Search results “Safari web crypto api functions”
Real World WebAssembly (Chrome Dev Summit 2017)
WebAssembly brings a new capability to the web, delivering a performant run-time to allow compiled languages such as C++ to be used in web applications. In this video, Alex Danilo and Deepti Gandluri introduce the principles for using WebAssembly in a web application, techniques for debugging, and demonstrate a real-world example of a large code-base built to run in the browser for production deployment. They also present future features coming to Web Assembly along with some tips for how to deploy and support older browsers using a graceful degradation approach. Check out the rest of the Chrome Dev Summit videos here: https://goo.gl/ekCoVu Subscribe to the Google Chrome Developers channel: http://goo.gl/LLLNvf
PWA starter kit: build fast, scalable, modern apps with Web Components (Google I/O '18)
Web Components are encapsulated, re-usable elements using just the web platform. But these APIs don't say much about how to turn components into fast and modern apps. Learn how Polymer has been honing methods for building apps out of Web Components by melding the best ideas from the community with new platform APIs. You'll leave this talk understanding how using a few simple patterns like Redux to wire components together enables building highly scalable apps on the web like never before. Rate this session by signing-in on the I/O website here → https://goo.gl/8rLYRx Watch more Chrome and Web sessions from I/O '18 here → https://goo.gl/5fgXhX See all the sessions from Google I/O '18 here → https://goo.gl/q1Tr8x Subscribe to the Chrome Developers channel → http://goo.gl/LLLNvf #io18
IOTA tutorial 25: WebRTC and MAM Signaling
If you like this video and want to support me, go this page for my donation crypto addresses: https://www.youtube.com/c/mobilefish/about This is part 25 of the IOTA tutorial. In this video series different topics will be explained which will help you to understand IOTA. It is recommended to watch each video sequentially as I may refer to certain IOTA topics explained earlier. The main objective of this video is to explain what WebRTC is and demonstrate a proof-of-concept WebRTC MAM signaling implementation. WebRTC (Web Real-Time Communication) was announced in 2011 and is a HTML5 specification supported by Google, Mozilla and Opera, amongst others. WebRTC provides browsers and devices with direct data, voice and video peer-to-peer communication without the need to install plugins or download native apps. WebRTC is supported by most modern browsers such as Chrome, Firefox, Safari and Microsoft Edge. WebRTC uses the following main component JavaScript APIs: - RTCPeerConnection To setup and create a peer-to-peer connection. - RTCDataChannel To bidirectional transfer arbitrary data peer-to-peer. Every data channel is associated with an RTCPeerConnection, and each peer connection can have one or more data channels. - MediaStream (more commonly known by its JavaScript function getUserMedia) It gives access to a stream object that represent video (camera) and audio (microphone) streams. If two peers needs to communicate directly with each other they need to know each other public ip address and port. Often a direct connection is not possible because the peers uses a router with a built-in firewall that uses Network Address Translation (NAT). The Interactive Connectivity Establishment framework (ICE) deals with the process of connecting peers through NATs. A STUN (Session Transversal Utilities for NAT) server allows the peers to discover their public IP address, port and the type of NAT they are behind. This information is used to establish a peer-to-peer connection. A media stream will flow directly between the peers. In most cases (~70%) a STUN server suffice to setup a peer-to-peer connection. If a STUN server cannot establish the connection, ICE uses a TURN (Traversal Using Relay NAT) server. When a TURN server is used, this server relays the media stream between the peers. The use of a STUN server is preferred above a TURN server because a TURN server uses a lot of processing power. In a WebRTC application the STUN and TURN server locations can be specified. There are public STUN servers available but use them for prototyping or non-mission critical applications.  