USB Watchdog Card Module Timer Bitcoin Blue Screen ...

How To know what a VPN is

If you only read one part of this, read the overview
There's been a serious uptick in the last few weeks of posts in this and related subreddits about VPNs and other ways to protect yourself online. The reason is because the American Congress has recently voted to repeal a law protecting consumer privacy. I'll talk about that later, but these posts have been heavily poor in quality. The reason is that these posts have been making incorrect or unjustifiable claims. The goal of this post is to help correct some of that.
Since people usually like to talk about their qualifications, I'll start with mine. I've done L1 tech support for a few months, I'm studying for the CCNA (an important networking certification), and I'm fairly paranoid.
This post is going to have three sections: What is a VPN? What is the best VPN? and context for the recent discussion about VPNs. If you want to learn more, check /VPN, /Security, and /Privacy as they're the experts.
With that said, let's begin.

Overview

A VPN is a paid service that you can use to hide not just what data you are sending, but also where you are sending it to. A VPN does this by forwarding all data to a companies server which then sends it anonymously to your destination. This is not the same as Tor, which uses a series of middle men to obscure where your data is going. This is also not the same thing as encryption via a solution like SSL, which will hide what you are sending, but not where it is going.
Also, no VPN is perfect, and any security solution which claims otherwise is lying to you. A paid VPN has an incentive to keep your data private, but a free one (looking at your, Hola) will sell your data just as happily as your ISP.
Also, Congress didn't repeal a law already in effect. They just changed their mind on a law going into effect that would have prevent the (already legal) practice of your ISP selling your bulk anonymized browsing data. They are selling advertisers the general browsing habits of (for example) your whole zip code, not you specifically.

What is a VPN?

The basic idea of a VPN is simple: it is a way of using a public network to connect to a private network. Depending on your job, you may work from home and need to access resources normally only available from the companies intranet. With a properly configured VPN you can sit at your home and connect to the companies internet.
How? Well, that would get into the details of how networks work at a level I don't feel like getting into. But imagine it like trying to send a letter from your home to a specific office in your work: you send your letter (data) to the company's office where it is routed to the appropriate person by the office's mail room.
When you see explanations of networking concepts you'll usually see it compared to the postal system. It isn't a perfect analogy, but it works pretty well.
Imagine regular networking is like putting a post card in your mail box, and getting a post card back: what protects your privacy is that no one is trying to see what you're sending. But, the post office/your ISP definitely knows what you're sending and who you're sending it to, and anyone with the inclination can set themselves up to monitor your network in real time and see what you're saying. In the post office comparison, this would be someone going to your mail box after your drop your letter off so they can read your mail. In networking this is called a man in the middle attack.
Encrypting your data (such as with SSL) is like sending/receiving letters in envelopes: anyone who wants to can see that you are sending/receiving data and to who, but only the end points can see the contents. Meaning, the post office and the person reading your mail knows you've sent a lot of letters to a particular address, but they cannot see what those letters say.
Like with an envelope, encryption isn't perfect. There's a huge array of encryption methods, and they have various degrees of difficulty of breaking, but they can all be broken. No encryption is perfect.
Tor is like sending an envelope to a friend of yours, who passes it a third person, who sends it to a fourth person, who then delivers it themselves. The post office/man in the middle knows that you are sending data, but they cannot know who it is being sent to or what it says. However, the process massively slows down your browsing speed because each of those steps takes up a bunch of time. Also, it won't work if you're sending a package, which is an awkward way of extending the metaphor to say it only works with your browsing, it won't protect anything you torrent, and generally speaking, Tor only works with browsing. Any web app you have sits out in the open.
A VPN is like sending every bit of mail in a specific envelope to a non-descript building downtown, which then pulls off the envelope, then puts it in a new envelope and sends that letter to the destination. When they get a response (since the response will be sent to them), they wrap it in a new envelope which hides who sent the letter to them, and then they send it to you. Like with Tor, this hides who you are sending/receiving data from largely by sending it to a middle man. The difference is that a VPN does this directly, while Tor does it through a series of middle men (called nodes), so a VPN is going to be generally much faster.
You may be thinking that the layered approach Tor takes makes it more secure, but that's not strictly true. There has been quiet a bit of concern among people in security about the very real possibility that the FBI or other intelligence agencies have been monitoring Tor exit nodes, which could let them monitor who is sending/receiving what data. In the above comparison, it would be like if one of the people in the chain was opening every letter handed to him and reading it before sending it along the chain. The reason that's possible is because Tor is a volunteer thing, anyone who wants to participate can, and that includes the CIA. But because VPNs are private for profit companies, they generally have an incentive to keep things above board.
In short a VPN is you sending data to a company's server where it is anonymized and sent to the destination, the destination then responds to that server, where the data is sent back to you. This prevents people listening in to figure out who you are sending data to, and the encryption prevents anyone from listening in from knowing what is being said.

What is the best VPN?

Trick question, there isn't one.
The best comparison site you will find for VPNs is this massive chart on ThatOnePrivacySite which lists almost 200 VPNs. There is a massive array of options to meet your various needs. I use Linux, so an option that doesn't have Linux support is useless to me. I don't give a shit about BitCoin, so I won't select a VPN based on whether or not it takes Bitcoin.
But definitely, definitely, do not use a free VPN. There's a phrase you might have heard before: if you aren't paying for it, you're not the customer, you're the product. That's not always true, but it's definitely true with VPNs. A service like Hola is free and works to get around geotagging, but your browsing details are getting sold to advertisers.
So how do you know what kind of VPN do you need?
If you just don't want your ISP to know what you're doing or to make it harder for hackers to figure out what you're doing, get a cheap VPN with decent encryption and you'll be fine. Want to turn off geotagging because you're Brazilian and want to watch American Netflix, get a cheap VPN that has servers in multiple countries. If you want to do things you think the CIA might be interested in (like if you want to write a book about a terrorist plot and are concerned that googling 'al Qaeda bomb making' will get you put on a list), read about the Five Eyes (and Nine Eyes and Fourteen Eyes) and Enemies of the Internet, and get a VPN in a country that doesn't cooperate with the Fourteen Eyes and isn't an Enemy of the Internet.
In brief, the Five Eyes is a group of countries (including the US) that have agreed to spy on each other and then share that data with each other. The CIA cannot spy on US citizens, but the British can spy on US citizens and then share their findings with the CIA. The Nine Eyes and Fourteen Eyes are supersets of Five Eyes. The "Enemies of the Internet" are countries that international watchdogs have said engage in censoring and manipulation of the internet and therefore cannot be trusted. These groups should be avoided because if you're using a British VPN to avoid the CIA, well MI6 can get a warrant for the VPNs habits and then share your records with the CIA. If you base your VPN in China, then China owns the VPN and is definitely watching what you do. On that note, the company that owns the Opera web browser is Chinese. So... You know. Avoid the Opera web browser.
Also, logs. Make sure they aren't retaining logs of you habits.

