Author Archives: thompsonbe

About thompsonbe

I am a freshman commuter going to Robert Morris university for cyber forensics and information security.

Highlights: Bitcoin w/ Dr. Werner Kristjanpoller

In case you missed the presentation Bitcoin: A New Paradigm or a Financial Bubble?, here is what was discussed by Dr. Werner Kristjanpoller, our RMU Fall 2017 Rooney International Scholar.

Dr. Werner Kristjanpoller:

  • professor in the Industrial Engineering Department at Universidad Técnica Federico Santa María (UTFSM), in Chile
  • Career Director of Industrial Engineering for UTFSM’s main Campus
  • Director of 3ie – the Business Incubator of UTFSM
  • Ph.D in Business Studies at the Universidad Autónoma de Madrid, in Spain
  • MBA from UTFSM
  • Industrial Engineer
  • Vast research and teaching span includes:
    • finance and economics
    • econometrics
    • application of artificial intelligence to forecast financial assets
  • Published in several journals such as:
    • Expert Systems with Applications
    • Applied Energy
    • Computational Economics
    • Sex Roles
    • Journal of Pension Economics and Finance
    • Emerging Markets Finance and Trade
  • His plans at RMU are to research crypto currency, and develop a hypothesis for returns and volatility of Bitcoin.

The Presentation:

Bitcoin: hot topic – the fundamentals of currency.

Need for currency

  • Barter(good for small civilizations) -> (increased commerce)currency
  • EX: salt, seafood shells, cow, vegetables, stones, etc.
  • Gold: most popular, and silver appeared – prevented currency from expiring. Creation of coins
    • Gold stores – transferred your gold to a paper equivalent; beginning of bills
    • Needed coins/gold to support the money being printed
  • Gold system – all the money of a country needed to be able to be turned into gold that each central bank protected. Since 1930. Money could be changed to gold, and vice versa.
    • Every country has responsibility – but then it was left up to the US dollar to be the standard for all coins.
    • EX: pesos to US dollar
    • 1973: Nixon decided to end the condition of the uS dollar as the standard because we did not have enough gold to support the bills.
      • US was running out of gold needed to support all the circulating dollars.
      • TODAY: no metal support. Money only has value because we trust that it has value. -> essential to the financial value of Bitcoin.

Crypto Currency – 2009; virtual money; seeks decentralization – no central state controlling this; no one has control over the internet.

  • Only generates a number of previously sdefined units, at a rate that is limited by a previously established and publicly known value
  • We have a fixed amount
  • More than 800 currencies have been created – bad
  • Allows you to make purchases internationally and be exchanged for another currency without intermediaries
  • Some think that there will be no tellers, cash registers, queues, or waits;
    • Amazon Go*: no lines – just walkout and receive payment to your amazon account; Dec 2016. Use of virtual currency and algorithms to keep track of what you pick up, and you can just leave.
    • Bank behind transactions.

Bitcoin – virtual currency, which is generated in a consensual network that allows a new payment system.

  • First specificiation of the bitcoin protocol and proof: Satoshi Nakamoto (referred to this as his pseudonym) in 2009 in an email list launched this proof of concept.
  • Numerous developers working on the bitcoin protocol; more people began to grow exponentially into the community of bitcoin: the more people who trust in bitcoin, the more industries will begin accepting bitcoin as a currency.
  • Bitcoin has no owners
  • Bitcoin network shares public accounting called “block chain” – system behind bitcoin

How does bitcoin work:

  • Exchange money electronically like an email or a text
  • Makes sure no one can send money from someone else’s account
  • Signature required based on cryptography – used to create signatures through decryption proving that it is them; signatures cannot be copied because they are different for each transaction
  • Provides a decentralized system
  • Maintainers – keeps personal copy of ledger and updates it
  • Fraud can cause changes in ledgers – vote on which one is the correct ledger using a mathematical formula by having users solve the problem, hand in the answer, each vote has a cost in electricity and computing power.
    • Keeping it fair: each puzzle is based on previous answer before starting
    • Only thing that makes people finish it faster is through having more electricity and computing power.
    • Solving puzzles -> small money; these people are called “miners”; randomly generating new money for the solving of puzzles.
  • Reliability: accurate ledger is found through mathematical probability

Advantages:

  • Ease of payment – send and receive instantaneously
  • Security and control – bitcoin users have complete control over their transactions
  • Very low rates – payment swith bitcoin are currently processed at low rates or at no charge. Can send money from US to Japan with no additional cost instantaneously.
  • Less risk of fraud
  • Neutral and transparent – all people know the quantity of bitcoin in the world – it is open to all; all information is available

Disadvantages:

