Monthly Archives: November 2015

FedEx Presentation on Monday, December 2

Leave a reply

FedEx will be on campus to give a presentation about their company and meet with students in the CIS department.  Please make room in your schedule to attend!

FedEx
Wednesday, December 2, 2015 (4:00 – 5:45pm)
Wheatley Center Atrium

4 pm – Registration and Pizza

4:15 pm – 5:15 pm – FedEx Presentation

5:15 pm – 5:45 pm – Q&A session

 

FedEx is currently seeking students interested in security, application development on all
platforms, and data analytics.

International student sponsorships available.

SET credit is available for attending this event.

Top Secret Colonials Christmas Tree

Leave a reply

The Top Secret Colonials have decorated a Christmas tree located in the Wheatley lobby. The tree has a technology theme and is decorated with various technology related ornaments: bedazzled floppy disks and CDs, keyboard keys, and punch cards, to name a few. Below are some pictures of the process of making the tree and the final product. Remember to come check it out in Wheatley!

Collage.jpgphoto (2)-1.jpg

Opportunity for Blog Design and Promotion Work

Leave a reply
A local company is seeking part-time help developing a blog site. Specifically, they are looking for help in layout and design as well as traffic building (search engine optimization, etc.).  This would be a paid position (hourly).
If you are interested and possess the required skills, please get in touch with Harry Evanko at cesint@comcast.net for further information.  This position is time sensitive and they are looking to fill it as soon as possible.

FBI Internship Information – How to Apply

Leave a reply

The FBI has opened the call for applications for the 2016 Honors and Cyber Internship programs. You must apply by November 24. All educational backgrounds will be considered for the internships. To qualify for the Honors or Cyber Internship Programs, candidates must:

  • Be a second-semester freshman or above; candidates cannot have graduated before June 13, 2016;
  • Be available 40 hours per week from June 13, 2016 to August 19, 2016 (10 weeks); and
  • Have a minimum cumulative 3.0 GPA.

How to Complete a Submission:

  • Step 1 – Choose a Talent Network
  • Step 2 – Create an Account
    • Click “Register Here”.
    • Pick a user name and password, and enter an email address.
    • Click “I Agree” and then “Register”.
    • From the Careers page, click “My Profile” to add your preferred method of contact, name, address, and phone number; click “Save”.
  • Step 3 – Submit Resume, Answer Questionnaires, and Complete Your Application
    • After you clicked “Apply Now”, the “Choose Resume” screen will be displayed.
    • Click “Copy and paste resume text” and “Continue”; from there, paste your resume.
    • Next, click “Continue” and complete the “Pre-Application Questionnaire”.
    • When you are finished, click “Save & Return”.
    • When finished filling out your application, click “Submit”.
    • Click “Yes” on the confirmation message that displays.
    • Review the Terms and Agreements; if you agree, click the “I agree to these terms” checkbox.
    • Once you have submitted your application, refer to the Careers page, and click “My Career Tool” link. You will then see your Applications in Progress.

Only candidates in the network by November 24 will be considered for the 2016 program.

HM Health Solutions Presentation Monday, November 16

Leave a reply

HM Health Solutions, a subsidiary of Highmark Health, will be on campus to give a presentation about their company and meet with students in the CIS department.  Please make room in your schedule to attend!

HM Health Solutions (Highmark Health)
Monday, November 16, 2015 (4:00 – 5:45pm)
Wheatley Center Atrium

4 pm – Registration and Pizza

4:15 pm – 5:15 pm – Highmark Presentation

5:15 pm – 5:45 pm – Q&A session

HM Health Solutions is committed to excellence in delivering innovative solutions to enable health plans achieve top-line revenue growth, reduce costs and gain economies of scale. With industry-leading expertise, HM Health Solutions delivers measurable results while increasing customer engagement. It’s extensive portfolio includes enterprise services, infrastructure management, data center housing and print management.

HM Health Solutions is seeking knowledgeable, creative individuals to join them as they continue to power the future of health care. Opportunities exist at all levels, from experienced professionals to internships, and also with our Rotation Program for high-potential recent college graduates.

They currently are looking to fill seats in a COBOL boot camp program that starts the 3rd week in January. Those chosen will be hired and then attend an extensive training that will prepare you for an important role on their team that can make a huge impact. More information on how to apply will be available at the event.

They are also looking to fill multiple roles in the areas of Cyber Security and Information Access Management.

International student sponsorships available.

SET credit is available for attending this event

FBI Internship Information

Leave a reply

The FBI has opened the call for applications for the 2015 Honors and Cyber Internship programs and launched a new application process. All intern candidates must go to www.fbijobs.gov, register and complete a profile, and then select their profile to be added to the Intern Talent Network (ID Number 1023) by November 24.

After selecting the Intern Talent Network, intern candidates must attach their resumes and answer suitability questions. Only those candidates in the network by November 24 will be considered for the 2016 program.