Context for Recent VPN discussion

There are two bits that need to be explained: what the law means, and why I'm upset about the discussion.
Alot of the recent discussion has been acting as if Congress repealed an existing law, that this is someone that was illegal, and punishable. That is not the case. There was a law previously passed, but not yet in effect, which says that your ISP cannot sell the browsing habits of their customers. The recent law in Congress just says "yeah, never mind". And they aren't selling your specific browsing habits, but a block of anonymized browsing habits. Instead of saying "Dick R. Schmuckately spent 6 hours facebook stalking their ex on 3 March 2017" it'll be "residents of this county spent spent an average of 45 minutes of this hour on Facebook". For ISPs to get more specific, Congress would have to repeal an entirely different law.
If you've ever seen articles with titles like "states that spend the most amount of time watching porn" there's a chance that data was collected by purchasing browsing habits from ISPs. I cannot guarantee it, obviously, but it's certainly a route.
That's part of what irritates me, it's people misrepresenting what's happening. It's also people making grossly inaccurate statements about how to protect yourself. First of all, no encryption is perfect. Second of all, using a VPN doesn't mean you cannot be tracked, it just means doing so would be a huge pain in the ass. Any service that claims to be perfectly capable of protecting you is lying. Additionally, several posts have suggested that SSL (an encryption method) is the same as a VPN, but it's not. Others have said that Tor is equivalent to getting a VPN, but it's not. These are valid and useful things, depending on your needs, but they are not equivalent to a VPN.
It's fine, totally fine and understandable, not understand the difference between Tor and a VPN, or to think that encryption is equivalent to a a VPN in terms of protecting your browsing habits. I don't think there are many technical people who will disagree with me on that. We don't mind correcting small errors in what people say (and I'm sure someone will do that with my post). What we mind, what pisses us off, is when someone says something that is misleading or just plain wrong.
If you don't know something technical, learn how to ask questions the smart way and we'll hook you up.
submitted by HumanMilkshake to howto [link] [comments]

TPT: What is and is not a VPN

If you only read one part of this, read the overview
There's been a serious uptick in the last few weeks of posts in this and related subreddits about VPNs and other ways to protect yourself online. The reason is because the US Congress has recently voted to repeal a law protecting consumer privacy. I'll talk about that later, but these posts have been heavily poor in quality. The reason is that these posts have been making incorrect or unjustifiable claims. The goal of this post is to help correct some of that.
Since people usually like to talk about their qualifications, I'll start with mine. I've done L1 tech support for a few months, I'm studying for the CCNA (an important networking certification), and I'm fairly paranoid.
This post is going to have three sections: What is a VPN? What is the best VPN? and context for the recent discussion about VPNs. If you want to learn more, check /VPN, /Security, and /Privacy as they're the experts.
With that said, let's begin.

Overview

A VPN is a paid service that you can use to hide not just what data you are sending, but also where you are sending it to. A VPN does this by forwarding all data to a companies server which then sends it anonymously to your destination. This is not the same as Tor, which uses a series of middle men to obscure where your data is going. This is also not the same thing as encryption via a solution like SSL, which will hide what you are sending, but not where it is going.
Also, no VPN is perfect, and any security solution which claims otherwise is lying to you. A paid VPN has an incentive to keep your data private, but a free one (looking at your, Hola) will sell your data just as happily as your ISP.
Also, Congress didn't repeal a law already in effect. They just changed their mind on a law going into effect that would have prevent the (already legal) practice of your ISP selling your bulk anonymized browsing data. They are selling advertisers the general browsing habits of (for example) your whole zip code, not you specifically.

What is a VPN?

The basic idea of a VPN is simple: it is a way of using a public network to connect to a private network. Depending on your job, you may work from home and need to access resources normally only available from the companies intranet. With a properly configured VPN you can sit at your home and connect to the companies internet.
How? Well, that would get into the details of how networks work at a level I don't feel like getting into. But imagine it like trying to send a letter from your home to a specific office in your work: you send your letter (data) to the company's office where it is routed to the appropriate person by the office's mail room.
When you see explanations of networking concepts you'll usually see it compared to the postal system. It isn't a perfect analogy, but it works pretty well.
Imagine regular networking is like putting a post card in your mail box, and getting a post card back: what protects your privacy is that no one is trying to see what you're sending. But, the post office/your ISP definitely knows what you're sending and who you're sending it to, and anyone with the inclination can set themselves up to monitor your network in real time and see what you're saying. In the post office comparison, this would be someone going to your mail box after your drop your letter off so they can read your mail. In networking this is called a man in the middle attack.
Encrypting your data (such as with SSL) is like sending/receiving letters in envelopes: anyone who wants to can see that you are sending/receiving data and to who, but only the end points can see the contents. Meaning, the post office and the person reading your mail knows you've sent a lot of letters to a particular address, but they cannot see what those letters say.
Like with an envelope, encryption isn't perfect. There's a huge array of encryption methods, and they have various degrees of difficulty of breaking, but they can all be broken. No encryption is perfect.
Tor is like sending an envelope to a friend of yours, who passes it a third person, who sends it to a fourth person, who then delivers it themselves. The post office/man in the middle knows that you are sending data, but they cannot know who it is being sent to or what it says. However, the process massively slows down your browsing speed because each of those steps takes up a bunch of time. Also, it won't work if you're sending a package, which is an awkward way of extending the metaphor to say it only works with your browsing, it won't protect anything you torrent, and generally speaking, Tor only works with browsing. Any web app you have sits out in the open.
A VPN is like sending every bit of mail in a specific envelope to a non-descript building downtown, which then pulls off the envelope, then puts it in a new envelope and sends that letter to the destination. When they get a response (since the response will be sent to them), they wrap it in a new envelope which hides who sent the letter to them, and then they send it to you. Like with Tor, this hides who you are sending/receiving data from largely by sending it to a middle man. The difference is that a VPN does this directly, while Tor does it through a series of middle men (called nodes), so a VPN is going to be generally much faster.
You may be thinking that the layered approach Tor takes makes it more secure, but that's not strictly true. There has been quiet a bit of concern among people in security about the very real possibility that the FBI or other intelligence agencies have been monitoring Tor exit nodes, which could let them monitor who is sending/receiving what data. In the above comparison, it would be like if one of the people in the chain was opening every letter handed to him and reading it before sending it along the chain. The reason that's possible is because Tor is a volunteer thing, anyone who wants to participate can, and that includes the CIA. But because VPNs are private for profit companies, they generally have an incentive to keep things above board.
In short a VPN is you sending data to a company's server where it is anonymized and sent to the destination, the destination then responds to that server, where the data is sent back to you. This prevents people listening in to figure out who you are sending data to, and the encryption prevents anyone from listening in from knowing what is being said.

What is the best VPN?

