Online passwords – understanding "credential stuffing" cyberattack

•

0 j'aime•317 vues

We all manage more passwords than ever, but the temptation to reuse passwords on multiple sites represents a potentially serious security risk. In this workshop, Sebastien Meriot, OVHcloud security expert, reveals a series of simple but powerful tools and techniques for staying one step ahead of the cyber-criminals, and maximising your data security.

Technologie

#OVHcloudSummit
FOCUS ON THE
CREDENTIAL
STUFFING THREAT
Sébastien Mériot
Head of CSIRT
@smeriot
SALLE 1
FROM 17:00 PM
TO 17:45 PM

#OVHcloudSummit
CREDENTIAL
STUFFING
EXAMPLE

#OVHcloudSummit
WHAT HAPPENED ?
“52% of the users studied have the same passwords [everywhere].”
“85% of passwords [are] reused or slightly changed in the case of online
shopping, and 62% for email. ”
- Panda Security
https://www.pandasecurity.com/mediacenter/security/password-reuse/

#OVHcloudSummit
HOW THE PASSWORD
LEAKED ?

#OVHcloudSummit
HOW THE PASSWORD
LEAKED ?
Disclaimer
LinkedIn is definitely not the only company that suffered from a data breach.

#OVHcloudSummit
Disclaimer
LinkedIn is definitely not the only company that suffered from a data breach.

#OVHcloudSummit
TIMELINE
2012
An attacker succeed in
getting an access to
LinkedIn’s database.
2012
LinkedIn warns several
millions customers
about a potential
breach.
May 2016
Database with clear
passwords is sold on
the darkweb.
June 2016
Mark Zuckerberg has
both Twitter &
Pinterest accounts
hacked.
2012-2016
Bruteforce attack again
SHA1 passwords to
recover clear passwords.

#OVHcloudSummit
CREDENTIAL
STUFFING
ECONOMY

#OVHcloudSummit
CYBERCRIME
SUPPLY CHAIN
Identification
Distribution
Exploitation

#OVHcloudSummit
CYBERCRIME
SUPPLY CHAIN
Identification
Distribution
Exploitation
MONEY
LAUNDERING

#OVHcloudSummit
CYBERCRIME
SUPPLY CHAIN
Identification
Distribution
Exploitation
Database is exfiltrated by an
attacker.
Account harvesting
through a botnet.
Accounts are sold by
packs.
Passwords are cracked.
Twitter accounts are
bought.
MONEY
LAUNDERING
Platform selling
followers.

#OVHcloudSummit
CREDENTIAL
STUFFING
PREVENTION

#OVHcloudSummit
A GREAT WEBSITE
https://www.haveibeenpwned.com/

#OVHcloudSummit
Your password is as much
precious as your credit card
number.

#OVHcloudSummit
PASSWORD
GENERATION
CNIL Recommandations :
- 12+ characters (maj, min, num, sym)
- Periodic renewal
https://www.cnil.fr/fr/authentification-par-mot-de-passe-les-mesures-de-securite-elementaires

#OVHcloudSummit
PASSWORD
GENERATION
Hector2014
Hect0r2014NOT SAFE NOT SAFE

#OVHcloudSummit
PASSWORD
GENERATION
First letter method :
“I bought 1 delicious cupcake for £2 in
Glasgow.”
➔ Ib1dCC4£2iGG.

#OVHcloudSummit
UNIQUE PASSWORDS
Platform
Facebook
Instagram
OVH
Password
FBIb1dCC4£2iGG
INIb1dCC4£2iGG.
OVIb1dCC4£2iGG.

#OVHcloudSummit
Random passwords are much
more secure.

#OVHcloudSummit
Password Manager
That kind of software help
to store securely a large
amount of credentials
which can be randomly
generated to ensure the
strength for each of them.

#OVHcloudSummit
A browser is not a password
manager.

#OVHcloudSummit
AUTHENTICATION
Principle
What I Know
What I Am
What I Have
Factor
Shared Secret
Biometry
Device
How To Authenticate Someone ?

#OVHcloudSummit
Let’s discuss with us on Enterprise booth
ENTERPRISE

#OVHcloudSummit
As a reminder:
20th anniversary celebration party
and closing concert from 6:00 PM.
All are welcome!

