Category Archives: cybersecurity

SANS CyberTalent Immersion Academy for Military Veterans or National Guard/Reserves

Leave a reply

SANS is hosting an upcoming academy sponsored by Solutionary in Pittsburgh. Those that apply for and are accepted into the SANS CyberTalent Immersion Academy receive a world-class education in the booming Cyber Security field, full tuition reimbursement, and most valuable, a guaranteed employment opportunity upon completion. This academy is part of the SANS VetSuccess program, for students who are also military veterans or involved with the National Guard/Reserves.

SANS is the most trusted and by far the largest source for information security training and security certification in the world. The SANS VetSuccess Immersion Academy provides U.S. military veterans with advanced technical training, industry-recognized certifications, and connections to high-paying jobs and rewarding careers in cybersecurity. The Academy is 100% scholarship-based, and includes two to three SANS training courses taught by expert faculty as well as the associated GIAC certifications.

They are currently seeking qualified candidates to apply.  The timing of this program is great for students who are graduating in the spring, and of course the program is also open to alumni and community members.

To learn more about the VetSuccess Academy, or to apply, please visit https://www.sans.org/cybertalent/immersion-academy/programs#pittsburgh

Applications are due by April 29, 2016

Apple vs. FBI: The Debate between Privacy and Security

Leave a reply

What is the fuss about? The reason that the FBI and Apple are in a heated debate is over one iPhone, but it is much more than that.  The argument began after a shooting in San Bernardino, California on December 2, 2015.  Considered as the worst mass shooting in modern US history since 2012, says NBC, the shooting ended with 14 killed and 21 wounded.    The 2 suspects for the shooting were both killed in a gun fight with policemen.  Terrorism is suspected (Ortiz, 2015).  With the FBI’s hands on the iPhone of one of the suspects, the FBI is desperately trying to gain access to the information on it to see if there was another shooter; law enforcement had previously believed that there may have been 3 shooters rather than just 2 (Ortiz, 2015).

In order to collect this information, the FBI needs access to the iPhone.  However, they are are struggling to gain access.  The FBI had contacted Apple and asked that they help them get information off of the device.  When asked, Apple denied helping, claiming that the FBI wants them to create a backdoor to get into all iPhone products.  The issue here is that iPhones are encrypted.

Why is this topic so controversial? This topic is so controversial because it goes so much further beyond just one simple iPhone; this situation magnifies the debate of security versus privacy.  This is something that the US government has been in turmoil over for years, especially when terrorism is involved.

The FBI is more concerned with security over privacy, while Apple is more concerned with privacy over security.  The FBI wants access to an iPhone that they have been locked out of when they reset the iPhone’s password when attempting to get into it.  Unfortunately, Apple says that since the password has been reset, there is no longer a connection to the cloud information because there is a password disconnect (Burchette, 2016). This is why the FBI has asked for a program to hack into the encrypted iPhone.  This is also why Apple is non-compliant .

Apple has exposed this situation because this shows a government that is no longer concerned with privacy, or with the consequences of creating such a program.  The difficulty of the matter is that this all comes back around to the Patriot Act, an amendment to the United States’ Electronic Communication Privacy Act (ECPA).  The Patriot Act has been around to create a loop hole for the Wiretap Act in order for law enforcement to surpass the need for a warrant for wiretapping, if there is suspected terrorism (Craig, 2013).  Given the controversy of this Act, there is clarity as to why this iPhone dilemma has gotten so big.

Can you see both sides?  Of course.  This entire thing has two different ways of looking at one case:

  • FBI’s Point of View:  There is a need to put the security of the United States over the general privacy of the people.  There is a need to look at the risk of not knowing crucial information on terrorism.  If you do not know what is going on, there is no way that another attack can be prevented.
  • Apple’s Point of View:  There is a need to put privacy before everything else.  If a program is made to get into the encrypted iPhone, it can be used by anyone who has it, and that is why there is so much resistance to make it.  This would not be one case, this would be the start of a further loss of privacy.

What is happening as of right now?  People have begun picking sides, and sticking to them.  Apple has written up its legal response detailing their refusal to the FBI’s request(s) (Heisler, 2016).  The FBI has continued to defend itself, claiming that it is not asking for a backdoor into all iPhones, but means to get into this one in particular.

All in all… This is a highly controversial topic and it is going to be one of many cases that will further influence the Crypto Wars, the battle between privacy-minded technologists and the U.S. government (McLaughlin & Froomkin, 2016).