Trick question, there isn't one.
The best comparison site you will find for VPNs is this massive chart on ThatOnePrivacySite which lists almost 200 VPNs. There is a massive array of options to meet your various needs. I use Linux, so an option that doesn't have Linux support is useless to me. I don't give a shit about BitCoin, so I won't select a VPN based on whether or not it takes Bitcoin.
But definitely, definitely, do not use a free VPN. There's a phrase you might have heard before: if you aren't paying for it, you're not the customer, you're the product. That's not always true, but it's definitely true with VPNs. A service like Hola is free and works to get around geotagging, but your browsing details are getting sold to advertisers.
So how do you know what kind of VPN do you need?
If you just don't want your ISP to know what you're doing or to make it harder for hackers to figure out what you're doing, get a cheap VPN with decent encryption and you'll be fine. Want to turn off geotagging because you're Brazilian and want to watch American Netflix, get a cheap VPN that has servers in multiple countries. If you want to do things you think the CIA might be interested in (like if you want to write a book about a terrorist plot and are concerned that googling 'al Qaeda bomb making' will get you put on a list), read about the Five Eyes (and Nine Eyes and Fourteen Eyes) and Enemies of the Internet, and get a VPN in a country that doesn't cooperate with the Fourteen Eyes and isn't an Enemy of the Internet.
In brief, the Five Eyes is a group of countries (including the US) that have agreed to spy on each other and then share that data with each other. The CIA cannot spy on US citizens, but the British can spy on US citizens and then share their findings with the CIA. The Nine Eyes and Fourteen Eyes are supersets of Five Eyes. The "Enemies of the Internet" are countries that international watchdogs have said engage in censoring and manipulation of the internet and therefore cannot be trusted. These groups should be avoided because if you're using a British VPN to avoid the CIA, well MI6 can get a warrant for the VPNs habits and then share your records with the CIA. If you base your VPN in China, then China owns the VPN and is definitely watching what you do. On that note, the company that owns the Opera web browser is Chinese. So... You know. Avoid the Opera web browser.

Context for Recent VPN discussion

There are two bits that need to be explained: what the law means, and why I'm upset about the discussion.
Alot of the recent discussion has been acting as if Congress repealed an existing law, that this is someone that was illegal, and punishable. That is not the case. There was a law previously passed, but not yet in effect, which says that your ISP cannot sell the browsing habits of their customers. The recent law in Congress just says "yeah, never mind". And they aren't selling your specific browsing habits, but a block of anonymized browsing habits. Instead of saying "Dick R. Schmuckately spent 6 hours facebook stalking their ex on 3 March 2017" it'll be "residents of this county spent spent an average of 45 minutes of this hour on Facebook". For ISPs to get more specific, Congress would have to repeal an entirely different law.
If you've ever seen articles with titles like "states that spend the most amount of time watching porn" there's a chance that data was collected by purchasing browsing habits from ISPs. I cannot guarantee it, obviously, but it's certainly a route.
That's part of what irritates me, it's people misrepresenting what's happening. It's also people making grossly inaccurate statements about how to protect yourself. First of all, no encryption is perfect. Second of all, using a VPN doesn't mean you cannot be tracked, it just means doing so would be a huge pain in the ass. Any service that claims to be perfectly capable of protecting you is lying. Additionally, several posts have suggested that SSL (an encryption method) is the same as a VPN, but it's not. Others have said that Tor is equivalent to getting a VPN, but it's not. These are valid and useful things, depending on your needs, but they are not equivalent to a VPN.
It's fine, totally fine and understandable, not understand the difference between Tor and a VPN, or to think that encryption is equivalent to a a VPN in terms of protecting your browsing habits. I don't think there are many technical people who will disagree with me on that. We don't mind correcting small errors in what people say (and I'm sure someone will do that with my post). What we mind, what pisses us off, is when someone says something that is misleading or just plain wrong.
If you don't know something technical, learn how to ask questions the smart way and we'll hook you up.
submitted by HumanMilkshake to TechnologyProTips [link] [comments]

I am Francis Pouliot, full-time Bitcoin advocate and director at the Bitcoin Embassy. I'm running for a seat of the Bitcoin Foundation board. AMA