Contenu connexe

Tendances

Slides for an O'Reilly Media Webcast on Januar 9, 2018. In this webcast, we introduce the open source ModSecurity Web Application Firewall. ModSecurity allows you to thwart web attacks by inspecting the incoming HTTP requests a selection of granular rules. The standard ruleset accompanying ModSecurity, the OWASP ModSecurity Core Rule Set, will be presented by one of its authors. You will learn how to set it all up with NGINX open source and NGINX Plus, how to begin addressing common security threats, and where to find additional information.

Optimizing ModSecurity on NGINX and NGINX Plus

Christian Folini

This session will provide insight into highly disruptive breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. Highlights from a couple of 2017 IRs - Overview of TTPs of the important State Sponsored Attacks seen in 2017.

Shamoon

Shakacon

Cybersecurity Asia 2021 Conference: Learning from Honeypots

APNIC

SSL State of the Union

Sander Temme

Putting Rugged Into your DevOps Toolchain

James Wickett

Introduction to Personal Privacy and Security

Robert Hurlbut

As the cost and complexity of deploying and maintaining on-premises security continues to rise, many endpoint security providers have embraced the cloud as the ideal way to deliver their solutions. Yet, incorporating cloud services into legacy architectures limits their ability to fully engage the tremendous power the cloud offers. CrowdStrike Falcon recognized the value of cloud-delivery from the beginning, developing architecture built from the ground up to take full advantage of the cloud. CrowdStrike’s cloud-powered endpoint security not only ensures rapid deployment and infinite scalability, it increases your security posture by enabling real-time advanced threat protection across even the largest, distributed enterprises. In this CrowdCast, Jackie Castelli, Sr. Product Manager will discuss: •The advantages of endpoint protection purpose-built for the cloud – why it allows you to take full advantage of the cloud’s power •The common concerns organizations face when evaluating cloud-based endpoint security - can privacy and control be assured? •Real-world examples demonstrating the unique advantages offered by CrowdStrike Falcon’s innovative cloud-powered platform

Cloud-Enabled: The Future of Endpoint Security

CrowdStrike

TLS State of the Union

Sander Temme

Andrea Lelli, Microsoft My presentation will trace the end-to-end WannaCrypt (also known as WannaCry) attack. I will start with an analysis of the underlying SMBv1 remote code execution kernel-mode exploit dubbed "Eternalblue", a powerful cyberweapon leaked by a hacker group known as "The Shadow Brokers". I will then describe how the Wannacrypt ransomware works, and show how the cybercriminals leveraged the EternalBlue exploit to spread the ransomware and achieve a massive and unprecedented infection rate, leaving hundreds of thousands of machines affected. I will highlight the Windows 10 kernel mitigations that granted the OS immunity from the attack. I will also focus on some interesting characteristics that make WannaCrypt particularly sophisticated, like the file-wiping and space-consuming capabilities designed to make the recovery of the original files nearly impossible. I will conclude with a look into how much the perpetrators might have likely earned from the attack. An analysis of the Bitcoin transactions shows that the cybercriminals pooled around $137 dollars to date, which is a huge amount of money, but doesn’t seem to scale with the extent of infection. Not to mention, Bitcoin is a double-edged sword and there’s a good chance that the cybercriminals may not be able to cash out a dime. In this section I will also mention some copycat malware that tried to spread using the same SMB vulnerability (e.g. NotPetya). I will end the presentation with advice on preventing, detecting, and responding to ransomware attacks.

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

BlueHat Security Conference

Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...

mdevtalk

November 19th 2014 CM-UG minutes

CM-UG.com

Tendances (11)

Optimizing ModSecurity on NGINX and NGINX Plus

Shamoon

Cybersecurity Asia 2021 Conference: Learning from Honeypots

SSL State of the Union

Putting Rugged Into your DevOps Toolchain

Introduction to Personal Privacy and Security

Cloud-Enabled: The Future of Endpoint Security

TLS State of the Union

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...

November 19th 2014 CM-UG minutes

Similaire à Online passwords – understanding "credential stuffing" cyberattack

Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks. Your destiny is clear - it’s time to be come a Cyber Defender

Devnexus 2017 Cybercrime and the Developer: How do you make a difference?

Steve Poole

The life of breached data and the attack lifecycle

Jarrod Overson

What I learned from protecting over 1 million crypto traders and investors fr...