__

Sources:

Burchette, J. (2016, February 21). FBI Admits It Reset San Bernardino Shooter’s iPhone Password. Retrieved from The Wrap: http://www.thewrap.com/fbi-admits-it-reset-san-bernardino-shooters-iphone-password/

Craig. (2013). Cyber Law: The Law of the Internet and Information Technology First Edition (pp. 92-131). Pearson.

Heisler, Y. (2016, February 25). Here’s Apple’s long-awaited legal response to the FBI. Retrieved from BGR: http://bgr.com/2016/02/25/apple-vs-fbi-legal-filing/

McLaughlin, J., & Froomkin, D. (2016, February 26). FBI vs Apple Establishes a New Phase of the Crypto Wars. Retrieved from The Intercept: https://theintercept.com/2016/02/26/fbi-vs-apple-post-crypto-wars/

Ortiz, E. (2015, December 3). San Bernardino Shooting: Timeline of How the Rampage Unfolded. Retrieved from NBC News: http://www.nbcnews.com/storyline/san-bernardino-shooting/san-bernardino-shooting-timeline-how-rampage-unfolded-n473501

 

 

 

 

 

Carnegie Mellon University’s Summer Security Intensive

Leave a reply

CMU’s Summer Security Intensive is an opportunity provided for current juniors, who are pursuing work in the Cyber Forensics and CIS fields of work. The SSI is a paid summer fellowship, provided by CMU.  The total that can be earned from participating in this fellowship is around $2500.  Heinz college provides financial aid for all of those accepted into the program which can cover all participation costs, transportation, housing, meals, tuition, books, other supplies, social functions, and also a 1,000 stipend.

Participants will go to classes and get to meet and gain experience with some of the most skilled professionals in the cyber security field.  The three classes that SSI participants will take will focus on security topics, that are issues that many students and professionals alike face.

THE DEADLINE TO APPLY FOR THIS OPPURTUNITY IS MARCH 1ST.

To apply for this fellowship, follow the link here.

Again the opportunity to apply for this fellowship is quickly approaching, and those interested should apply immediately.

Wombat Security – Wednesday, February 24th

Leave a reply

The Top Secret Colonials are sponsoring a presentation by Wombat Security on Wednesday, February 24th from 4:30 – 5:30 pm.

Wombat Security is a cyber security company whose goal is to deliver software-based cyber awareness and training to help employees understand the risks associated with improper cyber practices and subsequently correct their behavior to strength an organization’s overall security environment. Wombat utilizes a Continuous Training Methodology to serve its customers, assessing the vulnerability of employees through a variety of custom knowledge assessments before seeking to educate on those flaws to maximize learning through a broad set of interactive training modules. Those customers who have implemented this approach have experienced up to a 90% reduction in successful phishing attacks and malware infections on their company.

This presentation will focus on the products Wombat delivers to its customers. During the presentation, Sean Ehrman and Jake Pancari will simulate a mock-phishing attack and demonstrate the training modules customers would go through should they fall for said-attack. They will also discuss the dangers of social engineering while reviewing a real case study before ending in a Q&A segment.

Students will earn 1 SET credit for attending.

Here is their website: https://www.wombatsecurity.com/

Pittsburgh Technology Council – Wednesday, February 17th

Leave a reply

The Top Secret Colonials will be sponsoring a presentation by the Pittsburgh Technology Council on Wednesday, February 17, 2016 from 4:00 – 5:45pm.

Here is the schedule of events:

4:00 – 4:15 PM –  SET Registration and free pizza

4:20 – 5:00 PM –  PTC Presentation

5:00 – 5:30 PM –  Q & A session

Top Secret Colonials Participate in CMU Data Privacy Day

Leave a reply

Snapchat-2544628316288256971A group of Cyber Forensics and Information Security students, including members of the Top Secret Colonials group, along with Dr. Karen Paullet, attended Data Privacy Day at CMU on Thursday, January 28, 2016.

The students attended a Privacy Clinic called “Learn how to Protect your Privacy” and listened to the keynote speaker, Ed Felten, Deputy U.S. Chief Technology Officer.  His talk was entitled “Making Privacy Work for Everyone.”

CMU states that “Data Privacy Day is an international effort to empower and educate people to protect their privacy and control their digital footprint. For more information, please visit StaySafeOnline.org.”0128161426_HDR

0128161325 0128161426

 

 

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

Leave a reply

The U.S. Department of Homeland Security (DHS) has launched the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

In the 2016 Cyber Student Volunteer Initiative program cycle, over 80 student volunteer assignments are available at over 40 local DHS field offices across the country and eight participating DHS Components, to include Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), National Protection and Programs Directorate (NPPD), Office of the Chief Information Officer (OCIO), Office of Intelligence and Analysis (I&A), Office of Policy/Cyber, Infrastructure and Resilience Policy, Transportation Security Administration (TSA), and United States Coast Guard (USCG).

