Proof of Concept Filmmakers Debut at L.A. Showcase: ‘These Helmers Can Start Shaping and Remaking the Industry,’ Says Cate Blanchett
#Variety #Events #News #ProofofConcept
Variety · Cate Blanchett's Proof of Concept Debuts Short Films at LA Showcase
Recent searches
Search options
Administered by:
#proofofconcept
0 posts0 participants0 posts today
#KINews #Retröt
#Gartner prognostiziert, dass 30 % der generativen #KIProjekte nach dem #ProofofConcept (PoC) abgebrochen werden. Aber das ist auch gut so: Ein #PoC ermöglicht es Unternehmen, #Risiken und #Machbarkeit frühzeitig zu bewerten, #Kosten zu sparen und wertvolle Erfahrungen zu sammeln. So lassen sich ineffiziente Projekte stoppen, bevor sie teurer werden. Ausprobieren lohnt sich und Abbrechen ist manchmal der bessere Weg.
https://tino-eberl.de/ki-news/gartner-30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/
Tino Eberl · Gartner: 30 % der KI-Projekte werden nach PoC abgebrochen: Ja, gut so!
More from 
Tino Eberl
Replied in thread
You've convinced me! Bringing back extinct lichen is a great way to do proof of concept for bringing back extinct organisms, 
Gib niemals einem kleinen Geist Macht über ein großes Land.
Today, I built a Proof of Concept: a dynamic cryptocurrency miner! The idea was to use idle hardware resources to mine crypto. 
BUT... after some testing, I realized it's not worth it in Germany due to high energy costs 
and low crypto prices 
.
Check it out here (but I don’t recommend using it 
):
GitHubGitHub - kevinveenbirkenbach/dynamic-miner: Automated Ethereum mining setup using Docker and a GPU/CPU monitoring script. Includes a Docker Compose file for an Ethereum miner container and a Bash script to start/stop mining based on system usage thresholds, ensuring efficient resource utilization. Perfect for idle-time mining.Automated Ethereum mining setup using Docker and a GPU/CPU monitoring script. Includes a Docker Compose file for an Ethereum miner container and a Bash script to start/stop mining based on system u...
https://positive-intentions.com/blog/introducing-decentralized-chat
id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.
im not an expert on #cyberSecurity. im sure there are many gaps in my knowlege in this domain.
using #javascript, i initially created a fairly basic #chatApp using using #peerjs to create #encrypted #webrtc #connections. this was then easily enhanced by exchanging additional #encryption #keys from #cryptography functions built into browsers (#webcrypto api) to add a redundent layer of encryption. a #diffieHelman key #exchange is done over #webrtc (which can be considered #secure when exchanged over public channels) to create #serverless #p2p #authentication.
- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have #openedSource my #cryptography module. its basically a thin wrapper around vanilla cryptography functions of a #browser (webcrypto api).
- another concern for my kind of app (#PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for #selfhosting. selhosting this app has some unique features. unlike many other #selfhosted #projects, this app can be hosted on #githubPages (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.
- to prevent things like browser extensions, the app uses strict #CSP headers to prevent #unauthorised code from running. #selfhosting users should take note of this when setting up their own instance.
- i received feedback the #Signal/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the #complexity by working with #webrtc. while it has its many flaws, i think risks can be reasonable mitigated if the #cryptography functions are implemented correctly. (all data out is #encrypted and all data in is #decrypted on-the-fly)
- the key detail that makes this approach unique, is because as a #webapp, unlike other solutions, users have a choice of using any #device/#os/#browser. while a webapp can have nuanced #vulnerabilities, i think by #openSourcing and providing instructions for #selfhosting and instructions to #build for various #platforms, it can provide a reasonable level of #security.
i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the #frontend and the peerjs-server to be #hosted #independently, im on track for creating a #chatSystem with the "fewest moving parts". i hope you will agree this is true #p2p and i hope i can use this as a step towards true #privacy and #security. #security might be further improved by using a trusted #VPN.
while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find #bestPractices for the functionalities i want to achieve. in particular #security practices to use when using #p2p technology.
(note: this app is an #unstable, #experiment, #proofOfConcept and not ready to replace any other app or service. It's far from finished and provided for #testing and #demo purposes only. This post is to get #feedback on the progress to determine if i'm going in the right direction for a secure chat app)
positive-intentions.com · Introducing Decentralized Chat | positive-intentionsAre you tired of compromising your privacy and security when sharing files online? What if there was a way to transfer data that was not only secure and efficient but also put you in complete control? Imagine a file sharing solution that combines cutting-edge encryption with the power of decentralized technology, all while being accessible from any device.
#Gartner prognostiziert, dass 30 % der generativen #KIProjekte nach dem #ProofofConcept (PoC) abgebrochen werden. Aber das ist nicht unbedingt schlecht: Ein #PoC ermöglicht es Unternehmen, #Risiken und #Machbarkeit frühzeitig zu bewerten, #Kosten zu sparen und wertvolle Erfahrungen zu sammeln. So lassen sich ineffiziente Projekte stoppen, bevor sie teurer werden. Fazit: Ausprobieren lohnt sich und Abbrechen ist manchmal der bessere Weg.
https://tino-eberl.de/ki-news/gartner-30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/
Tino Eberl · Gartner: 30 % der KI-Projekte werden nach PoC abgebrochen: Ja, gut so!
More from Tino Eberl
@panic #Audion (Viewer) as #AppleMusic controller is just awesome!
There is a github repo with some basic changes need to do to make it work: https://github.com/zydeco/audion/tree/applescript
I build my self a version based on the lastest sources (https://gitlab.com/panicinc/audion).