Paul Walsh

Clearpreso client: Trustev

Clearpreso

For organizations today, cyber security stands as a top priority to keep their information and systems safe from theft, damages, or disruptions. Within the financial industry, cyber security is especially important as it relates to including best practices and procedures that can can help prevent hackers from achieving success. Organizations’ defensive strategies are what will best help them win the game. This presentation reviews how the enemy works, ways to defend your organization from an attack, what hackers are capable of, and more.

A Look Into Cyber Security

GTreasury

Ethical Hacking & Network Security

Lokender Yadav

Sucuri Webinar: Website Security Primer for Digital Marketers

Sucuri

Password and Account Management Strategies - April 2019

Kimberley Dray

Best & Worst of Cybersecurity

David Amrani

Cybercrime and the Developer Java2Days 2016 Sofia

Steve Poole

E security and payment 2013-1

Abdelfatah hegazy

n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.

Progscon cybercrime and the developer

Steve Poole

Are you wondering why your inbox of your emails is filled with junk mail every day? or why hackers are able to recognize your username when they try to take your password? Most likely, your data was disclosed through security breaches. The Bitdefender study has found that internet users have accounts on an average of eight online platforms that include social media, online shopping platforms and video streaming utility providers, and many more. Criminals are determined to gathering this information and making use of it to attack us. Cybercrime is classified into different stages or stages, or. It includes those who execute attacks that steal customer data; those that market the data to the highest bidders on the dark web and finally, those who buy the data and use it for fraud and extortion or to launch attacks on those whose information was compromised in the hack.

What Happens to Your Data When a Company Gets Breached

Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices

CHRIST College, Bangalore ! ️ Cyber Raksha - Talk on Cyber Security and Awareness. Delivered Seminar to MBA Final Year On Importance of Cyber Security for the Corporates ! My Initiative Cyber Raksha Aims is to Build a Culture of Cyber Safety education specially in Colleges, Schools and Corporates. Lets Transform Digital India into a SECURE DIGITAL INDIA ️ [+] Buy and Implement Secure Technology [+] Train Employees on Cyber Security - Don’t Spend all money on Secure Technology, train employees on Cyber Security. [+] Use Secure Development frameworks for developing applications [+] Understand how your application can be attacked. Short Video of my Talk : https://youtu.be/z-sanhJsXtc #CyberRaksha #Hackdoor #VanshitMalhotra #CyberSecurity #Infosec #SecureDigitalIndia #CyberSecurityAwareness #CyberSecurityTraining

Cyber Raksha - by Vanshit Malhotra

Vanshit Malhotra

How I'd hack into your business and how you can stop me!

AVG Technologies AU

Cybercrime impacts a lot of users every year. Indirectly (compromised merchant – credit card) Directly (compromised login credentials) Cybercrime’s impact can be financial and reputation to your company Impacts 1 in 5 small businesses every year Cybercrime is a global business The Internet allows attackers to be anywhere in the world and attacking victims anywhere in the world Today more organized and motivated than any time in history

Protecting Your Business from Cybercrime - Cybersecurity 101

David J Rosenthal

"While blockchain is immensely popular and sometimes even overrated, this technology still faces some issues due to the immature and inexperienced user community. Without saying, this sets the stage for numerous scam schemes. Our aim is to make the cryptocurrency fraud list of the 5 most common risk factors of blockchain projects. We strive to ensure the security of your crypto interaction by raising your awareness of swindler strategies and market volatility. This topic will be interested for those who look at: - cryptocurrency scam risk factors - cryptocurrency scam - cryptocurrency fraud - cryptocurrency fraud list - is cryptocurrency fraud This is addopted presentation. To review the longread, visit https://axisbits.com/blog/Cryptocurrency-Scam-Risk-Factors"

Top 5 Cryptocurrency Scam Risk Factors

Maxim Kozlovsky

Cryptocurrency Scams | How Do You Protect Yourself?

Money 2Conf

August 2017 - Anatomy of a Cyber Attacker

seadeloitte

Cyber Security Workshop @SPIT- 3rd October 2015

Nilesh Sapariya

Similaire à Online passwords – understanding "credential stuffing" cyberattack (20)

Devnexus 2017 Cybercrime and the Developer: How do you make a difference?