The Cyber Student Volunteer Initiative application period is open until January 29, 2016 through the USAJOBS portal (https://www.usajobs.gov/GetJob/ViewDetails/425296700).

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov

Data Privacy Day – January 28th

Leave a reply

The Top Secret Colonials are promoting a data privacy awareness day on January 28th. Data Privacy Day is meant to help raise the public’s awareness around data security and educate all internet users to be safer online. This day also aims to encourage greater accountability among consumers to better perceive how their information is being shared.

On January 28, the National Cyber Security Alliance (NCSA) will host events in Washington, DC and Los Angeles where privacy professionals will explain solutions to current challenges as well as best practices, such as how to recognize cyber intrusions and establishing an incident response plan. NCSA will also hold Twitter chats centered around data privacy in the days leading up to Data Privacy Day.

Data Privacy Tips (from StaySafeOnline.org):

  • Share with Care
    • What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
    • Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s ok to limit how and with whom you share information.
    • Be aware of what’s being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.
    • Post only about others as you have them post about you: The golden rule applies online as well.
    • Own your online presence: It’s OK to limit who can see your information and what you share. Learn about and use privacy and security settings on your favorite online games, apps and platforms.
  • Personal Information Is Like Money: Value It. Protect It.
    • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
    • Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access.
    • Know what’s being collected, who is collecting it and how it will be used: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. Only use a product or service if the company is open and clearly states how it will use your personal information. If you’re not sure what a business will do with your information, ask your parents. Think twice if an app wants permission to use personal information (like your location) it doesn’t need before you say “OK.”
    • Secure your devices: Use strong passwords or passcodes or touch ID features to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
    • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure – this means the possibility exists that anyone can see what you are doing on your laptop or smartphone while you are connected to it. Think about what you are doing and if you would want another person to see it. If you use public WiFi a lot, think about using a virtual private network (VPN) that provides a more secure WiFi connection.
    • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Turn off WiFi and Bluetooth when not in use, and limit your use of free public wireless networks, which stores and locations can use to track what you do online.
    • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way bad guys get access to your personal information. If it looks weird, even if you know the source, it’s best to delete.

Sources:

-http://associationsnow.com/2016/01/data-privacy-day-to-raise-publics-awareness-of-its-role-in-data-security/

-https://www.staysafeonline.org/data-privacy-day/privacy-tips/

The Black T-Shirt Cyber Forensics Challenge

Leave a reply

The staff in Stevenson University’s Cyber Forensics program is working with the programs at approximately 50 other colleges and universities in launching The Black T-Shirt Cyber Forensics Challenge, which is a joint academic and industry contest designed to promote interest in digital forensics, foster relationships among academic institutions, develop relationships between academia and the corporate sector, and provide a valuable hands-on exercise for learning and training.

We are looking for teams of students between 1-3 members to enter the challenge. There is no cost and this would be a great way to raise awareness of your skills and the Top Secret Colonials. We are permitted to have multiple teams but the teams are NOT permitted to work together. The annual challenge, which has already been built for this year, will run from January 1, 2016 to April 1, 2016. Challengers can register at any time in that window; once registered, links will be provided to download the data. Submissions will be due on April 1. The results will be scored in the month of April 2016.

Tools will not be provided but you can use FTK, the Password Recovery Toolkit, Splunk, DEFT, Autopsy, etc. to analyze the images. Teams are permitted to use whatever tools and methods they choose but they must be available and able to be recreated by the judges. Each member will receive a Black Cyber Forensics Challenge t-shirt.

This year’s contest involves confirming allegations of an exfiltration of company information by analyzing two computer images and network traffic. Point structure hasn’t been released yet. In addition to the main challenge, “Mini” Challenges” will be run throughout the year. These are similar to the annual challenge but smaller. The fall challenge for next year involves an executive returning from a business trip to find that there were very strange charges on her phone bill that she did not make.

More details can be found online at http://cyberforensicschallenge.com. Please email Dr. Paullet (paullet@rmu.edu) immediately so we can start forming teams.

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

Leave a reply

The U.S. Department of Homeland Security (DHS) is preparing to launch the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

DHS will announce the start of the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative program cycle within the upcoming weeks on http://www.USAJOBS.com. Here is a flyer with more details: DHS Flyer.

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov.