- msvc/ • [3] LLVM https://reviews.llvm.org/D41723 • [4] GCC http://git.infradead.org/users/dwmw2/gcc- retpoline.git/shortlog/refs/heads/gcc-7_2_0-retpoline-20171219

22. 最後提醒大家一下

23. 所有的修補程式一定要從官方網站下載

24. 喔…還有一張

25. 新的漏洞正在成形…….