The life of breached data and the attack lifecycle

What I learned from protecting over 1 million crypto traders and investors fr...

Clearpreso client: Trustev

A Look Into Cyber Security

Ethical Hacking & Network Security

Sucuri Webinar: Website Security Primer for Digital Marketers

Password and Account Management Strategies - April 2019

Best & Worst of Cybersecurity

Cybercrime and the Developer Java2Days 2016 Sofia

E security and payment 2013-1

Progscon cybercrime and the developer

What Happens to Your Data When a Company Gets Breached

Cyber Raksha - by Vanshit Malhotra

How I'd hack into your business and how you can stop me!

Protecting Your Business from Cybercrime - Cybersecurity 101

Top 5 Cryptocurrency Scam Risk Factors

Cryptocurrency Scams | How Do You Protect Yourself?

August 2017 - Anatomy of a Cyber Attacker

Cyber Security Workshop @SPIT- 3rd October 2015

Plus de OVHcloud

L’équipe de l’OVHcloud Startup Program France Benelux a organisé, le 05 janvier dernier, son premier meetup online de l’année. Le premier d’une longue série ! Cette première session, animée par Fanny Bouton, Startup Program Leader France Benelux, était l’occasion de découvrir toute l’ampleur de l’écosystème OVHcloud au service des startups au travers de l’OVHcloud Marketplace, l’Open Trusted Cloud Program ou encore avec l’OVHcloud Partner Program. Ce rendez-vous a permis d’échanger directement avec l’ensemble des Program Leaders d’OVHcloud ainsi que nos partenaires tels que La BigAddress, Freelance Stack ou encore SmartGlobal.

OVHcloud Startup Program : Découvrir l'écosystème au service des startups

OVHcloud

Fine tune and deploy Hugging Face NLP models

OVHcloud

How can you successfully migrate to hosted private cloud 2020

OVHcloud

OVHcloud vous apporte en avant-première son éclairage d’expert de l’infrastructure, alors que nous lançons une nouvelle gamme de services cloud dédiée à la Data. Celle-ci réduit drastiquement les contraintes d’infrastructure sur les étapes clés du cycle de vie de la donnée, et permet ainsi aux professionnels de la données (data engineers, data ops, data scientists…) de se concentrer sur sa valorisation.

OVHcloud Partner Webinar - Data Processing

OVHcloud

Nous vivons une époque où tout est connecté, de nos ampoules à notre éditeur de texte, les objets et services qui nous entourent devienne de plus en plus intelligents. Pour ce faire ils génèrent des données, elles sont nécessaires au bon fonctionnement du service ou de l'objet, mais elles sont également utiles pour faire évoluer les produits. Ces données peuvent rapidement représenter de gros volumes, plusieurs dizaines voir centaines de gigaoctets. Une question se pose alors, comment traiter de tels volumes ? Comment en tirer du sens et de la valeur à cette échelle ? Avec OVHcloud Data Processing, une solution basée sur le framework Apache Spark, nous répondons à ce besoin. Venez découvrir comment vous aussi, en quelques cliques, pouvez exécuter votre code sur une infrastructure taillée pour vos besoins. Au travers de différents exemples, comme une analyse du traffic des taxis New-Yorkais, nous verrons comment Data Processing a été pensé, comment il fonctionne et comment il peut être utilisé pour valoriser vos données.

OVHcloud Tech Talks S01E09 - OVHcloud Data Processing : Le nouveau service po...

OVHcloud

Webinar - VPS New Range

OVHcloud

La semaine dernière, les ministres de l'Économie de la France et l'Allemagne ont ont dévoilé les contours GAIA-X, visant à établir les bases d'un écosystème cloud Européen capable de proposer des services respectant des critères de sécurité et des normes européennes. Mais qu'est-ce que ça veut dire concrètement pour vous, en tant que développeur, devops et/ou sysadmin ? En quoi cette initiative gouvernementale conjointe peut vous apporter quelque chose au quotidien ? Et quand on parle de collaboration entre des acteurs franco-allemands, ça veut dire quoi en pratique ? Pierre Gronlier, Solutions Architect chez OVHcloud et Yohann Prigent, VP Front chez Scaleway, ont été impliqués dans GAIA-X depuis des mois, au cœur notamment d'un des projets présentés jeudi dernier: le Démonstrateur GAIA-X (https://staging.gaia-x-demonstrator.eu/). Dans ce Tech Talk, ils vous ouvrent les coulisses du projet, et vous racontent non seulement le pourquoi et le comment ce démonstrateur a été conçu, avec tous les détails techniques, mais aussi et surtout, ce que ça veut dire GAIA-X pour vous en tant que Tech !