To create a peer-to-peer connection, the peers must also exchange several types of information first, for example: - Their external IP addresses and ports. - Their codecs and media types that they support. - When to initialise, close, and modify the communications sessions. This exchange of information between peers is called signaling and usually an external server is used called a "signaling server" which can store this information, for example in a database. Signaling methods and protocols are not specified by the WebRTC standards. When Alice initiates a peer-to-peer communication with Bob, Alice is called the local user (aka caller) and Bob is the called the remote user (aka callee). The information send from Alice's browser to a signaling server is called the "offer", and Bob's browser information send to a signaling server is called the "answer". The offer and answer are written in a so called Session Description Protocol (SDP) format. To demonstrate the WebRTC signaling process use the following application: https://www.mobilefish.com/download/webrtc/webrtc_noserver.html I have created a proof-of-concept to test if Masked Authenticated Messaging (MAM) can be used as a signaling implementation for WebRTC. See: https://www.mobilefish.com/services/cryptocurrency/mam_webrtc.html You can use Masked Authenticated Messaging (MAM) as a signaling implementation for WebRTC. However it takes too long to establish a peer-to-peer connection because publishing the offer and answer to the Tangle takes too much time. In a production like environment this is not acceptable, but for prototyping or just for demo applications its perfect. When using MAM it is recommended to compress your data, which will decrease the time to publish this data to the Tangle. For example you can use the lz-string compression javascript library. See: http://pieroxy.net/blog/pages/lz-string/index.html Check out all my other IOTA tutorial videos: https://www.youtube.com/playlist?list=PLmL13yqb6OxdIf6CQMHf7hUcDZBbxHyza Subscribe to my YouTube channel: https://www.youtube.com/channel/UCG5_CT_KjexxjbgNE4lVGkg?sub_confirmation=1 The presentation used in this video tutorial can be found at: https://www.mobilefish.com/developer/iota/iota_quickguide_tutorial.html #mobilefish #howto #iota
Views: 691 Mobilefish.com
Streaming Service Workers: Live Code Session - Supercharged
In this Supercharged Live Code Session, Jake & Surma implement a streaming Service Worker, coding in real time, bugs and all! Whether you are watching live or not, please send in your questions and comments to the guys as they will read them and if they can, answer them for you. Code for this live stream session: https://github.com/GoogleChrome/ui-element-samples/tree/gh-pages/streaming-service-worker
How to Pull in Data from a Website into an Excel Spreadsheet
This tutorial explains how to index tables on specific websites and extract real time data into an Excel spreadsheet.
Views: 89180 edutechional
An introduction to Encrypted Media Extensions (EME)
Slides featured are at http://goo.gl/Le9VQ. Encrypted Media Extensions (EME) is a JavaScript API that enables web applications to interact with DRM systems, in order to allow playback of encrypted media. In this Google Developers Live session, John Luther (EME Product Manager) and Sam Dutton (Chrome Developer Advocate) give an introduction to the APIs, and discuss the technical challenges involved.
Views: 13804 Google Developers
Engaging Experiences - PWA Roadshow
Progressive Web Apps give us an opportunity to reset our expectations and to loudly declare that We Can Do Better when designing user experiences on the web. Building an engaging Progressive Web App goes beyond functional, and ensures that they whole experience is delightful, making it easy for the user to do what they need to do. In this video, you’ll learn how to create engaging user experiences for your users. You’ll learn how to create engaging notifications using Web Push that bring users back to your app, turning them into a regular user. Links from the video Slides - https://goo.gl/ESUahe Material Design Spec - https://goo.gl/VAv9T6 iOS Human Interface Guidelines - https://goo.gl/WJHBxk Web Push Libraries - https://goo.gl/8jZGKk Web Push Notification Docs - https://goo.gl/NNm4Ay Web Push Protocol: In Depth - https://goo.gl/6eUiJZ Web Push Protocol & VAPID Specs - https://goo.gl/UUHxiu & https://goo.gl/E9xDT9 Code Labs Your First Progressive Web App - https://goo.gl/9DJRJq Debugging Service Workers - https://goo.gl/suGNRb Web Push Notifications - https://goo.gl/QRLk5i PaymentRequest API - https://goo.gl/dxWGdP Catch the rest of the PWA Roadshow here - https://goo.gl/HdiR8t Subscribe to the Google Chrome Developers channel: http://goo.gl/LLLNvf
Progressive web apps (PWA) - BRK2364
Progressive web apps are one of the hottest things to come to the web platform in years, but how much of it is just hot air? When can you actually start shipping these things? Decades ago! In a hands-on presentation, we show how PWAs are truly meant to be progressive—building on an evolution of web technologies nearly as old as the web itself—and still let you ship one of the most performant and cutting edge web apps around.