My name is Francis Pouliot and I am a full-time Bitcoin advocate, educator, and community organizer. You may have heard of me as Director of Public Affairs at the Bitcoin Embassy, the first physical space in the world dedicated to the promotion and development of the cryptocurrency ecosystem. Fellow Canadians will recognize me as the Chief Executive Officer at the Bitcoin Foundation Canada, a pan-Canadian membership-based advocacy group dedicated to ensuring a favorable environment for Canada's cryptocurrency ecosystem.
While I may not be a famous Bitcoin investor or entrepreneur, I consider myself a large stakeholder in Bitcoin since cryptocurrency (mostly Bitcoin) represents around 90% of my assets and is effectively my only source of income. I’m also a Bitcoin miner, integration consultation and certified Bitcoin professional with C4 (passed at 96%).
The best decision of my life has been to re-orient my rapidly advancing and successful career as a policy analyst for free-market think tanks in order to dedicate myself full-time to being an active participant in the cryptocurrency revolution. I still remain to this day an active supporter of the libertarian movement through my involvement in various pro-liberty organizations - but I will never use the Foundation as a medium to promote my personal beliefs.
My general assessment of the current state of the Bitcoin
Foundation is that by pursuing too many goals, the Foundation has misallocated and mismanaged resources necessary to successfully fulfill the essential mandate of supporting technical development. It has not lived up to its potential and has disappointed many of its members, including myself. I truly believe in the Foundation’s mission to protect Bitcoin's technological infrastructure and that, in realizing this goal, it must remain an important part of the Bitcoin ecosystem. I also believe that the only essential mission of the Bitcoin Foundation, that should take priority over all others, should become and always remain the protection and development of Bitcoin’s technological infrastructure.
My platform
With humility, I propose myself as to represent my fellow individual members on the Bitcoin Foundation’s board of directors. I have the skills, values, energy and time necessary to accomplish this task successfully. As CEO of the BFC, I have knowledge of the inner-workings of the Foundation and know exactly what its problems are and the best way to overcome them. On behalf of its Canadian members, I have attempted to act as a watchdog, being critical of its work and suggesting reforms directly to staff members.
If I am elected, I pledge to continue this role on behalf of all individual members. I now ask for your support so that I may obtain the necessary powers to bring the Foundation to implement the following:
After having discussed with Patrick Murck, I believe that he is the most capable Executive Director that the Foundation could have at the moment. I also believe that we share the same broad vision as to where the Foundation should be heading and as your representative I will support him in his undertaking to bring the Foundation back to its roots.
Nature and role of the Bitcoin Foundation – some thoughts
(On this point I particularly oppose candidates Cody Wilson, Olivier Janseen and Colin Gallagher)
The Bitcoin Foundations, as a private organization, is a platform through which individual and corporate members can voluntarily coordinate and implement their common interests. It does not, nor should it attempt to or claim to, represent the entire Bitcoin community. Although it provides a public service, it is only accountable to its members.
That being said, there is no doubt that the (uninformed) general public’s perception of the Foundation will taint its perception of the entire Bitcoin community by proxy. In addition, the Foundation’s technical team has a large influence on the development process and its actions will have an effect on the entire Bitcoin community, whether they are members of the Foundation or not. As such, the Foundation has moral responsibilities that other private membership-based organizations do not and should act with this specificity in mind.
The Bitcoin community and ecosystem are extremely diverse. In my opinion, there is only one common interest amongst all members of our community: the continued existence and expansion of a healthy technical development process which will ensure the continued decentralization and scalability of the Bitcoin network. I believe that this is also true within the Bitcoin Foundation membership.
I think the idea that the existence of a “centralized institution” such as the Foundation is contradictory with the decentralized nature of Bitcoin is beyond ridiculous. Nor is it contradictory with the crypto-decentralization movement to which I personally identify myself with. In fact, there can be no decentralization movement if individuals and corporations do not coordinate their interests via some form of organization. While it is certainly likely that such associations and organizations will eventually take the form of Decentralized Autonomous Corporations, I do not believe the necessary technology has been developed to a degree which makes this option a logical choice for the Foundation (and probably won’t for the next couple of years).
Let’s be clear: the Bitcoin Foundation should never, under any circumstance, attempt to impose any agenda or barrier to entry whatsoever on members and non-members alike via the coercive power of government.
Also, the Bitcoin Foundation should not attempt to assert a monopoly over the technical development process. I am extremely happy to see private corporations such as Blockstream and Bitpay contribute to this process, and am even happier to see that individuals are still contributing their time on a voluntary basis. However, I think a large part of development should be undertaken by non-profit organizations in order to ensure some form of neutrality.
Final thoughts – regulation
As a libertarian, I am naturally against regulation. I do not intend to idly stand by while arbitrary decrees are imposed upon us, and, as such, I believe that stakeholders such as individuals, private corporations or local Bitcoin advocacy groups should actively engage government officials and regulators to ensure that no discriminatory regulation or legislation concerning Bitcoin occurs.
Under no circumstance should technology-specific regulation such as the BitLicenses be tolerated. Moreover, government decrees that are in effect discriminatory (such as the “double taxation” of bitcoins via sales taxes) should be fiercely opposed. Innovation does not require permission.
However, as we lobby for government not to discriminate against Bitcoin, we must also realize that Bitcoin does not and should not operate in a legal vacuum. Bitcoin business models that mimic legacy business models (such as currency exchanges) should be regulated in the same way as their fiat counterparts. For example, a Bitcoin exchange should comply to financial regulation in the same way as a fiat exchange. If we demand not to be discriminated against, we must also acknowledge that we can’t have special treatment just because we do not believe in the validity of the laws that apply to us.
I do realize that compliance requirements of the legacy fiat financial industry are often outdated and that the cryptocurrency ecosystem will come up with its own innovative solutions for KYC/AML. These solutions are to be encouraged and, ideally, they will become the standard not only for cryptocurrency businesses but for the entire financial industry.
Bitcoin is like an economic trojan horse – if we really want the cryptocurrency revolution to happen, it is crucially important that there be an economic infrastructure with exchanges, payment processors, brokers, financial products, etc. This is the key to mainstream user adoption and this will only occur if we play by the rules. Government can’t stop Bitcoin but it can certainly greatly slow down progress by enforcing its power on the individuals and corporations that compose the Bitcoin economic ecosystem, something even the most anarchic members of the community should realize.
(On this point I particularly oppose candidate Jim Harper)
It seems to me that the Foundation has an “identity crisis” because its mandate is simply too broad. It cannot be at the same time a “Linux Foundation-style” organization and a lobby group such as the Digital Chamber of Commerce or think tank such as Coin Center. Because it has given itself too many goals, each goal has been inefficiently carried out.
The Foundation’s involvement in lobbying has considerably contributed to its negative perception by the community, which means less membership and less revenue. This means that there are fewer and fewer financial resources available for technical development. I believe that retreating from active political lobbying may reverse this trend.
The main reason is strictly based on pragmatism and resource allocation. There are various groups all over the world, including in the United States, who are actively involved in the fight against discriminatory or excessive Bitcoin regulation. The void that the Bitcoin Foundation had attempted to fill when it initially got into lobbying clearly does not exist anymore. However, there are no other non-profit organization involved in supporting technical development, so that in that area there is a very real void.
Finally, policy is inherently local and jurisdictional while the Foundation aims to be a global organization. I don’t think non-US members appreciate that their contributions are being spent on lobbying in Washington while the Foundation does nothing to prevent their own governments from obstructing the progress of Bitcoin.
10 reasons you should vote for me
You can reach me at [email protected] or at 1 855 922-3622.
I'll be answering all day, at least until 6 PM EST, or however long this stays on the front page!
submitted by FrancisPouliot to Bitcoin [link] [comments]

Blindspot Whitepaper: Specialized Threat Assessment and Protection (STAP) for the Blockchain

