Dates
Conferences
Tags
Sort by:
Most recent
Conference: Black Hat Asia 2023
Authors: Xu Yuanzhen, Peter Mularien
2023-05-12
It is known to us that Java language has an integrated ecosystem. With the development of cloud computing, more and more cloud-native systems increasingly consist of Java applications. In the meanwhile, the potential new attack surface for Java applications exposes stealthily. Some cloud data platforms supply users with customized database management services, so the users are able to utilize the services flexibly. Java Database Connectivity (JDBC) is the fundamental component of the Java environment and is used to implement database connection and manipulation. I paid close attention to this scenario, and then I discovered the new attack surface. We took a long time to research the mainstream vendors and their JDBC drivers, like Google, IBM, etc. In our research, we will elaborate on both the static and dynamic source code analysis experience with the juicy techniques, like locating the accurate sinks and then we will demonstrate the new gadgets for SSRF and RCE vulnerabilities. We will render the real-world scenario attacking illustrations and detection evasions as well.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Rich Burroughs, Kaslin Fields
2023-04-21
tldr - powered by Generative AI
The presentation discusses the importance of contributing to open source, learning Kubernetes, and the growing field of cloud native security.
- Contributing to open source helps build a robust career
- Learning Kubernetes can be tough but is important
- Security is a growing and maturing field in Kubernetes
- Getting involved in documentation and Git can help build coding skills
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Marko Mudrinić, Verónica López González
2023-04-19
tldr - powered by Generative AI
The presentation discusses the joint effort between SIG Release, SIG Infra, and other contributors to enforce the migration of Kubernetes images from GCR to Registery. The goal is to serve images from both GCP and AWS, but the migration required manual interaction from users and bending of policies.
- Introduced Registery as a new front for all Kubernetes images to serve images from both GCP and AWS
- Enforced migration from GCR to Registery due to high risk of not having enough GCP Cloud credits for the year
- Bent policies to allow for faster migration despite the policy requiring at least 12 months for users to migrate away from stable features
- Backwards compatibility was introduced to allow for continued access to GCR
- Manual interaction from users was required for the migration
Conference: Global AppSec Dublin 2023
Authors: Clemens Hübner
2023-02-15
tldr - powered by Generative AI
Passkeys are the next evolution step of web authentication, solving problems with passwords and making authentication more secure. They are included in the app ecosystem and allow for smoother authentication between different clients. However, using passkeys binds users to existing oligopolies of big user providers, and it is unclear how independent web authentication can remain from these platforms in the future.
- Passkeys solve problems with passwords and make authentication more secure
- Passkeys are included in the app ecosystem and allow for smoother authentication between different clients
- Using passkeys binds users to existing oligopolies of big user providers
- It is unclear how independent web authentication can remain from these platforms in the future
Conference: Transform X 2022
Authors: François Chollet
2022-10-19
tldr - powered by Generative AI
The presentation discusses the need to make machine learning (ML) universally accessible to developers who are not ML experts. The speaker emphasizes the importance of UX design, componentry use, and automation in empowering developers to use ML effectively.
- ML is moving at an incredible speed and has the potential to transform various industries.
- To realize the full potential of ML, it needs to be accessible to anyone with an idea and some coding skills.
- The Responsible AI Toolkit is a suite of tools and resources that can help developers address safety concerns at each stage of the model development process.
- Progressive disclosure of complexity is a key design principle in making ML accessible to developers.
- Keras API provides a range of workflows from the very high level to the very low level, corresponding to different user profiles.
- Avoiding API silos is important in making ML accessible to developers.
- The speaker encourages developers to check out the Model Remediation Package to address bias in Keras models.
Conference: Transform X 2022
Authors: James Manyika, Alexandr Wang
2022-10-19
tldr - powered by Generative AI
The challenges of reskilling at scale and the role of humans in fine-tuning and embedding AI systems into society
- The challenge of reskilling at scale is greater due to faster progress in technology
- Current AI systems are intelligence machines, not learning machines like children
- There will be millions of jobs around fine-tuning and guiding AI systems
- Social technical embedding is necessary to effectively put AI systems into the world
- The 'other' job category is the fastest growing and reflects new and emerging activities
- Ethical use of AI is a concern that needs to be addressed
Conference: SupplyChainSecurityCon 2022
Authors: Daniel Nebenzahl
2022-06-21
tldr - powered by Generative AI
The presentation discusses the implementation of the Salsa standard in supply chain security and the challenges faced in complying with its requirements.
- Salsa is an emerging standard that puts many requirements on the table for supply chain security implementation
- Compliance-driven implementation of the framework may result in minimal value and negotiation with suppliers is necessary
- Provenance documents can be built from APIs and log files to avoid opening up all pipelines
- Level three of Salsa promises better protection from developer workstations and adjacent build systems
- Strongly authenticated actors and retention of sources indefinitely are challenging requirements to comply with
- The Salsa standard provides solutions but they are hard to implement and may result in loss of accreditation
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Kemal Akkoyun, Matthias Loibl
2021-10-15
tldr - powered by Generative AI
The presentation discusses the development of Parka, a tool for profiling and analyzing performance in software applications. The focus is on the storage architecture and the process of handling write requests.
- Parka is a tool for profiling and analyzing performance in software applications
- The storage architecture of Parka is designed to handle stack traces as a first-class citizen
- Write requests are ingested and validated using protobuf and metadata label sets
- The metadata store is implemented in SQLite and can be used with any SQL database
- The end result of a write request is a set of location IDs and corresponding sample values
Conference: Transform X 2021
Authors: Eric Schmidt
2021-10-07
tldr - powered by Generative AI
The speaker discusses the challenges and opportunities of AI and machine learning, emphasizing the need to democratize the technology and make it accessible to more people. He also highlights the potential risks of AI, particularly in the information space, and the importance of addressing cybersecurity concerns.
- The current challenge in AI is building sophisticated multi-model reasoning systems and optimizing the pipeline
- The goal is to make AI accessible to more people, including those with relatively normal technical education
- Open source and knowledge sharing are critical for accelerating progress in AI
- AI has the potential to be transformative across many industries, but also poses risks in the information space
- Cybersecurity concerns must be addressed to prevent the misuse of AI technology