Author Archives: John Counihan

Unknown's avatar

About John Counihan

Cyber Forensics and Information Security Student, Class of 2018

Securing What You Don’t Own or Control – The Current State of WiFi-Security

Leave a reply

On Thursday, February 9th, there will be a presentation entitled “Securing What You Don’t Own or Control – The Current State of WiFi-Security,” by Rick Farina. Farina will talk about how to protect data and systems from the expanding WiFi threat landscape. The presentation will take place from 4:30pm to 5:30pm in the Wheatley Atrium. This is a Top Secret Colonials sponsored event.

Rick Farina is a well-known wireless expert who has spoken at a variety of security conferences, including DEFCON (which is one of the world’s largest annual hacker conventions). Farina runs a Wireless Capture the Flag contest at several conventions throughout the country. Farina is the director of Research and Development at the company Pwnie Express. He is responsible for researching, developing, and marketing leading wireless and IoT (Internet of Things) security products. Farina’s expertise is in wireless security and wireless hacking.

Refreshments will be available at this event. Students will receive SET credit for attending. For more information about the event, contact Dr. Paullet at paullet@rmu.edu.

For more information about Pwine Express and Rick Farina, click the links below:

Pwine Express Official Website

Rick Farina’s LinkedIn Profile

TSC Logo

Russian Hacking Panel

Leave a reply

The University of Pittsburgh will be hosting a panel on Russian Hacking on Thursday, February 2nd, from 1:30pm to 4:30pm. At this event, several panelists will discuss a variety of topics, including: Russian activities in cyberspace, U.S. and Russian views on cyber tool usage, U.S. response to Russian activities, and Russia’s possible effect on the U.S. presidential election.

There will four panelists at this event:

  • Andrei Soldatov, a Russian investigative journalist and security services expert
  • Ellen Nakashima, a national security reporter for The Washington Post
  • Luke Dembosky, a former Deputy District Attorney General for National Security and former U.S. Department of Justice representative at the U.S. Embassy in Moscow
  • Keith Mularski, a Supervisory Special Agent for the FBI in Pittsburgh

The event will be streamed live at law.pitt.edu/cybertalk. Students can only attend the event at the University of Pittsburgh if they have already registered for it. Registration for the event closed yesterday, January 30th. However, everyone is welcome to watch the event live through the link above.

For more information, there is a flyer posted below.

Russian Hacking Panel Flyer

Graduate Assistant position for Facilities Management

Leave a reply

The Facilities Department at RMU is looking for two Data Analyst Graduate Assistants to work starting this semester. The Graduate Assistant would assist with measuring the effectiveness of strategic initiatives within Maintenance and Operations. This is a twelve month position for twenty hours a week. The position includes a monthly stipend and a tuition fee waiver.

The Graduate Assistant’s responsibilities will include: collaborating with facility professionals to develop good assessment and planning practices, managing multiple data-sets and projects simultaneously; assisting with design of assessment projects, assisting with implementation of data collection processes; cleaning/managing data files and conducting statistical analyses; proofreading and editing reports for statistical errors and inconsistencies.

Qualifications:

  • Graduate Student currently enrolled in the semester they are working as a Graduate Assistant
  • Minimum GPA of 3.5
  • Technical skills: Software applications and Database management
  • Strong interpersonal skills
  • Excellent communication skills both written and verbal
  • Ability to work independently and collaboratively

To apply for this position, contact Michael Yuhas at yuhas@rmu.edu and send him a letter of interest and resume. Accepted applicants can begin work as early as this semester.

Don’t fall for this ‘highly effective’ Gmail scam

Leave a reply

For several months, a phishing scam has been tricking Gmail users into sharing their passwords. Recently, the security company WordFence released an alert about this scam.

The attack starts when the attacker sends an email to the victim’s Gmail account. The email address of the “sender” usually belongs to someone that the victim knows; however, the sender’s account has already been compromised by the attacker. The email contains what appears to be an image for the victim to click on.

When the victim clicks on the “image”, they are taken to a new tab which prompts for their Gmail account information. Once the victim signs in on this page, their account is compromised. The attacker then has access to the victim’s emails and personal documents. Once the attacker has access to the victim’s account, they will use this account to send the scam to more victims.