BlindSpot™
Stop attacks before ”zero day” and stop the Advanced Persistent Threat (APT)
We live in a dangerous world — our information technology systems face that danger every single day. Hackers are constantly attempting to infiltrate systems, steal information, damage government and corporate reputations, and take control of systems and processes.
Hackers share and use a variety of tools and techniques to gain access to, and
maintain access to, IT systems, including groups and techniques so dangerous
they have their own category - the Advanced Persistent Threat (APT). At the
center of the APT are sophisticated techniques using malware to exploit vulnerabilities in systems. Traditional cyber security technologies use file signatures to locate these tools and hacker malware, but hackers are now actively camouflaging their tools by changing, customizing, and “morphing” them into new files that do not match any known signatures (‘Polymorphic Malware’). This introduces a massive gap in malicious file detection which leaves the enterprise open to exploitation — and it’s just not possible for traditional signature-based systems to keep up. In fact, signature-based anti-virus and anti-malware systems are only around 25% effective today. BlindSpot™ sees through it all, even as the files morph and change in a futile attempt to remain camouflaged.
Digital File Fingerprints
Any File Type, Any Language, Partial Matches, Exact Matches
BlindSpot™, the adaptive security solution from BlindSpot™, can see through the
Polymorphic camouflage used by the worlds most advanced hackers by utilizing
digital file fingerprints and our proprietary adaptive BlindSpot™ ‘brain’ that constantly analyzes the fingerprints of known malicious files and tools to locate partial matches within the files on your systems - servers, laptops, desktops, USB drives, and even mobile devices. BlindSpot™ can cut right through the Polymorphic files, revealing the true hacking tools underneath, even if they are only fragments or pieces of a more complete set of hacking tools and technologies.
Most cyber attacks happen weeks or even months after their initial penetration and access to a network or system, and even the simplest attacks tend to have a fuse that is typically several days. It takes them time to map out a system, probe for the information they want, and obtain or forge credentials with the type of access they need. But from the moment their tools first land on your network and systems, BlindSpot™ sees them. If fact, BlindSpot™ can see them sitting on a newly inserted USB drive even if the files are not copied to your systems. This means BlindSpot™ can identify and alert you to malicious files and potential illicit activities before the attack happens - before zero day!
How does BlindSpot™ work? BlindSpot™ sits on the endpoint and continuously monitors file activity. Digital fingerprints, which can be used to find partial matches of any file type in any language, are reported back where they are kept forever in a temporal repository.
BlindSpot™ looks through all of the digital fingerprints — both those from files on your systems and those in a constantly updated database of known malicious files and hacking tools, to locate and alert you to any indication of hacking, malicious files, or illicit activity. BlindSpot™ is a disruptive technology that can see polymorphic malware and stop attacks before zero day.
Digital File Fingerprints are created from a file or a piece of digital data/information by using advanced mathematics to look at all of the small pieces of data that make up the file to create a very small, unique piece of mathematical data — a digital file fingerprint. Files may be of any file type and in any language - digital fingerprints can find partial and exact matches regardless of what is in the file itself.
Just like with humans, once a fingerprint has been taken, you no longer need the
person to identify them. The fingerprint is enough. Even a partial fingerprint is
enough, and sometimes a smudge will do. Digital fingerprints work on the same
principle. Once BlindSpot™ has taken a digital fingerprint of a file, the file is no longer needed to identify it or to compare it with other files. And because digital fingerprints are tiny, they are easy to store. Even a multi-gigabyte file has a digital fingerprint that is no larger than 10k bytes.
Once you have two sets of digital fingerprints, you can compare them. Because BlindSpot™ starts with full fingerprints of known malicious files, it can identify matching files even when the digital fingerprint is only partially there. And with BlindSpot™’s advanced processing capabilities, file fragments, recovered data from a hard drive, partially downloaded documents, damaged files (both intentional and accidental) and other incomplete file structures can be properly fingerprinted in a way that still allows matches to be found.
Other technologies and software use static signatures, which do not work if any part of a file, regardless of how small, is different from another, or if the file is damaged in any way. BlindSpot™ and digital fingerprints enable partial matching, and can see through the camouflage that has become the industry standard for hackers across the globe. Static signature based solutions simply cannot do this.
Imagine your favorite detective drama on TV. The prosecutor says “This partial
fingerprint was found at the crime scene and the video camera across the
street recorded a perfect image of the person’s face.” The jury deliberates and
compares the picture and fingerprints of the defendant that were taken the day
before. They conclude, because the fingerprint was not all there and was not 100% identical, and because one picture showed a mustache that looked identical but was one millimeter longer than the other picture, that the two people were not identical - and set the criminal free. Well, that show wouldn’t be on TV long because crime would run rampant. Now imagine they had BlindSpot™. Criminals would be caught, the town would be a much safer place, and the show would be on for years to come.
Now imagine your network and systems without BlindSpot™, where traditional
exact match signature software is on your front line of defense. All kinds of
malicious files could walk right through and sit down on your hard drives, just
waiting for hackers to activate them. But you don’t have to imagine what your
systems would be like with BlindSpot™ — instead, simply contact us, get BlindSpot™ in place, and we’ll work with you to show you what’s really on your systems and help you keep those systems safe.
Ensuring System Compliance
Take the guesswork out of compliance assessment
All Government systems go through Certification and Accreditation. BlindSpot™ can help you with malicious code protection, for both security considerations and required compliance. Guidelines found in NIST 800-53 Revisions 3+ Security Requirements for System Integrity, SI-3 Malicious Code Protection, state that malicious code protection mechanisms must be employed at information system entry and exit points, including workstations, notebook computers, and mobile devices, to detect and eradicate malicious code.
BlindSpot™, with its continuous monitoring of the files on your endpoints and its
continuous updating of its known malicious file repository, will provide the
required real-time and full monthly re-scans of your files, will alert your
administrative staff when malicious code is found, will provide reports on
potential malicious files, illicit activity, and follow-up with very short false positive reports. BlindSpot™’s false positive rate is less than 0.01%. BlindSpot™ helps organizations meet the security requirements set forth and ensure compliance.
Intellectual Property Protection
Track sensitive information as it changes and moves around the enterprise
BlindSpot™ uses digital file fingerprints to identify partial and exact matches between files, regardless of file type or language. This ability can be used to track movements of and changes to files on a network of computers.
Government entities and corporations need to addresses the issue of monitoring
documents and files that contain sensitive information intellectual property, and it
is no longer sufficient to simply store them on a secure server and require specific credentials to access the information. People, both unintentionally and sometimes with malicious intent, copy and paste parts of documents, move files to USB drives, and otherwise edit and transfer files in order to get them on to a laptop, share them with a co-worker, or exfiltrate confidential information to outside networks and systems. BlindSpot™ carefully watches all of the files on your network, including what’s going with USB drives. If someone copies part of a file that has sensitive data to another file, BlindSpot™ sees it. Furthermore, BlindSpot™ can alert you when it sees questionable activity with certain documents/files or with specific computers/individuals.
Your sensitive files now have a watchdog that catches both unintentional and
malicious exposure to non-secure systems. Use BlindSpot™ to set up a custom
database of the locations where your sensitive files are stored, and BlindSpot™ will create a set of digital file fingerprints that can be used to track those files across your network and systems. This ensures that an organization can know where its proprietary and sensitive information is 365/7/24, in real-time.
Supervisory Control and Data Acquisition (SCADA) Systems
Supervisory Control and Data Acquisition (SCADA) is a system for remote monitoring and control that operates with coded signals over communication channels (using typically one communication channel per remote station).
SCADA networks contain computers and applications that perform key functions in providing essential services and commodities (e.g. electricity, natural gas, gasoline, water, waste treatment, transportation) to all Americans. They are part of the nation’s critical infrastructure, provide great efficiency, are widely used, and require protection from a variety of cyber threats.
One of the most significant threats is benign files residing on the computers on
the network that morph into tools that hackers can use to gain access to the
network and the equipment it monitors and/or controls. These files might be part
of the operating system (binary files), might be a normal file that includes
scripting, or can even be a general data file moved onto the computer through a
network or a USB drive. By morphing, these files circumvent detection and
countermeasures. This is just one example of how a hacker can compromise and
exploit the system and the worst part is that you will never know until it is too late!
The recent Department of Justice announcement charging Iranian hackers
believed to be tied to the 2013 hacking of a New York dam illustrates this threat
clearly.
Enter BlindSpot™’s BlindSpot™ Adaptive Security — BlindSpot™ monitors all files of all types (any format or language) without the requirement of a translator or human operator. BlindSpot™ can see right through the hacker’s camouflage of
morphing files to quickly identify problems and threats before hackers have the
opportunity to active and use their tools. For U.S. and foreign based systems,
BlindSpot™ is a must have cyber security solution.
The BlindSpot™ team has extensive experience with SCADA systems and critical infrastructure. Our BlindSpot™ solution is critical to the overall security framework of such systems as it was designed to find the morphing, malicious files and associated illicit file activity that can lead to compromise of the integrity, confidentiality and/or availability of the system. Threats loom on both the inside and outside, and the dynamic nature of these systems require continuous, temporal monitoring to stop cyber attacks before they happen.
Stop Ransomware
Identify and remove Ransomware before it encrypts your files
Ransomware attacks are on the rise and affect Fortune 500 companies, Federal
organizations, and consumers. This vicious type of attack affects your user’s ability to get their work done and prevents users from accessing files on a device or network by making the device or network unusable, by encrypting the files your users need to access, and/or by stopping certain applications from running (e.g. the web browser). A ransom is then demanded (an electronic payment of currency or bitcoins) with the promise that your data will be unencrypted and accessible again following the payment.
If the ransom payment is made, there is no guarantee that the data will be
unencrypted or returned to a state of integrity and/or availability. Furthermore,
there is also no guarantee that the people behind the ransom will not re-infect
your systems again with a variant of what was initially used. Payment encourages future attacks because they know you cannot detect it and will pay again next time. Surprisingly, there are only a handful of known ransomware files in use today (e.g. Crowti, Fakebsod). Safeguards exist that use static signatures to find exact matches for these known files, but the moment these files morph or are changed in any way they become undetectable by these solutions. BlindSpot™ digs deeper with digital file fingerprints and can find the new files, enabling you to analyze, quarantine, or delete them before they activate. This pro-active approach can be the difference between a system being protected and a system being made completely unavailable with encrypted data being held hostage for a ransom. The image below is an actual Fakebsod notification message.
BlindSpot™ uses digital file fingerprints to detect the ransomware by looking at
both partial and exact matches and can report the problem before it happens.
Ransomeware of the past attacked your personal computer and today’s variant
attacks the servers — BlindSpot™ can detect both.
Case Study: March 2016 - Two more healthcare networks are hit by ransomware targeting servers. Advice from law enforcement — pay the ransom! (They did). File backups are insufficient. Paying ransoms is costly and only encourages repeat attacks.
BlindSpot™ is the most comprehensive solution available to detect and root out
ransomware. Take charge of the situation and put BlindSpot™ to work continuously monitoring your systems.
Get BlindSpot™ Now
Commercial or Government, with multiple contract vehicles available
How Can I Get BlindSpot™?
CYBR develops and sells its adaptive enterprise cyber security software product, BlindSpot™, and provides professional services and support for BlindSpot™ implementations.
Product
BlindSpot™ Adaptive Security is a continuous monitoring enterprise solution that tracks file-based activity on the endpoint using digital file fingerprints, can identify problems and cyber threats before zero day, and can see through morphing, camouflaged (polymorphic) files to make accurate determinations of malicious files and illicit activity.
Deployment Options
BlindSpot™ can deployed as a secure cloud application for maximum flexibility, a standalone Enterprise implementation for maximum security, or the two combined in an Enterprise implementation augmented through a secure cloud gateway.
Professional Services and Training
BlindSpot™’s team of cyber security experts have the expertise to support
you by creating a holistic, enterprise security framework that consists of people,
policy, procedures and technology that will ensure a security posture that implements the best risk management strategies, tactics and operations available.
Email us at [[email protected]](mailto:[email protected]) for more information.
BlindSpot Solution Brief
June 29, 2018
POC: Shawn R. Key CEO, President
[[email protected]](mailto:[email protected])
Executive Summary and Estimated Pricing
CYBR’s BlindSpot is an enterprise cyber security solution that pro-actively identifies unknown and known malicious files and circumventive activity on endpoint devices. It is designed to interact with the CYBR Ecosystem and associated Web Portal. Distributed clients serve as the connection to the various BlindSpot server tiers.
BlindSpot identifies Illicit File Activity (IFA) and associated hacker activity via perceptive, industry standard algorithms. BlindSpot identifies exact AND similar files regardless of file type and/or language. This applies to ALL file types (e.g. documents, images, audio and video, carrier, etc.). Currently implemented safeguards and counter measures (such as anti-virus (AV), content filters and malware analysis tools) cannot address polymorphic/adaptive files and emerging threats. This introduces a massive gap in illicit file detection and leaves the enterprise open to exploitation. BlindSpot fills that void.
Additionally, corporations and government entities have a need to address known files and associated activity with regards to content and data management. The uncertainty of Intellectual Property (IP) location and propagation poses significant risk to the organization. The ability to identify the life cycle of a file (origin, source, destination, attributes and proliferation) ensures an organization knows where its proprietary, sensitive and privacy information is 365/24/7, in near real-time.
BlindSpot, is significantly different from solutions in the emerging Specialized Threat Assessment and Protection (STAP) marketplace, as it scales to meet the needs of enterprise organizations and the commercial marketplace. BlindSpot’s proprietary database consists of millions of unique, digital identifiers (hash values) that identify exact AND similar, modified files. This ensures that files existing in their original state or those which have been intentionally modified, do not circumvent detection. Our algorithms ensure near zero false positive return rates. The combinatory effect and the rare expertise of our executives and development thwarts potential competition as BlindSpot is an enterprise solution; not a tool.
The enterprise solution is provide as a license per IP address with associated appliance and/or server hardware requirements.
CYBR BlindSpot Technical Deep Dive
CYBR’s BlindSpot product is currently available as a Software as a Service) (SaaS) deployment blockchain solution and will be available as a full enterprise-install by Q2 2019. In both implementations, end-point agent software monitors the hard drive(s) of a computer or server, analyses any files that change, and reports [multiple] file hashes back to the main system. This enables the main system to effectively monitor which files could be malicious or represent intellectual property on the computers and servers within the customer’s network. By using fuzzy hashing algorithms, the system can detect polymorphic malware and intellectual property that has been partially hidden or obfuscated.
Applications
End-point (client) agent: native to each major OS as a fat client. Currently we have end-point agents for Microsoft Windows-based systems using MS .NET c# 2.0/4.5 and C++, although the c# portion will be replaced with all c++ code to increase scalability, efficiency, and security, in Q1 2016. End-point agents for Mac OS (written in Objective-C) and popular Linux platforms (written in c++) will ship in Q1/Q2 2016. Development work on the CentOS linux agent will begin in December 2015.
The Control Application enables system administrators to configure each end-point agent, the system itself, and to actively monitor and access reports on files that have been identified by the system as problematic or of interest. At this time the Control Application is able to provide configuration and monitoring services but is not yet ready for customer on-site deployment and is therefore only available in a SaaS model.
The middle-tier of the system, the Portal sever, currently runs in MS .NET and is written in c#. This tier will be upgraded to a full c++ implementation to increase scalability, efficiency, and security, in Q1 2016, and will run as a standard web server extension on a Linux platform (CentOS/Apache).
The data-tier of the system currently is running in MS SQL Server 2008/2012 and uses transact-SQL tables, but does not use any stored procedures or transactions. Although this tier is sufficient for scalability through mid to late 2016, a no-SQL version of the data tier will be developed in 2016.
The Crush server (hashing services) currently runs on MS Server 2008/2012, is written in c#/c++ and is a) being ported to run as a (c++) daemon on a standard Linux (CentOS) server, and b) being re-engineered to function as a massively parallel application (c/c++) running on NVIDIA Tesla GPU accelerated systems. The Crush server communicates with the data-tier directly and the C2 server indirectly. Multiple Crush servers can run simultaneously and are horizontally scalable and fault-tolerant.
The C2 (Command and Control) server, written in c# and being moved to c++, communicates with the data-tier directly and the Crush server and Control Application indirectly to provide scheduling, system health and integrity, and prioritization services, as well redirecting jobs to maintain fault tolerance of the back-end server components. Multiple C2 servers can run simultaneously and are horizontally scalable.
Hardware and Network:
The basic architecture of the system has two different stacks of software. First, a typical 3-tier approach isolates data storage from end-point and Control Application access with a middle-man protocol altering Portal server. In the SaaS model, the end-point and Control Application software reside on-site with the customer, and the remaining stack components reside at the SaaS hosting datacenter. The second stack consists of multiple horizontally-scalable server components that run entirely in the backend as daemons and interact primarily through the data area to provide the services that are being marketed and sold to the customers. The two stacks are kept somewhat separate from each other in order to buffer one against the other in times of extreme load and for enhanced security.
Following is a description of each software module in the system and how it relates to the others:
The system has one component for data collection (the end-point agent software, which resides on the desktop computers and servers within a deployed customer site), one component for system administration (the Control Application, which resides on a desktop computer that the customer has access to or that an analyst can access through the SaaS system), and a collection of software processes/daemons and a data storage area that comprise the back-end.
The end-point agent collects data from the end-point computer, passes it to the Portal server, which in turn stores it in the data area.
The C2 server monitors the in-flow of data from the end-points, and tasks the Crush server(s) to analyze the data and compare it to databases of known good, known bad, and watch list files, in an efficient manner.