Views: 2682 Microsoft Ignite
Google I/O 2009 - Exploring Chrome Internals
Google I/O 2009 - Exploring Chrome Internals Darin Fisher Learn about Google Chrome's multi-process architecture and sandboxing technology. This talk will provide an overview of the processes, threads, and IPC involved with getting pixels on the screen in a system where the WebKit rendering engine is denied, via the sandbox, from having direct access to your computer. For presentation slides and all I/O sessions, please go to: code.google.com/events/io/sessions.html
Views: 21871 Google Developers
DEF CON 24 - Alex Chapman and Paul Stone - Toxic Proxies: Bypassing HTTPS
Rogue access points provide attackers with powerful capabilities, but in 2016 modern privacy protections such as HTTPS Everywhere, free TLS certificates and HSTS are de-facto standards. Surely our encrypted traffic is now safe on the local coffee shop network? If not, my VPN will definitely protect me… right? In this talk we’ll reveal how recent improvements in online security and privacy can be undermined by decades old design flaws in obscure specifications. These design weakness can be exploited to intercept HTTPS URLs and proxy VPN tunneled traffic. We will demonstrate how a rogue access point or local network attacker can use these new techniques to bypass encryption, monitor your search history and take over your online accounts. No logos, no acronyms; this is not a theoretical crypto attack. We will show our techniques working on $30 hardware in under a minute. Online identity? Compromised. OAuth? Forget about it. Cloud file storage? Now we’re talking. Bio: Alex Chapman is a Principal Security Researcher at Context Information Security in the UK, where he performs vulnerability discovery, exploit development, bespoke protocol analysis and reverse engineering. He has been credited in security advisories for a number of major software products for vendors such as Citrix, Google, Mozilla and VMware, and has presented his research at security conferences around the world. He has spent the past several months making things (for a change), poking holes in old technologies, and pointing out security flaws which have no place in modern day software. Paul Stone is a Principal Security Researcher at Context Information Security in the UK where he performs vulnerability research, reverse engineering, and tool development. He has a focus on browser security and has reported a number of vulnerabilities in the major web browsers including Chrome, Internet Explorer, Firefox, and Safari. He has spoken at a number of Black Hat conferences, presenting the well-received ‘Pixel-Perfect Timing Attacks’ and ‘Next Generation Clickjacking’ talks. Paul’s recent obsession has been Bluetooth LE and has helped create the RaMBLE Android app for collecting and analyzing BLE data.
Views: 2490 DEFCONConference
What is HTTP COOKIE? What does HTTP COOKIE mean? HTTP COOKIE meaning, definition & explanation
What is HTTP COOKIE? What does HTTP COOKIE mean? HTTP COOKIE meaning - HTTP COOKIE definition - HTTP COOKIE explanation. Source: Wikipedia.org article, adapted under https://creativecommons.org/licenses/by-sa/3.0/ license. SUBSCRIBE to our Google Earth flights channel - https://www.youtube.com/channel/UC6UuCPh7GrXznZi0Hz2YQnQ An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers. Other kinds of cookies perform essential functions in the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples). The tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories – a potential privacy concern that prompted European and U.S. lawmakers to take action in 2011. European law requires that all websites targeting European Union member states gain "informed consent" from users before storing non-essential cookies on their device.