OVHcloud Tech Talks S01E08 - GAIA-X pour les techs : OVHcloud & Scaleway vous...

OVHcloud

Webinar - Enterprise Cloud Databases

OVHcloud

Tout le monde parle d’intelligence artificielle de nos jours et certaines personnes imaginent cela comme complexe. La réalité est bien différente, les concepts sont simples, et des outils existent pour cacher les complexités d’implémentation. Dans cet épisode, Jean-Louis Queguiner, nous explique ce qu'est l'intelligence artificielle, les méthodes qui existent et vous présente les concepts basiques des réseaux de neurones. Pas de maths, c'est promis, juste du bon sens !

OVHcloud Tech Talks S01E07 – Introduction à l’intelligence artificielle pour ...

OVHcloud

OVHcloud Tech Talks Fr S01E06 – BeeGFS, un filesystem orienté performance, ma...

OVHcloud

OVHcloud Tech Talks Fr S01E05 – L’opérateur Harbor, une nécessité pour certai...

OVHcloud

OVHcloud Tech-Talk S01E04 - La télémétrie au service de l'agilité

OVHcloud

Chez OVHcloud, nous utilisons en interne des modèles de Machine Learning qui aident à la prise de décision, dans des domaines allant de la lutte contre la fraude à l'amélioration de la maintenance de nos infrastructures. Tirant parti des formats Open Source standard - tels que les SavedModels de Tensorflow - ML Serving permet aux utilisateurs de déployer facilement leurs modèles tout en bénéficiant de fonctionnalités essentielles telles que l'instrumentation, l'évolutivité et la gestion des versions des modèles.

OVHcloud TechTalks - ML serving

OVHcloud

Logging at OVHcloud : Logs Data platform est la plateforme de collecte, d'analyse et de gestion centralisée de logs d'OVHcloud. Cette plateforme a pour but de répondre aux challenges que constitue l'indexation de plus de 4000 milliards de logs par une entreprise comme OVHcloud. Cette présentation vous décrira l'architecture générale de Logs Data Platform autour de ses composants centraux Elasticsearch et Graylog et vous décrira les différentes problématiques de scalabilité, disponibilité, performance et d'évolutivité qui sont le quotidien de l'équipe Observability à OVHcloud.

Logs @ OVHcloud

OVHcloud

A la découverte du standard OpenStack et de ses APIs OpenStack est la brique logicielle open source sur laquelle s'appuie OVHcloud pour proposer son offre de Public Cloud (compute, storage, network, …). OpenStack permet l’administration complète des ressources à travers une API particulièrement riche. Raison pour laquelle OVHcloud en donne un accès exhaustif aux utilisateurs de son Public Cloud, nombreux à manipuler leurs ressources en lignes de commande. Au fil de ce meetup, nous poserons les bases de l’architecture et du fonctionnement d’OpenStack et de ses différents composants. Nous parlerons ensuite du fonctionnement des APIs OpenStack, éléments clés pour interagir avec OpenStack. Nous finirons par quelques usages de ces APIs au travers d’outils connus comme Terraform, qui permettront de mettre en évidence l’importance de proposer un standard dans l’univers du Public Cloud.

Les APIs OpenStack

OVHcloud

1 sysadmin vs 250 clusters de stockage

OVHcloud

Il y a deux ans, nous apprenions notre nouvelle mission : migrer les 3 millions de sites web hébergés dans notre datacentre de Paris. Sans en maitriser le code source, les migrer sans impact nous semblait totalement irréaliste. 18 mois plus tard, c'est terminé ! Pour y arriver, nous avons du configurer des proxy SQL, des tunnels réseau, migrer des IP entre nos datacentres, livrer des milliers de serveurs, bosser durant des dizaines de nuits, mais aussi s'organiser entre plusieurs équipes qui n'ont pas l'habitude de travailler ensemble. Quels sont les soucis technique et humains que nous avons rencontrés, et comment les avons nous résolu ? Retour d'expérience sur l'une des plus grosse migration que le web ai connu !