What makes this scam “highly effective” is that it is uses email addresses of people that the victim knows. Also, the fake Gmail sign-in page appears to be legitimate, containing the Google logo and normal entry fields for username and password.

In order to prevent yourself from becoming a victim of this scam, it is important to note the following:

  • Although the false attachment contains “accounts.google.com” in its URL, it also has “data:text/htm” at the beginning, which is not found on a normal Gmail URL.
  • When signing into any service, you should check the browser bar to verify the protocol and hostname. The URL should begin with “https:” and there should be a green lock icon next to the URL.
  • Gmail users can also enable two-factor authentication or “2-step verification” to make their account more secure.

For more information: Don’t fall for this ‘highly effective’ Gmail scam and WordFence Article

IT Post-Graduate Internship/Position with Pittsburgh Steelers

Leave a reply

The Pittsburgh Steelers are looking for Post-Graduate IT Interns/Developers to work for the Steelers Technology Department with hardware, software, and other systems. The position is for a front-end developer for the company’s in-house programs; the position also involves help desk and user support. The intern will work with the company’s application developer on various tasks and also assist with other user technology projects.

The company is looking for students who have graduated or plan to graduate in the near future. The company wants applicants who are comfortable with a networked computer environment, skilled in HTML or CSS, and interested in design.

This internship is Full-Time, Paid, and lasts for a full year. The internship can lead to full-time positions at the NFL.

For more information, or to apply for this position, click one of the following links: Link 1 or Link 2.

Mobile Forensics and Security Certificate

Leave a reply

Robert Morris University’s Department of Computer and Information Systems is offering a new certification program: Mobile Forensics and Security. The program, which is offered both in-class and online, gives students hands-on experience with a variety of computer and mobile forensic tools. The program also teaches students about the legal procedures for computer and mobile forensic analysis. It also examines various techniques for preventing unauthorized attacks on mobile devices and computer networks.

The Mobile Forensics and Security Certificate has the following class requirements:

  • Intro to Decision Support Systems (INFS 1020)
  • Mobile Security Policy (INFS 3110)
  • Intro to Computer Forensics (INFS 3120)
  • Cyberlaw (INFS 3170)
  • Digital Evidence Analysis (INFS 3190)
  • Mobile Forensics (INFS 3191)
  • IT Security, Control/Assurance (INFS 3222)
  • Computer and Network Security (INFS 3235)
  • Network Forensics, Intrusion Detection, and Response (INFS 4180)

Most of these classes are already requirements for students majoring in Cyber Forensics and Information Security. However, this certificate is available for anyone who is willing to take these courses.

The following brochure has more information about the certificate: mobilecert

If you have any other questions, please contact Dr. Paullet at paullet@rmu.edu.

Foreign Service IT Fellowship

Leave a reply

The U.S. Department of State is sponsoring an IT fellowship for students in IT-related majors. There are two different fellowship opportunities: one for undergraduates and one for graduates.

The undergraduate fellowship is available only for sophomores. Accepted applicants will be working for two summer. For one summer, they will work in Washington, D.C. with the Department of State. During the second summer, they will work a Foreign Affairs job at an embassy abroad. The fellowship will also cover $37,500 annually for tuition, room & board, books, fees, and other travel expenses.

The graduate fellowship is available for seniors who have already been accepted into a Master’s or Integrated program. The accepted applicants will do the same jobs in both summers as the undergraduate applicants.

At the end of both the undergraduate and graduate fellowships, the accepted applicants are guaranteed jobs with the U.S. Department of State. Both positions require a five-year commitment after completion of work for the Department of State. Students applying must be currently enrolled in an IT degree.

Students can apply at http://www.twc.edu/FAIT2017

Here is a link to a brochure for the fellowships: fait-fellowship-brochure-final

For more information, contact Dr. Paullet at paullet@rmu.edu

IT/Engineering Intern – Curtiss-Wright EMD

Leave a reply

Curtiss-Wright Electro-Mechanical Corporation is looking for an IT/Engineering Intern to work for them staring in January 2017. Curtiss-Wright EMD is a lead supplier of critical function, electro-mechanical products. The company is located in Cheswick, Pennsylvania.

The position will focus on hardware and system administration within a high-end engineering environment. The position will also involve the configuring of Red Hat Linux workstations and clusters, along with engineering SW installation and troubleshooting. The position will also involve hardware roll-outs and upgrades.

Qualifications:

  • G.P.A. of 3.2 or higher
  • U.S. Citizen
  • Must have transportation to company location
  • Can work full time, or at least 24-30 hours per week

The internship is paid, starting at $15.00/hour. Applicants can apply though ColonialTRAK or directly to Cathy Pascarella at cathypascarella@gmail.com. Applications must be submitted by Saturday, December 17th. 

Beware, iPhone Users: Fake Retail Apps Are Surging Before Holidays

Leave a reply

In the past few weeks, there have been hundreds of fake retail and product applications in Apple’s App Store. The fake apps have pretended to be companies such as Dollar Tree, Foot Locker, Nordstrom, and Dillard’s. A company that tracks new shopping apps, Branding Brand, reported a large increase in these fake applications in the past few weeks.

The apps are being created to trick Black Friday shoppers into clicking them. Some apps seem to be harmless, just displaying pop-up ads whenever users click on them. Others, however, are dangerous because users can have their credit card information stolen if the app asks them to input it. Also, some of the apps can contain malware that can steal personal information and even lock the victim’s phone.

The fake apps came from developers in China; they were somehow able to get past Apple’s review process for new apps. Apple’s app screening process is less strict than Android’s; Apple focuses more on blocking malicious software and does not routinely examine the thousands of new apps that are sent to them everyday. It is important for brands and companies themselves to search for and report these fake apps, similar to how they search for and report fake websites. Last week, however, Apple did remove hundreds of fake apps after an article was published about the apps. A spokesperson for Apple claims that they have set up ways for customers to report fake apps. In September, Apple started to look through their two million apps to remove fake and unnecessary ones. Despite this, new fake apps continue to appear.

A recent example of a fake app was one called Overstock Inc. – apparently named to let customers believe that it was the real company app for Overstock.com. The developer of the app is the Chinese company Cloaker Apps. The CEO of Cloaker, Jack Lin, claims that the company only provides the back-end technology for the apps; they do not investigate their clients. However, not even Cloaker is what it seems; the company’s website states that its headquarters is in the middle of Facebook’s campus in Menlo Park, California. When Jack Lin was first interviewed, he claimed that the company only had offices in China and Japan. When asked about the office in California, he claimed to have “tens of employees” there.

China is, by far, the biggest source of fake applications. Many of the fake apps have red flags to show that they are not real, including: nonsensical menus in broken English, no reviews, and no history of previous versions of the app. So far, thousands of individuals have apparently fallen prey to the newest fake apps. However, in most cases, no serious problems have occurred. The fake apps usually target companies either with no apps or multiple apps. Some have even used Apple’s paid search ads to put their fake apps at the top of the search results.

Fake apps on Apple are a new problem, occurring more commonly in the past few months. However, with Black Friday soon approaching, it is important to remember to check the applications that you are planning to download. Also, if possible, try to use alternative methods to applications that ask for banking or personal information. For example, try to use the company’s website on your laptop or computer; also, remember to check the security on the website itself. Criminals are obviously going to take advantage of whatever situation becomes available to them. Therefore, you should always be careful of what you click or download on your phone or computer.

Article Link: Beware, iPhone Users

U.S. Steel Interview for Interns

Leave a reply

U.S. Steel will be hiring twenty IT/Computer Security/Cyber Security interns for the 2017 Summer session. The positions will be located at the company’s Service Center in the South Side (Pittsburgh). The company will be conducting interviews at their headquarters location from Friday, November 18th, to Friday, December 2nd.

The internship will start in June 2017, will last between twelve and fourteen weeks, and will be paid. Interns will work in one of the following areas:  Enterprise Applications and Global Business Processes, Global Plant Systems, Enterprise Resource Planning, or Cyber Security.

The following qualifications are necessary for the internship:

  • Candidates must be a full-time student pursuing a Bachelor’s Degree or Master’s Degree in Information Technology, Computer Science, Mathematics, Engineering or any IT related field
  • Candidates must have completed their sophomore year by June 2017
  • Be authorized to work in the US without sponsorship

Students should apply to either U.S. Steel’s website or at the following link. There is more information about the internship at the second link.