Views: 26 The Audiopedia
Hands-On With Android P's New Swipe-Based Gesture System
Google yesterday introduced the newest version of Android, Android P, at its Google I/O developer conference held in Mountain View, California. Android P includes a few enticing features like a new Dashboard for monitoring usage and an adaptive battery feature for improving battery life, but what was of interest to iPhone users was the new gesture system. Android P adopts a new gesture-based system interface that's reminiscent of the interface of the iPhone X, so we decided to download the Android P beta to check it out for ourselves. Read more - https://www.macrumors.com/2018/05/09/hands-on-with-android-p/
Views: 52098 MacRumors
Assessment Techniques - CompTIA Security+ SY0-401: 3.7
Security+ Training Course Index: http://professormesser.link/sy0401 Professor Messer’s Course Notes: http://professormesser.link/sy0401cn Frequently Asked Questions: http://professormesser.link/faq - - - - - Security policies should be written to include the security assessment of your infrastructure. In this video, you’ll learn the best practices around baselining, reviewing code, performing design reviews, and completing architecture reviews. - - - - - Download entire video course: http://professormesser.link/401adyt Get the course on MP3 audio: http://professormesser.link/401vdyt Subscribe to get the latest videos: http://professormesser.link/yt Calendar of live events: http://www.professormesser.com/calendar/ FOLLOW PROFESSOR MESSER: Professor Messer official website: http://www.professormesser.com/ Twitter: http://www.professormesser.com/twitter Facebook: http://www.professormesser.com/facebook Instagram: http://www.professormesser.com/instagram Google +: http://www.professormesser.com/googleplus
Views: 17471 Professor Messer
Jake Archibald: In The Loop - JSConf.Asia 2018
Have you ever had a bug where things were happening in the wrong order, or particular style changes were being ignored? Ever fixed that bug by wrapping a section of code in a setTimeout? Ever found that fix to be unreliable, and played around with the timeout number until it kinda almost always worked? This talk looks at the browser's event loop, the thing that orchestrates the main thread of the browser, which includes JavaScript, events, and rendering. We'll look at the difference between tasks, microtasks, requestAnimationFrame, requestIdleCallback, and where events land. Hopefully you'll never have to use setTimeout hacks again!" Jake is developer advocate for Google Chrome. He's one of the editors of the service worker spec, so he's into offline-first, push messaging and web performance. JSConf.Asia - Capitol Theatre, Singapore - 27 January 2018 Source: https://2018.jsconf.asia/ License: For reuse of this video under a more permissive license please get in touch with us. The speakers retain the copyright for their performances.
Views: 40065 JSConf
DEF CON 22 - Dan Kaminsky - Secure Random by Default
Secure Random By Default Dan Kaminsky Chief Scientist, White Ops As a general rule in security, we have learned that the best way to achieve security is to enable it by default. However, across operating systems and languages, random number generation is always exposed via two separate and most assuredly unequal APIs -- insecure and default, and secure but obscure. Why not fix this? Why not make JavaScript and PHP and Java and Python and even libc rand() return strong entropy? What are the issues stopping us? Should we just shell back to /dev/urandom, or is there merit to userspace entropy gathering? How does fork() and virtualization impact the question? What of performance, and memory consumption, and headless machines? Turns out the above questions are not actually rhetorical. Just because a change might be a good idea doesn't mean it's a simple one. This will be a deep dive, but one that I believe will actually yield a fix for the repeated *real world* failures of random number generation systems. Dan Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft.Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases. Dan is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure of all time. Of the seven Recovery Key Shareholders who possess the ability to restore the DNS root keys, Dan is the American representative. Dan is presently developing systems to reduce the cost and complexity of securing critical infrastructure.
Views: 22109 DEFCONConference
Google I/O 101:  Introduction to Dart with Seth Ladd
In this tutorial, Seth Ladd will teach you the basics of the Dart language, libraries, and tools. Learn how this new open source project can help you scale your web programs from small scripts to large structured and modern apps.
Views: 52513 Google Developers
An introduction to Dart, the structured web programming platform
Learn more about Dart at http://www.dartlang.org Seth Ladd presents Dart, the open source web programming platform. In this video, Seth gives an overview of the philosophy and motivation of the language, reviews some of the interesting new language features like optional static types and isolates, and gives a demo of the editor. Special thanks to http://www.carbonfive.com for recording the video, and for the invitation.