  • Degree of acceptance – many people still do not know Bitcoin; “big barrier to jump”
  • Volatility – the total value of bitcoins in circulation and the number of businesses using bitcoin are very small compared to what it may become.
    • volatitlity can be used to as an advantage in some cases
    • Bitcoin: keeps increasing in price, lowering in price, coming up to $6,000 per Bitcoin soon.
    • Financial battle: because it continues to change
  • Developing System – still in the beta phase with many incomplete features in development.
    • “Déjà vu” – “what is internet” (1994) “why would you buy a computer” “bitcoin”(made in 2009) – designed to be self-stabilizing.
    • Bitcoin is no longer a scam? Goldman Sachs boss Lloyd Blankfeind said his bank was considering bitcoin.
    • Howard Marks – billionaire investor; referred to it as a fad but has now accepted it as having the most valuable characteristic – people believe in and trust bitcoin as a currency.

Is bitcoin a threat?

  • Fear about crypto currency because it implies to lost power – loss of state power – loss of centralization.
  • Several industries can be negatively affected with the break-in of Bitcoin
  • Several governments have been forced to regulate their use or ban it.
  • Several governments have been pushing cashless
    • If all transactions are done by card or transfers with banks, the govt could lose power
  • Some banks in Japan want to launch their own crypto currency – J coin.
    • Japanese government could be accepting
    • Against economy’s basis in Japan to reject Bitcoin.
    • If japan launches J-coin; and you have to choose one – you are more likely to choose J coin over Bitcoin due to the fact that J coin is centrally supported by an entire country.

Bitcoin behavior:

  • Research in progress “Forecasting the Bitcoin Volatility
  • Kristjanpoller & Minutolo 2017.
  • Mixing econometrics model with networking
  • Generate bitcoin volatility for a week, weeks, and a month.

Q&A:

A question was asked about the legal implications of the court trying to define Bitcoin (property/currency/both?)

  • Report gains in bitcoin as gains in property
  • Federal government’s legal system is trying to see how to view it as well as how the IRS should view it.
  • IRS – asset not taxed; official policy that it is property and should be taxed as such and not currency creates an inefficiency in the market.  Smart companies will trade capitol in Ireland to bitcoin and then bring it back to the US because it will get taxed differently.  If not seen as a currency, then it cannot be taxed as currency.
  • J coin is an attempt to change the tax on that earnings.

Recommended readings/videos:

  • The Aisles have Eyes
  • The rise and mine of Bitcoin
  • Money: the Unofficial Biography

Highlights: Splunk Presentation with U.S. Steel’s James Wolfe

This event was held October 26th, and in case you missed it, here are some of the highlights to be taken away from the presentation.  So, if you were in class and regretted now skipping class for this, we have got you covered!

Main Points:

  • Searches – he discussed how when you use the search bar, it is important to understand its format:
    • [general code] | [less general] | [continually more specific search]
    • as you can tell, the idea is that there are commands that you use that are processed from left to write, and each command is separate by the |(pipe).
  • Save searches! – with there being so many different ways to slice all of the network traffic that Splunk is managing, having different frequented searches saved is very convenient to insure more time searching network traffic, and not google for Splunk commands.
  • Statistics – in order for anomaly detection to work, there needs to be an idea of what is normal.  One person’s smile could be another person’s bad-day face.  It is important to judge off of what is normal for the network traffic, much like judging someone’s behavior off of what is normal for that person.  The statistics generated are what determines what falls within normal behavior for their network.
  •  Real-time Graphs & Charts – generating graphs and charts that will actually change and adjust in real time are super important.  It allows an easy way to understand what is going on in the network – instantaneously.  Wolfe stressed that bosses will love something so clean, visually appealing, and content-specific.

Splunk application:

This presentation was about Splunk, the security event manager/log aggregation software.  If you have had Paullet’s class and suffered through the wonderfully challenging Enron emails assignment, then you have had a small taste of this software’s capabilities.  Splunk can be used for a wide variety of applications because of its ability to organize/index large sums of information with ease into databases, or indexes.  James Wolfe focused on Splunk’s network security applications.  James Wolfe is a security administrator for U.S. Steel, so his job requires him to focus on network traffic such as IPs, users, or anything that could potentially indicate a point of failure for their network.  Wolfe explained that the beauty of Splunk is that you can start looking without needing to know exactly what it is that you are looking for – exactly how I described my use of Splunk when trying to find incriminating Enron emails.  Because security is the importance of the job, he discussed the commands that would be useful for security.  These things included:

  • dedup – removes duplicates in your search.
    • EX: dedup user, src_ip
  • wineventlog
    • 4625 – this code indicates a failure to log in

A very basic example shown to us to show how the data was being used to detect anomalies was through the ratio or successful to unsuccessful log ins for users.  By creating a baseline formula for the rate of successful logins for each user, the computer can flag any time there is a change in this rate that goes within 1-2 standard deviations.  The data is all producing algorithms and equations based on what you – the user of the Splunk software – deems important.

  • table_raw – views the raw informaiton that splunk pulled the information from for the databases/indexes

This raw information was very education in seeing how convenient the software is, because the raw version was pretty jumbled, messy, and difficult to understand.

Career Advice:

  • Deskside/IT support is a good career start – you learn to troubleshoot
  • Ask as many questions as you can – be willing to do projects; this will make you valuable.
  • CERTIFICATIONS: N+* – basic fundamentals of networking.
  • Government – certifications are legally required
  • CCNA – CISCO; mid-level
  • Maintain a strong work ethic
  • Log into a firewall – download free for home*
  • 2 year schools like ITT tech allows hands on experience
  • 4 year degree preferable, but less hands on – it proves that you are hardworking and willing to put in the time necessary; this ties in greatly with having a strong work ethic.
  • Microsoft imagine account; dream spark; 2016 data center OS worth $3,000 [we get it for free at RMU, so utilize it!]
    • Spin up a DHCE from home
  • All acronyms – know.
  • Splunk: just saying that you have worked with Splunk automatically gives you an edge against the competition for any job in security.
  • Google: useful; know that it really is alright to google what you do not understand when doing anything on the computer.  There is so much to know, and as long as you accept that you will be learning throughout your entire career, you will be able to stay in demand with employers.

Fun Facts:

  • Companies have filters on their employee’s computers preventing them from going on certain sites.  Because you cannot access these through google, users will use Bing as their loophole to sites that they are not supposed to access.
  • U.S. Steel, much like other companies, uses firewall redundancy to prevent any debilitating security errors.
  • Splunk is free to download; free for developers license. All software is free all you need is to buy your own server with 16 gigs – plenty for an at home – of ram.  Buy second NIC. Spin up VMs. Download licenses.

Snapchat’s Terms of Service

Did you read the new Terms of Service for your Snapchat account?

Odds are, probably not.  The most recent update occurred on September 26, 2017.  Before that, there was already a lot of power in the Terms hidden behind the blindly pressed clip-wrap agreement such as Snapchat being allowed to use your photographs on billboards without you knowing or getting any compensation for it.  If you have read through the terms in the past, some of this may be a review for you.

Here’s what you agreed to last month:

Your Private content:

“For all content you submit to the Services other than Public Content, you grant Snap inc. and our affiliates a worldwide, royalty-free, sublicensable, and transferable license to host, store, use, display, reproduce, modify, adapt, edit, publish, and distribute that content. “

  • even though this statement is followed by a big line stating these licenses are solely for bettering our services, having that much free will available can be an intimidating fact that we barely even think about.
  • public content is not included because Snapchat wants to use content you deemed free to the world, to their highest advantage.

Your Public content:

“In addition to granting us the rights mentioned in the previous paragraph [quoted above], you also grant us a perpetual license to create derivative works from, promote, exhibit, broadcast, syndicate, sublicense, publicly perform, and publicly display Public Content in any form and in an and all media or distribution methods (now known or later developed)… you also grant Snap Inc, our affiliates, and our business partners the unrestricted, worldwide, perpetual right and license to use your name, likeness, and voice, including in connection with commercial or sponsored content.”

  • Snapchat is allowed to do whatever it wants with your content placed on any story that is left open to the public such as the “Our story” options, or anything left on “My story” when you leave your settings so that anyone can view your story.
  • With the ability to use your name, likeness, and voice, you could be in a commercial, without your knowledge – but still technically with your consent – and get no compensation from Snapchat.

What can be done with your content on your end:

“While we’re not required to do so, we may access, review, screen, and delete your content at any time for any reason, including to provide and develop the Services or if we think your content violates these Terms.”

  • Although it is stated here that changing your content in any way would be to improve services or to remove anything that could be considered a violation, Snapchat can do things that are specific to your own individual account, without any restrictions because it is allowed to do so for any reason.  That line is just a sugarcoating.
  • even though Snapchat claims to be monitoring us to prevent illegal use of the application, it claims no obligation to regulate users, and therefore can be freed from any liabilities, putting full responsibility back onto users.

“…if you volunteer feedback or suggestions, just know that we can use your ideas without compensating you.”

  • any suggestions will be solely for you to improve the application; there is no other gain for you.

This is just a small synopsis of the general terms specified online by Snap Inc. regarding your content.

For full content, click Full Terms of Service.

SOC Analyst Job for Ideal Integrations Inc.

What would I be doing for this job?