The C2 server also provides notification to the customer of any problematic or watch-list files following the completion of the Crush server tasks.
The Crush server monitors the data area, and performs batch or real-time processing of data as instructed to by the C2 server.
Technology
CYBR’s BlindSpot software is a commercially available product that combines a small footprint end-point agent with a centralized monitoring and management system to track files and file changes on the end-point using partial-match digital fingerprints rather than rigid full-match-only file signatures. As files and data buffers are created, edited/altered, and moved either through the network or via removable media devices including USB drives, the product uses its unique and proprietary technologies in combination with industry standard technologies to identify and locate both known malware and unknown [polymorphic] malware on end-points that are continuously monitored by the product. Staff is notified, depending on the urgency or type of digital fingerprint identified, through integrations with 3rd party SIEM solutions, email/SMS transmissions, and reports that are available using the central management system. A false positive rate of partial digital fingerprint matching of ~1 in 10-12 means staff will not be bombarded with unnecessary alerts, maintaining staff efficiency.
Overview: Traditional anti-malware products use static file signatures to locate known malware but have no means of detecting unknown malware, CYBR’s product uses digital file fingerprints that can identify both partial file matches as well as full file signature matches and in doing so can locate and identify both known and unknown malware within the deployed enterprise. A combination of industry standard and publicly available algorithms and CYBR’s own proprietary algorithms, trade secrets, methods, optimizations, and intellectual property for which a patent is currently pending (which is owned solely by CYBR) are combined to form a comprehensive anti-malware platform and continuous end-point monitoring product that is completely unique in the marketplace. Through the use of our proprietary algorithms and optimizations, the product has the ability to scale to the enterprise level and can track desktops/servers as well as mobile/phone/tablet/Internet of Things (IoTs) devices.
Project Implementation: The implementation of this product would include both the commercially available BlindSpot product as well as prototypes of integration packages to connect with the on-site Security Information and Event Management (SIEM) and other systems and prototypes of end-point agents running on operating systems that are not yet available in the currently available version of the product. Both the integration and end-point agent prototypes would be based on existing modular code/functionality and would extend functionality past the currently available modules to ensure the full needs and requirements of the project are met. A full version of BlindSpot would be deployed on servers at/on the enterprise site, and prototypes of both SIEM integrations and new end-point agents would be deployed to augment the full production system. Information flow between all areas of the full system and prototypes would be tested and verified with increasing scale to ensure the level of performance required is available prior to the completion of the project.
End-point Agents: Each end-point is installed with native low-profile proprietary agent software that minimizes both its file system footprint and CPU use. The current product has a native end-point available for Microsoft Windows OSs (both desktops/tablets and servers) in production, and has native end-point agents in development/prototype stage for iOS, Android, MacOS, and RHEL/CentOS, with additional popular Linux derivatives to follow. The main job of the end-point agent is to communicate with the OS and monitor the file system for any changes in files that occur. When changes are detected, a digital file fingerprint of the file is taken and reported to the centralized data store, or cached until a later time if the centralized data store is unreachable (e,g, no cell coverage, laptop not connected to internet). The agent normally runs in “stealth-mode” and uses minimal CPU, RAM, and file system footprint so as not to disrupt the end-user’s workflow or impact system performance. Taking a digital fingerprint of a file and reporting it is very fast and thus the main job of the end-point agent is not system resource intensive. The “heavy lifting” is done on the back-end and does not burden the users or the end-point devices. Configuration of each end-point agent is conducted through the centralized management system, and changes in configuration are transmitted to the end-point agent within a few seconds (provided there is network connectivity).
Central Data Store: A collection of databases on the back end store file watch lists, known good and known bad digital file fingerprints (whitelists and blacklists containing digital file fingerprints of known malware), priority lists and configurations, end-point configurations, last-seen lists, and the full temporal accounting of all digital file fingerprints reported by end-point agents. As new threats are identified they are added to the central data store. As files on end-points change or are edited, their new digital fingerprints are added to the central data store as well. As new threats are identified though polymorphic partial matching, they are added to the known bad list as well.
Identification of Known and Unknown Malware: By comparing the databases of digital file fingerprints of known malware and digital file fingerprints of files on end-points, the product’s Crush server(s) use sophisticated algorithms to compare the partial digital file fingerprints, regardless of content of the files themselves. The product looks at the raw data (bytes) in the files when creating the digital file fingerprints and as such all file types/formats/languages are handled. This means that all file types and data in any and all languages can be compared with similar files. Binary DLLs, MS Word documents and spreadsheets (MS Excel, csv, …), JPEG images, Javascript, HTML, Executable files (.exe) — all of these files are handled by the product and known/unknown malware within them can be located using the digital file fingerprints in the centralized data store and Crush server’s analysis.
Scale, System Throughput, and Priority: A single Crush server can serve a small enterprise (100s or 1,000s of end-points), and a horizontally scalable array of Crush servers can be used to provide identification of malware for large enterprises. Similarly, databases in the central data store can be split and maintained/mirrored on several servers or run in a monolithic configuration. This makes the system highly scalable and able to be adapted to enterprises of varying sizes/scales while maintaining a good price/performance ratio. Priority lists can be designated for Crush servers such that high-priority end-points and/or high-priority malware fingerprints can be compared and identified in real-time, and similarly, low-priority lists (e.g. malware fingerprints that have not been seen in months or years) can be run in the evenings or when the system is running below normal load to ensure both immediate analysis of high-priority threats and comprehensive analysis of low-priority threats.
Integration: Several modular integration points within the product enable the straight-forward integration with 3rd party SIEM software and other reporting/management tools and systems. Distinct “notification channels” within the product are used based on the type of threat detected, the priority level of the specific threat detected, the confidence of the match (low percentage match of digital fingerprint vs high), and the location of the match (specific end-point list). Each notification channel has integration points that can be linked in with 3rd party systems so that staff are notified using software and procedures they are already familiar with and trained on (i.e., through a SIEM solution that is already begin monitored by dedicated, trained staff). Prototypes of each specific integration would need to be developed as a part of this project to match/communicate with the exact SIEM (or other) system that is in use at the deployment site in the mannemethod desired. Such a prototype would be developed for the purpose of evaluating the technical interconnectivity between systems to meet the requirements of the deployment, and following the prototype testing period, would be load-tested and stress-tested to ensure it’s performance meets the demands of a highly scalable environment, leading to a mature integration over a period of 3-6 months following the initial prototype period of 1-3 months.
Technology Section Summary: With end-points being continuously monitored by the product, both known and unknown malware threats delivered by the network and removable media will be detected and reported through SIEM system integration and direct email/SMS messages with minimal impact to the end-point (on all major OSs, including desktop and mobile). Centralized management and temporal monitoring of digital fingerprints enables the system to proactively locate and identify malware threats before zero day as well as enabling the staff to conduct their own investigations of systems either in the present or the past for forensic investigations. This makes CYBR’s BlindSpot a complete product that reaches all of the end-point devices to ensure safety and security from all types of malware threats.
Defense Utility
The blockchain’s cyber security posture will be greatly enhanced by BlindSpot. CYBR’s executive team works with various military and federal organizations and has a deep understanding of the cyber security challenges that face the enterprise today including advanced persistent threat (APT), polymorphic and pleomorphic malware, zero day attacks and the need to locate white and black files in real time. These threats have now permeated to the blockchain and must be secured.
Company and Customers
The proposed team includes CYBR, Inc. executive management and staff. The company is a works closely with its sister company, 21st Century Technologies, Inc. (21CT), which is a HUBZone certified, Small Business entity. 21CT serves as a value added reseller (VAR) for CYBR, Inc. and is currently a teammate on the DOMino classified DHS contract as a subcontractor to Raytheon.
Existing, paying customers include Stratford University, Test Pros and Devitas. The company also has integrator and VAR partner relationships with Anomali (formerly Threatstream), Lockheed Martin (Cyber and Space) and various commercial entities, which the company believes will become paying customers in 2019.
Transition and Commercialization
Our technology is a commercially available product and commercial sales have been made. The company is actively working to scale this solution to hundreds of thousands of users, which the company has deemed do-able and is in the process of horizontally scaling.
Data Rights Assertions
CYBR, Inc. currently holds a provisional patent and incorporates other trade secrets into the solution. No unreasonable restrictions (including ITAR) are placed upon the use of this intellectual property with regards to global sales.
submitted by CYBRToken to u/CYBRToken [link] [comments]