Views: 16612 Google Developers
Nolan Lawson does open-source, episode 1
The real-life adventures of an open-source software maintainer. Watch him plow through Github issues with aplomb, mull over pull requests, and respond to questions from the community! Timeline ----- 1:06 - show begins 4:39 -127 unread Github notifications 5:50 - pouchdb-find null issue 9:23 - shout-out to trackball mice 10:35 - pouchdb-authentication CORS issue 18:38 - Calvin Metcalf's lie, Rollup, Browserify 25:49 - mingz https://github.com/nolanlawson/mingz 26:33 - pouchdb-find again, my laptop starts to melt 41:01 - LocalForage on Angular, library author responsibility 42:43 - LocalForage on Firefox, file:// issues? 51:00 - pouchdb-authentication sessions and roles 55:45 - ember-pouch and blueprints 56:45 - destroying IndexedDB is racey 59:44 - back to Ember blueprints 1:02:43 - Greenkeeper and security 1:11:44 - Dexie.js and promises, how to help beginners 1:13:55 - CouchDB ETags and Safari Technology Preview 1:16:39 - my "curtains" fall down 1:18:14 - Greenkeeper and semver 1:20:49 - back to ETags 1:22:02 - Caniuse.com, theme-color, Pokedex.org 1:26:07 - "compiling CouchDB" - y u no docker? 1:28:16 - back to theme-color, "first timers only" 1:30:47 - WebSQL over Flash? WebSQL over IndexedDB? 1:35:57 - Cordova SQLite Plugin 2 1:39:02 - Node 0.10 is the new IE6 1:44:38 - LocalForage and SQLite Plugin 2:08:24 - Ember blueprints again, fivetanley is awesome 2:12:55 - TypeScript support in pouchdb-authentication? 2:14:46 - Jison debugger 2:16:52 - Electron and LevelDB 2:28:28 - hoodie-account-server, LGTM 2:29:20 - crypto-pouch attachments failing 2:30:54 - pretty-s3, how to gracefully "un-maintain" a project? 2:33:49 - SuperSaiyanScrollView, another ancient project 2:36:25 - how to handle open-source overload 2:37:11 - local-npm bug, npm "files" vs .npmignore 2:39:12 - "Step 1 of Github is Inbox Zero" 2:40:02 - LocalForage, IndexedDB observables? 2:46:52 - LocalForage, IndexedDB across subdomains? 2:48:44 - LocalForage nopromises.js 2:51:01 - CatLog was forked into MatLog, the fork is better 2:52:36 - TJHolowaychuk's "debug" and web workers 2:55:05 - "It feels less alone to work on issues while streaming" 2:58:37 - FruitDOWN, IndexedDB, and Safari 3:03:05 - socket-pouch, web sockets, and SSL 3:11:38 - the Ember community is amazing 3:13:10 - Virtual DOM SoftSetHook 3:14:40 - Virtual DOM - serializing functions? 3:18:07 - Jed Schmidt and lave: https://www.npmjs.com/package/lave 3:24:42 - Pokedex.org and perf issues in Firefox for Android 3:27:53 - Zuul and Firefox testing in Travis 3:31:37 - "Open source is people first, code second"
Views: 7732 Nolan Lawson
Google I/O 2009  Native Code for Compute Intensive Web Apps
Google I/O 2009 - Native Client: Using Native Code to Build Compute Intensive Web Applications Brad Chen Some applications require high-performance client-side computation. Native Client is a technology for running native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. This talk will give a brief overview of the architecture of Native Client. We'll then look at some specific example applications as well as strategies for how to use native code to handle compute intensive tasks within web applications using SRPC, Shared Memory and NPAPI. For presentation slides and all I/O sessions, please go to: code.google.com/events/io/sessions.html
Views: 28057 Google Developers
Edge Conf 2: Offline
Web applications that work offline are still clearly in demand, but the standards lack support for even fairly basic use cases, and encourage developers to break fundamental navigation models of the web. There are two competing (or perhaps complementary), proposals to improve the situation, but it'll be a long slog. In the meantime, workarounds remain some of the most hackish in the web world. Are there any workable solutions to 'adding' offline to an existing site? What patterns allow offline to be used today while remaining open to replacement solutions in the future?
Introduction to HTML 5
Note: Higher quality version on Vimeo: http://vimeo.com/6691519 Are you interested in HTML 5 and what's coming down the pipeline but haven't had time to read any articles yet? Brad Neuberg has put together an educational Introduction to HTML 5 video that goes over many of the major aspects of this new standard, including: * Web vector graphics with the Canvas tag and Scalable Vector Graphics (SVG) * The Geolocation API * HTML 5 Video * The HTML 5 Database and Application Cache * Web workers In the video we also crack open the HTML 5 YouTube Video prototype to show you some of the new HTML 5 tags, such as nav, article, etc. It's chock full of demos and sample source code.