Migrer 3 millions de sites sans maitriser leur code source ? Impossible mais ...

OVHcloud

Le machine learning et l’IA sont des buzzwords qui font maintenant partie de notre quotidien. Pourtant, rares sont les projets qui osent inclure du ML dans leur cycle de vie. Les raisons sont multiples : - Inquiétudes sur un niveau d’expertise trop limité en DataScience - Difficultés d’apprécier à l’avance le gap entre difficulté de mise en place et retour sur investissement - Inquiétudes sur la pérennité des efforts investis : (dérive des modèles entrainés) - Peur de s’engager dans un effort trop important de maintenance sur le long terme Bien que fondées, ces raisons n’ont plus lieu d’être après la mise en place de procédés d’industrialisation spécifiques à ce genre de problème. Venez découvrir comment nous avons fait converger les compétences des datascientists et des devops afin de créer une plate-forme de machine learning simple, scalable et accessible aux non-experts. De l’analyse des données à la mise en production de modèles nous verrons comment industrialiser les procédés d’apprentissage automatique sans le moindre effort. Pour plus d'informations à propos de Prescience : https://labs.ovh.com/machine-learning-platform

Industrialize Machine Learning

OVHcloud

OVHcloud – Enterprise Cloud Databases

OVHcloud

In this workshop VMware will provide a quick reminder of the main contributions of the NSX network virtualization platform: consistent network and security management, increased application resiliency, rapid migration of workloads to and from the cloud. VMware and OVH will then move on to practical cases with implementation of micro-segmentation, dynamic routing, automatic deployment of an application, load balancing in the OVH Hosted Private Cloud. This workshop is aimed at a technical audience.

OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX

OVHcloud

Plus de OVHcloud (20)

OVHcloud Startup Program : Découvrir l'écosystème au service des startups

Fine tune and deploy Hugging Face NLP models

How can you successfully migrate to hosted private cloud 2020

OVHcloud Partner Webinar - Data Processing

OVHcloud Tech Talks S01E09 - OVHcloud Data Processing : Le nouveau service po...

Webinar - VPS New Range

OVHcloud Tech Talks S01E08 - GAIA-X pour les techs : OVHcloud & Scaleway vous...

Webinar - Enterprise Cloud Databases

OVHcloud Tech Talks S01E07 – Introduction à l’intelligence artificielle pour ...

OVHcloud Tech Talks Fr S01E06 – BeeGFS, un filesystem orienté performance, ma...

OVHcloud Tech Talks Fr S01E05 – L’opérateur Harbor, une nécessité pour certai...

OVHcloud Tech-Talk S01E04 - La télémétrie au service de l'agilité

OVHcloud TechTalks - ML serving

Logs @ OVHcloud

Les APIs OpenStack

1 sysadmin vs 250 clusters de stockage

Migrer 3 millions de sites sans maitriser leur code source ? Impossible mais ...

Industrialize Machine Learning

OVHcloud – Enterprise Cloud Databases

OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX

Dernier

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Exploring Multimodal Embeddings with Milvus

Zilliz

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

DBX First Quarter 2024 Investor Presentation

Dropbox

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Architecting Cloud Native Applications

WSO2

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Dernier (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Exploring Multimodal Embeddings with Milvus

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

AWS Community Day CPH - Three problems of Terraform

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

WSO2's API Vision: Unifying Control, Empowering Developers

DBX First Quarter 2024 Investor Presentation

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Six Myths about Ontologies: The Basics of Formal Ontology

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Architecting Cloud Native Applications

MS Copilot expands with MS Graph connectors

presentation ICT roal in 21st century education

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Why Teams call analytics are critical to your entire business

Online passwords – understanding "credential stuffing" cyberattack

2. #OVHcloudSummit FOCUS ON THE CREDENTIAL STUFFING THREAT Sébastien Mériot Head of CSIRT @smeriot SALLE 1 FROM 17:00 PM TO 17:45 PM

3. #OVHcloudSummit CREDENTIAL STUFFING EXAMPLE

4. #OVHcloudSummit WHAT HAPPENED ?