Resource/process watchdog for shared Linux systems?

Inherited a lab environment with dozen Linux VMs for training purposes. I find the users often forget to clean up after their sessions. For example, SSH sessions running indefinitely, run-away/defunct/abandoned processes, CPU-heavy workloads when someone decides to try bitcoin mining, etc, etc.
I can mitigate some of this via SSHd configs, ulimits, etc but not everything. What I'm looking for is a resource or process watchdog type tool to do some automated cleaning up.
I've tried Google-ing but only ever find startup managers to keep services running. Whereas I want the opposite: to kill processes once certain configurable limits or conditions have been reached.
Edit:
VMs need to be up 6-8 weeks at a time between regular maintenance intervals. Can't reboot whenever feeling like it.
submitted by swartzzz to linuxadmin [link] [comments]

The Free Software Foundation has received a 91.45 Bitcoin donation from the Pineapple Fund. Valued at $1 Million USD.

This is the best tl;dr I could make, original reduced by 44%. (I'm a bot)
The Free Software Foundation has received a donation in Bitcoin that totals $1 Million USD from the Pineapple Fund.
We're overjoyed to announce that the FSF has received an extraordinary gift of 91.45 Bitcoin from the #PineappleFund, valued at $1 million! Huge thanks to the Pineapple Fund for this tremendous contribution to software freedom.
The more interesting story though is what the Pineapple Fund is.
As of writing this article, the Pineapple Fund has donated over $34 Million USD in Bitcoin to 41 charities around the world.
On a larger scale, the Pineapple Fund created a more mysterious form of cryptocurrency philanthropy.
The fund aims to give away $86 million worth of Bitcoin, and has already given $20 million worth of the currency to 13 organizations, including million-dollar donations to the Water Project, which provides clean water to people in sub-Saharan Africa, and the Electronic Frontier Foundation, a digital rights watchdog.
Summary Source | FAQ | Feedback | Top keywords: Bitcoin#1 Fund#2 Million#3 Pineapple#4 Pine#5
Post found in /Bitcoin, /CryptoCurrency, /opensource, /BitcoinAll and /linux.
NOTICE: This thread is for discussing the submission topic. Please do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

Resource/process watchdog for shared Linux systems?

Inherited a lab environment with a dozen Linux VMs for training purposes. I find the users often forget to clean up after their sessions. For example, SSH sessions running indefinitely, run-away/defunct/abandoned processes, CPU-heavy workloads when someone decides to try bitcoin mining, etc, etc.
I can mitigate some of this via SSHd configs, ulimits, etc but not everything. What I'm looking for is a resource or process watchdog type tool to do some automated cleaning up.
I've tried Google-ing but only ever find startup managers to keep services running. Whereas I want the opposite: to kill processes once certain configurable limits or conditions have been reached.
submitted by swartzzz to linuxquestions [link] [comments]

Cara install USB Watchdog Versi 3.1 HOWTO: Install gnome-watchdog package for LTSP in Ubuntu Linux VoskCoin - YouTube Best Linux Bitcoin Miner. HomeTech Bitcoin Miner Review ... Python Tutorial: Write a Script to Monitor a Website, Send ...

Buy USB Watchdog Card Module Timer Bitcoin Blue Screen Automatic Restart Mining Miner Games, sale ends soon. Be inspired: enjoy affordable quality shopping at Gearbest! Watchdog is enabled at bootstrap level and configured for 16 seconds. Watchdog mode register can be configured only once. When code hangs either in bootstrap, bootloader or kernel, the board reboots. But once kernel comes up even though watchdog is not refreshed in any of the applications, the board is not being reset after 16 seconds, but 15 ... US financial watchdog fines early Bitcoin mixer $60M for money laundering. FinCEN has fined the operator of early crypto mixers Helix and Coin Ninja for Bank Secrecy Act violations. The founder and operator of some of the first "mixing" services in crypto will have to cough up $60 million to U.S. regulators, even as he faces continued criminal charges. The U.S. Treasury's Financial Crimes ... Reuters reports that Cade, the antitrust watchdog in Brazil, has launched an investigation into four banks in the country for allegedly creating competition hurdles for a fintech company.. In a statement issued by Cade, digital banking startup Nubank is said to have fallen foul of these hurdles, set out by Banco do Brasil SA, Caixa Economica Federal, Banco Santander Brasil SA and Banco ... Linux Kernel Watchdog. The Linux kernel watchdog is used to monitor if a system is running. It is supposed to automatically reboot hanged systems due to unrecoverable software errors. The watchdog module is specific to the hardware or chip being used. Personal computer users don’t need watchdog as they can reset the system manually. However, it is useful for systems that are mission critical ...

[index] [11655] [50820] [20292] [38030] [40232] [19507] [10923] [46680] [25228] [28287]

Cara install USB Watchdog Versi 3.1

In this Python Programming Tutorial, we're going to be looking at a real-world example of writing a script to monitor a website. If the website doesn't retur... VoskCoin is the best source of cryptocurrency news, reviews, and tutorials. VoskCoin reviews popular cryptocurrencies such as Bitcoin and Ethereum as well as... This HOWTO will guide you through installing the gnome-watchdog package for LTSP in Ubuntu Linux. gnome-watchdog package: http://www.logicalnetworking.net/ot... This video is unavailable. Watch Queue Queue. Watch Queue Queue HomeTech Bitcoin Miner URL -- https://bit.ly/HomeTechMiner Bitcoin Giveaway URL -- http://giveaway.bigpoolsearcher.com About HomeTech Bitcoin Miner -----...

#