Views: 652499 Google Developers
Livestream Day 2: Stage 3 (Google I/O '18)
This livestream covers all of the Google I/O 2018 day 2 sessions that take place on Stage 3. Stay tuned for technical sessions and deep dives into Google's latest developer products and platforms. Event schedule (all times are PDT) → https://goo.gl/qYxGPM 38:05 - Code beautiful UI with Flutter and Material Design 1:28:02 - Analyze your audience and benchmark metrics to grow on Google Play 2:27:14 - Make your WordPress site progressive 3:29:35 - Challenges and learnings of building for the next billion users 5:27:24 - What's new with the Google Assistant SDK for devices 6:27:47 - Design, machine learning, and creativity 7:27:34 - PWA starter kit: build fast, scalable, modern apps with Web Components 8:27:43 - What's new in Angular 9:27:33 - The power of Headless Chrome and browser automation 10:27:32 - Best practices for text on Android Google I/O 2018 All Sessions Playlist → https://goo.gl/q1Tr8x Subscribe to the Google Developers channel → http://goo.gl/mQyv5L Music by Terra Monk → https://goo.gl/wPgbHP
Views: 12628 Google Developers
Kai Jäger: What it’s like to live on the Edge | JSConf EU 2015
This is the story of a new browser with a complicated legacy. It’s a story about making new friends without alienating old acquaintances. Most of all, it’s a story about innovating without breaking the Web. This is the story of Microsoft Edge, the new browser in Windows 10, how it came to be, what separates it from Internet Explorer and what that means for web developers. It’s a tale of epic proportions with a happy ending that is really only the beginning. Intro music by @halfbyte
Views: 1383 JSConf
Crockford on JavaScript - Part 5: The End of All Things
Yahoo!'s JavaScript architect Douglas Crockford concludes his five-part lecture series on the JavaScript programming language with a review of issues related to security and performance in JavaScript.
Views: 45072 YUI Library
Zero Configuration networking with Bonjour
Google TechTalks November 2, 2005 Dr. Stuart Cheshire, Apple Computer http://www.stuartcheshire.org/ ABSTRACT The desirability of making IP networking easy to use has been obvious for many years, but achieving that goal has proved elusive. One day, Stuart Cheshire got tired of fellow Stanford Computer Science PhD students wanting to print from his Mac (via AppleTalk) because they couldn't work out how to configure their Linux /etc/printcap files to access the network printer they wanted to use via IP, and he decided it was time someone did something about it. Thus began a long saga, beginning with the formation of the IETF "Zero Configuration Networking" working group, and ending where we are...
Views: 9934 Google
DEF CON 23 - Patrick Wardle - Stick That In Your root Pipe and Smoke It
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now. Speaker Bio: Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. In his personal time, Patrick collects OS X malware and writes OS X security tools. Both can be found on his website Objective-See.com
Views: 5063 DEFCONConference
Internet Technologies - Computer Science for Business Leaders 2016
DHCP, DNS, TCP/IP, VPNs, Wi-Fi; HTTP, HTTPS; hosts, registrars
Views: 31090 CS50
Week 12
Views: 23941 CS50
OriGene Webinar Series: TissueScan cDNA Arrays
Webinar on TissueScan products -- Cancer and Normal Tissue cDNA Arrays -- how you obtain qPCR gene expression results of hundreds of human samples in 2 hours. Follow this link for more details: http://www.origene.com/qPCR/Tissue-qPCR-Arrays.aspx
Suspense: Mister Markham, Antique Dealer / The ABC Murders / Sorry, Wrong Number - East Coast
One of the premier drama programs of the Golden Age of Radio, was subtitled "radio's outstanding theater of thrills" and focused on suspense thriller-type scripts, usually featuring leading Hollywood actors of the era. Approximately 945 episodes were broadcast during its long run, and more than 900 are extant. Suspense went through several major phases, characterized by different hosts, sponsors, and director/producers. Formula plot devices were followed for all but a handful of episodes: the protagonist was usually a normal person suddenly dropped into a threatening or bizarre situation; solutions were "withheld until the last possible second"; and evildoers were usually punished in the end. In its early years, the program made only occasional forays into science fiction and fantasy. Notable exceptions include adaptations of Curt Siodmak's Donovan's Brain and H. P. Lovecraft's "The Dunwich Horror", but by the late 1950s, such material was regularly featured. http://en.wikipedia.org/wiki/Suspense_%28radio_drama%29
Views: 64325 Remember This
Ruby Conf 2013 - Opal, A new hope (for Ruby programmers)