If you are a CIS major who is a night owl but also very articulate, then we have a full-time job for you!  This job requires strong verbal skills for conversing with clients through written, verbal, phone, or in person means, as well as thorough documentation of situations.

This security job also includes:

  • analyzing, identifying, and eliminating customer security alerts, events, or incidents.
  •  identifying weaknesses in customer infrastructures – suggest solutions/improvements
  • assisting in creation and maintenance of documentation for SOC procedure and processes
  • Ensuring that they are complying with Information Security Policies
  • Ensuring that all security and operational controls are followed and enforced.

Requirements:

  • personal vehicle/valid license
  • 24/7 on-call work
  • Ability to work in fast paced environment
  • Travel
  • Heavy lifting
  • staying up to date on latest vulnerabilities, exploits, and any other relevant threat information
  • [preferred]:
    • Technical or Associate degree in relevant field   -OR-
    • 1 year’s equivalent experience
  • Shift from 8pm – 7am.

Experience and Necessary skills:

  • SOC/NOC/Blue team
  • Programming/Shell scripting [examples:]
    • PERL
    • Python
    • Java
    • Shell
    • PowerShell
  • System or Network Administration
  • Configuration/implementation of Technical security solutions [examples:]
    • Firewalls
    • IDS/IPS
    • Antivirus
    • SIEM
  • Windows & Linux OS and applications
  • Security standards PTES, Defense in Depth, etc.

How to Apply:

To apply for this job, contact Chris Shillingburg at cshillingburg@idealintegrations.net.

IT/PC Technical Support Internship Dollar Bank

Interested in a year round internship?

This is it! This internship is perfect for real life work experience as a PC Support Technician.  If that’s intimidating, know that you will be working alongside experience IT professionals who will be able to aid you.  The job description even states that you will be working in a “supportive, team-oriented environment,” so that will be very helpful in getting you the professional training and mentoring that can get you real-job-ready!

Why Apply?

  • Part-time employees – that would be you – qualify for 401(k) with immediate vesting, pension, tuition reimbursement, and gym reimbursement.
  • Its not far away: Liberty Commons Building
    • 2700 Liberty Avenue, Pittsburgh PA

Job includes:

  • Utilizing windows deployment for workstations
  • Installing the required software, 
  • Performing routine hardware and software upgrades
  • Installing workstations in the back offices and branches, racking servers,
  • Moving computer equipment
  • First-level troubleshooting
  • Monday-Fridays; 20-25 hrs/week.

Qualifications:

  • 1 year of college
    • classes in Windows OS, PC repair, and networking
  • Working knowledge of Ethernet, TCP/IP, and Active Directory
  • Strong commitment to customer service
  • Occasional overtime
  • Good organizational skills
  • Ability to multitask effectively
  • Ability to lift 25 pounds – hardware is HEAVY
  • Ability to deal effectively with end-users, peers, managers in written as well as oral communications
  • Willing to accept duties as they are assigned to you

Application:

  • Apply quick, but no pressure; this internship does not expire until 12/18/17
  • For application, click here.

Linux Foundation Open Mainframe Project Summer Intern Program

“The Mission of the Open Mainframe Project is to create an open source, technical community that industry and community participants may easily participate in so that they may contribute to the creation of assets and materials that will benefit the development of Enterprise Grade characteristics of Linux.”

– Linux Foundation on the Open Mainframe Project

This is a rare opportunity – only 8 interns get this chance!  If selected, you would get to work with a mentor on your own custom project focusing on improvement of the High Availability, Disaster Recovery, Security, Reliability, Serviceability, Performance and/or Scalability of Linux.

Proposals should Include:

  • The project idea you would like to propose
  • Why you’d want to do this project
  • Your contact information
  • Your academic information/transcript/experience
  • 1 to 2 references

**Speak to Open Mainframe Project Mentors to get advice on applying.

Go to this link to apply.  Proposals are due February 15th, 2017.

 

 

Dollar Bank Internship

Job Description

  • Year round
  • Cloning workstations,
  • Installing workstations in the back office and branches,
  • Racking servers,
  • Moving computer equipment,
  • Performing routine hardware and software upgrades,
  • And first level troubleshooting.

Technical Qualifications

  • 1 year of college
  • Classes in Windows OS, PC repair, and networking
  • Working knowledge of Ethernet & TCP/IP
  • Customer Service committed
  • Available to sometimes work after hours+/weekend (Occasional overtime may be necessary)

Other Qualifications

  • Good Organizational skills
  • Multitasking skills
  • Ability to lift 25 pounds
  • Ability to deal effectively with end-users, peers, and managers (professional written and oral communications skills)
  • Willing to accept duties given

Would you like to apply?  Click here for application

**This opportunity expires February 26th, 2017.