Sadly there are a few bugs. For example:
- The scrolling song title breaks out
- The interface settings dialog doesn’t work - it’s just a placeholder
Replied in thread
@lunch So you just admitted that you vomitted #FUD into my mentions without evidence?
If you're so smart, then why don't you sell your #exploit / #ProofOfConcept / #Whitepaper to the highest bidder?
- I'm shure #Zerodium and all the LEAs would try to outbid each other...
Alas, your messages are just hot air, and not substantiated by anything...
At best your info is 2+ years outdated...
#CateBlanchett Is #Pushing for More #Funding for #Women and #LGBTQ #Filmmakers, but She Wants to Know Why Nobody Asks #Men How to Fix It
The #Oscar-#winning #actor was joined at #Cannes by her #ProofofConcept #cofounders #CocoFrancini and Dr. #StacySmith
#Women #Transgender #LGBTQ #LGBTQIA #Entertainment #Movies #Representation #Culture
Variety · Cate Blanchett on Women and LGBTQ Representation in Movies
Replied in thread
Palo Alto Networks released additional details about CVE-2024-3400: the fact that it is a combination of two bugs in PAN-OS; how an attacker was exploiting it; how disabling telemetry initially worked; and how they fixed it. The timeline from discovery to remediation encompasses the whole blog post. Overall a comprehensive after-action review from a company that notified the public almost immediately of an exploited zero-day. 
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
Palo Alto Networks Blog · More on the PAN-OS CVE-2024-3400
Replied in thread
Zscaler observed exploitation of the Palo Alto Networks PAN-OS command injection zero-day vulnerability CVE-2024-3400 following the release of the PoC exploit code. Zscaler provides an attack flow diagram, and a technical analysis of the Upstyle backdoor and its layers. IOC provided. https://www.zscaler.com/blogs/security-research/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis
www.zscaler.comA Look at CVE-2024-3400 Activity and Upstyle Backdoor Technical AnalysisDelve into CVE-2024-3400, a zero-day command-injection flaw in PAN-OS. Uncover exploitation trends in Zscaler's intelligence network and a Python-based backdoor
Continued thread
Cisco released 3 security advisories:
- CVE-2024-20356 (8.7 high) Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability
- CVE-2024-20373 (5.3 medium) Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability
- CVE-2024-20295 (8.8 high) Cisco Integrated Management Controller CLI Command Injection Vulnerability
Please note that a proof of concept was publicly disclosed for CVE-2024-20295 before it was patched, making this a zero-day. The Cisco PSIRT is not aware of any malicious use of the vulnerabilities that were described in these advisories. But don't take my word for it, go check them out yourself.
CiscoCisco Security Advisory: Cisco Integrated Management Controller Web-Based Management Interface Command Injection VulnerabilityA vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb
Cisco zero-day (PoC publicly disclosed): Cisco Integrated Management Controller CLI Command Injection Vulnerability CVE-2024-20295 (8.8 high) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.
CiscoCisco Security Advisory: Cisco Integrated Management Controller CLI Command Injection VulnerabilityA vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
Replied in thread
TrustedSec CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that 149.28.194.95 was attempting to exploit CVE-2024-3400
Replied in thread
In case you missed it, Palo Alto Networks updated their security advisory in terms of product and mitigation guidance, exploit status, and PAN-OS fix availability: https://security.paloaltonetworks.com/CVE-2024-3400
- Exploitation status: Proof of concepts for this vulnerability have been publicly disclosed by third parties.
- Workarounds and mitigations: In earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.
- Solution:
- - 10.2.6-h3 (Released 4/16/24)
- - 11.0.3-h10 (Released 4/16/24)
- - 11.0.2-h4 (Released 4/16/24)
- - 11.1.0-h3 (Released 4/16/24)
Palo Alto Networks Product Security Assurance · CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtectA command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurat...
Akamai provides vulnerability details on CVE-2023-35628 (8.1 high, disclosed 12 December 2023 by Microsoft, Windows MSHTML Platform Remote Code Execution Vulnerability), which they describe as "Windows path parsing memory corruption." They start with the background of the exploited zero-day from March 2023: CVE-2023-23397 and how MapUrlToZone adds a new attack surface. The blog post includes a proof of concept for CVE-2023-35628 and a warning that more MapUrlToZone bypasses may exist. https://www.akamai.com/blog/security-research/critical-vulnerability-create-uri-remote-code-execution
watchTowr posts a scathing review of IBM for not updating their dependencies, allowing for the QRadar SIEM product to be vulnerable to CVE-2022-26377 (7.5 high, disclosed 08 June 2022 by Apache) an AJP (Apache JServ Protocol) smuggling vulnerability. The article is a deep-dive into the product, the vulnerability and discovering it. Scroll to the tl;dr to see the impact. watchTowr also has a proof of concept https://labs.watchtowr.com/ibm-qradar-when-the-attacker-controls-your-security-stack/
If you follow our leading words, this would allow threat actors (or watchTowr's automation) to assume the session of the user and take control of their QRadar SIEM instance in a single request.
Flagship security software from IBM.
watchTowr Labs - Blog · IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377)Welcome to April 2024.
A depressing year so far - we've seen critical vulnerabilities across a wide range of enterprise software stacks.
In addition, we've seen surreptitious and patient threat actors light our industry on fire with slowly introduced backdoors in the XZ library.
Today, in this iteration of 'watchTowr
Scientists say they can cut HIV out of cells
https://www.bbc.com/news/health-68609297 #health #technology #CRISPR #gene—editing #HIV #ProofOfConcept
www.bbc.comScientists say they can cut HIV out of cellsThe gene-editing method used might ultimately offer a way to remove HIV, experts say.