By Forrest Chang A short time ago, in an internet not far away ... It is a period of Javascript revolution. Rebel Ruby coders, striking from an obscure repository, have won significant victories against evil Javascript Empire. During the battle, Rebel Ruby coders have managed to duplicate the Empire's ultimate weapon, the use of the same language on both server and client sides, but this time with a language with enough meta programming power to make the most elegant DSLs on the planet. Pursued by myriad Javascript options, the Rebel Coders race home to their repositories, custodian of the code that can save their people and restore freedom to Ruby Coders everywhere. --- Do you have mixed feelings about the Javascript Revolution? It is a truly exciting time with many options and opportunities. Unfortunately, the language of this revolution is Javascript. "Javascript is the path to the dark side. Javascript leads to anger. Anger leads to hate. Hate leads to suffering." - Yoda, if he were a coder With all this Javascript goodness, what's a Ruby programmer to do? One word - Opal. Opal is a source to source ruby to javascript compiler, corelib and a runtime implementation that currently passes 1716 rubyspecs w/a reachable goal of passing them all. You might be thinking, yet another language that compiles down to Javascript. Why should you as a Ruby Coder board care? Matz once wrote: "For me the purpose of life is partly to have joy. Programmers often feel joy when they can concentrate on the creative side of programming, So Ruby is designed to make programmers happy." As another Ruby, Opal is designed to make programmer's happy Here's the top 8 reasons why Opal will make you, the Ruby programmer, happy 1. It's just Ruby, and a viable one 2. Greenspun's 10th Rule, Opal Edition 3. Solves things the Ruby way, making the programmer happy 4. Frameworks, we don't need no stinking frameworks (but we have some) 5. Tools you already know and love 6. Easy integration with Ruby web frameworks 7. Awesome In Browser tools 8. New possibilities This talk will go over those 8 reasons and more. There will be live code demonstrations. Opal, this might just be the droid you're looking for. You'll laugh, you'll cry, you'll kiss Javascript goodbye. Coming a computer near you. Help us caption & translate this video! http://amara.org/v/FG40/
Views: 6563 Confreaks
Words at War: Barriers Down / Camp Follower / The Guys on the Ground
Alfred Friendly (December 30, 1911 -- November 7, 1983) was an American journalist, editor and writer for the Washington Post. He began his career as a reporter with the Post in 1939 and became Managing Editor in 1955. In 1967 he covered the Mideast War for the Post in a series of articles for which he won the Pulitzer Prize for International Reporting in 1968. He is credited with bringing the Post from being a local paper to having a position of national prominence. Friendly was born in Salt Lake City. After graduating in from Amherst College in 1933, he came to Washington, DC to look for work. A former professor who worked in the Commerce Department hired him, but his appointment to a high position at such a young age earned him criticism in the press and he resigned. For the next year he travelled the country in the middle of the Depression, eventually returning to become a reporter at the Washington Daily News, writing a column for government employees. Less than two years later he was hired to write the same kind of column for the Post, where he was soon assigned to cover war mobilization efforts and anti-war strikes. When World War II broke out he entered the Army Air Force, rising to the rank of Major before leaving in 1945. While in the military he was involved in cryptography and intelligence operations, finally becoming the second in command at Bletchley Park, and the highest ranking American officer there. After the war he remained in Europe as press aide to W. Averell Harriman supervisor of the Marshall Plan. A year later he returned to Washington and to the Post, where he became assistant managing editor in 1952 and managing editor in 1955. In 1966 he became an associate editor and a foreign correspondent based out of London. Hearing rumors of war in 1967 he headed to the Middle East where he was present throughout the 1967 War and wrote his series of award winning articles. He retired from the Post in 1971, though he continued writing occasional editorials and book reviews. During his retirement he wrote several books, and after his death the Alfred Friendly Foundation was established. It administers the Alfred Friendly Press Fellowships to bring foreign journalists to the United States for internships at prominent newspapers. The Archives and Special Collections at Amherst College holds a collection of his papers. http://en.wikipedia.org/wiki/Alfred_Friendly
Views: 144386 Remember This
Week 9, continued
Views: 22655 CS50