5. #OVHcloudSummit WHAT HAPPENED ? “52% of the users studied have the same passwords [everywhere].” “85% of passwords [are] reused or slightly changed in the case of online shopping, and 62% for email. ” - Panda Security https://www.pandasecurity.com/mediacenter/security/password-reuse/

6. #OVHcloudSummit HOW THE PASSWORD LEAKED ?

7. #OVHcloudSummit HOW THE PASSWORD LEAKED ? Disclaimer LinkedIn is definitely not the only company that suffered from a data breach.

8. #OVHcloudSummit HOW THE PASSWORD LEAKED ?

9. #OVHcloudSummit Disclaimer LinkedIn is definitely not the only company that suffered from a data breach.

10. #OVHcloudSummit TIMELINE 2012 An attacker succeed in getting an access to LinkedIn’s database. 2012 LinkedIn warns several millions customers about a potential breach. May 2016 Database with clear passwords is sold on the darkweb. June 2016 Mark Zuckerberg has both Twitter & Pinterest accounts hacked. 2012-2016 Bruteforce attack again SHA1 passwords to recover clear passwords.

11. #OVHcloudSummit CREDENTIAL STUFFING ECONOMY

12. #OVHcloudSummit CYBERCRIME SUPPLY CHAIN Identification Distribution Exploitation

13. #OVHcloudSummit CYBERCRIME SUPPLY CHAIN Identification Distribution Exploitation Hacker discovers a brand new vulnerability. Exploits are bought and embedded in malwares. Malwares are spread by distribution groups. Hacker writes an exploit for the vulnerability. Botnet is rent for different purposes.

14. #OVHcloudSummit CYBERCRIME SUPPLY CHAIN Identification Distribution Exploitation Hacker discovers a brand new vulnerability. Exploits are bought and embedded in malwares. Malwares are spread by distribution groups. Hacker writes an exploit for the vulnerability. Botnet is rent for different purposes.

15. #OVHcloudSummit CYBERCRIME SUPPLY CHAIN Identification Distribution Exploitation Hacker discovers a brand new vulnerability. Exploits are bought and embedded in malwares. Malwares are spread by distribution groups. Hacker writes an exploit for the vulnerability. Botnet is rent for different purposes. MONEY LAUNDERING

16. #OVHcloudSummit CYBERCRIME SUPPLY CHAIN Identification Distribution Exploitation MONEY LAUNDERING

17. #OVHcloudSummit CYBERCRIME SUPPLY CHAIN Identification Distribution Exploitation Database is exfiltrated by an attacker. Account harvesting through a botnet. Accounts are sold by packs. Passwords are cracked. Twitter accounts are bought. MONEY LAUNDERING Platform selling followers.

18. #OVHcloudSummit CREDENTIAL STUFFING PREVENTION

19. #OVHcloudSummit A GREAT WEBSITE https://www.haveibeenpwned.com/

20. #OVHcloudSummit Your password is as much precious as your credit card number.

21. #OVHcloudSummit PASSWORD GENERATION CNIL Recommandations : - 12+ characters (maj, min, num, sym) - Periodic renewal https://www.cnil.fr/fr/authentification-par-mot-de-passe-les-mesures-de-securite-elementaires

22. #OVHcloudSummit PASSWORD GENERATION Hector2014 Hect0r2014NOT SAFE NOT SAFE

23. #OVHcloudSummit PASSWORD GENERATION First letter method : “I bought 1 delicious cupcake for £2 in Glasgow.” ➔ Ib1dCC4£2iGG.

24. #OVHcloudSummit UNIQUE PASSWORDS Platform Facebook Instagram OVH Password FBIb1dCC4£2iGG INIb1dCC4£2iGG. OVIb1dCC4£2iGG.

25. #OVHcloudSummit Random passwords are much more secure.

26. #OVHcloudSummit Password Manager That kind of software help to store securely a large amount of credentials which can be randomly generated to ensure the strength for each of them.

27. #OVHcloudSummit A browser is not a password manager.

28. #OVHcloudSummit AUTHENTICATION Principle What I Know What I Am What I Have Factor Shared Secret Biometry Device How To Authenticate Someone ?

33. #OVHcloudSummit Let’s discuss with us on Enterprise booth ENTERPRISE

34. #OVHcloudSummit As a reminder: 20th anniversary celebration party and closing concert from 6:00 PM. All are welcome!