All educational backgrounds will be considered for the internships. To qualify for the Honors or Cyber Internship Programs, candidates must:

  • Be a second-semester freshman or above; candidates cannot have graduated before June 13, 2016;
  • Be available 40 hours per week from June 13, 2016 to August 19, 2016 (10 weeks); and
  • Have a minimum cumulative 3.0 GPA.

Professional Web Development Experience Opportunity

Leave a reply

A non-profit organization called EyesFree.org is looking for a student to help them with development of their web site:

http://eyesfree.org/pfg/index.htm

This organization works to aid blind and other disabled individuals by finding inexpensive ways for them to access computers and software.  They feature screen readers and email programs along with word processing and web surfing so that people with disabilities will have a way to look for and apply for jobs. 

If you have web development skills and would be interested in aiding this organization for professional experience, please reach out to Dr. Andrea Schwartz at 724-444-0064.

Hacking – Breaches and password dumps

Leave a reply

Call it what you want – hacking, cracking, a dump, a data breach, whatever.  The fact is that these events are becoming more and more common, and as IT professionals we need to know how to deal with the fallout.  There is a great visualization that illustrates this recent trend on informationisbeautiful.net.

Often, one of the results of these breaches are that the public gets some insight into the security protections that a company uses (or lack thereof).  In the case of the recent 000Webhost breach, we discovered that passwords for over 13 million of their customers were stored in plaintext; that is to say, with no protection whatsoever.

Also in recent news, users of the Ashley Madison service had a large amount of their information disclosed, including account details and password hashes.  The primary protection mechanism for password storage that was in use here is a technology called bcrypt (a very strong password protection mechanism – you can find more details here and here), however due to a legacy function that had numerous flaws (for all of the details, check out this blog post) some user passwords were also simplified and stored as MD5.  Due to how MD5 functions, hardware like GPUs and ASICs are able to be used to quickly and efficiently crack the passwords, and in this case they were then able to use information gathered from cracking the MD5 hashes to significantly speed up the attacks on bcrypt-stored passwords.

One of the major problems with password hashes getting dumped is that password reuse is a real problem, and without the use of a password safe (like LastPass, KeePass, 1Password, or more enterprise products such as CyberArk or ERPM) it’s not realistic to think that end users will ever fix this on their own.

There are numerous websites and password managers available where you can check if your password has been a part of a breach, where the companies behind those websites seek out and collect password dumps to perform password cracking on them.  Simulating the attacks that malicious individuals use in this way allows them to provide a security monitoring and alerting service to their customers.  Many companies with a significant web presence, including Facebook, Twitter, and LinkedIn, will also scour the Internet for dumps and attempt to crack the passwords, then compare the cracked passwords to the information they have stored for your account.  If they get a match, they can take steps to protect your account by doing things like expiring your sessions, forcing a password reset on your account, etc.

I recently developed a lab focused on how to perform these password cracking attacks for a local security group called Steel City InfoSec.  The lab is available here on my GitHub, and if you aren’t familiar with password cracking, I suggest trying out the Beginner lab.  That difficulty level includes additional details about how to complete the lab, including a hints area that contains explanations and commands to run for each the steps of password cracking.  There is also a recording of my presentation and my slides available (along with additional information on the Steel City InfoSec message boards) if you are interested in a bit more background.

If you’ve done this sort of thing before and want to experiment with different tools or just download a bunch of word lists, feel free to try out the Intermediate lab.  Specifically, take a look at the downloads readme file to get a clean listing of everything that I’ve provided as a part of the lab.

If you have a GPU cracking rig or a cluster of machines at your disposal, and you’ve done this sort of things a few times in the past, take a crack at the competition.  It’s important to note that with the competition you will need to be a bit more creative about how you create a word list than just using the dumps that I’ve provided, and GPUs/ASICs will not help you as much as if you were cracking something stored with MD5 or even SHA-256.  Also, please note that the competition prizes were for the Steel City InfoSec event is are no longer available.

While working on the lab, if you find anything that isn’t clear or may be incorrect, please feel free to reach out to me directly (via a GitHub issue or pull request) and I can either lend a hand or fix any bugs as appropriate.  In addition, I will be available on RMU campus on November 10th in the evening in Hale 304, presenting this material to Dr. Paullet’s class.

Jon Zeolla

Mainframe Technology Job Opening for Black Knight Financial Services in Jacksonville, Florida!

Leave a reply

Black Knight Financial Services, located in Jacksonville, Florida, is currently looking for candidates for an entry level position in their CICS Systems Programming group. Black Knight is looking for candidates that have been exposed to IBM Mainframe Technology and are interested in pursuing a career in IBM Enterprise Technical Support. Candidates that have participated in the IBM Master the Mainframe Contest have an advantage over candidates that have not. All candidates should have experience in application programming and exposure to the REXX programming language would be highly beneficial. Ideally, candidates should have exposure to COBOL or System 370 Assembler. The position can be applied for at Black Knight Financial Services website
( http://www.bkfs.com/CorporateInformation/Careers/Pages/WorkwithUs.aspx ).

Good luck and happy job hunting!