Blog

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

A rash of misconfigured Amazon Web Services storage servers leaking data to the internet have plagued companies recently. Earlier this week, data belonging to anywhere between six million and 14 million Verizon customers were left on an unprotected server belonging to a partner of the telecommunications firm. Last week, wrestling giant World Wide Entertainment accidentally exposed personal data of three million fans. In both cases, it was reported that data was stored on AWS S3 storage buckets.

Source: Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data | Threatpost | The first stop for security news

Share

SEAKER presentation at CI on August 7 at 6pm in DEL NORTE 1530

seaker

“Storage Evaluator And Knowledge Extraction Reader”

On Monday August 7, at 6pm, in DEL NORTE 1530, the COMP 524 (Cybersecurity) students will present their final project, a technical solution for the SoCal High Technology Task Force in Ventura. This project implements a digital forensic tool with strict performance requirements.

You are cordially invited to attend; the presentation will take about two hours, and there will be snacks (Short link to this post: https://wp.me/p7D4ee-FJ).

Share

Mechatronics Engineering at CSUCI

The Department of Computer Science at CSU Channel Islands is delighted to announce that we will be starting a new program in Mechatronics Engineering in 2018.

We will be taking in the first group of 24 students in the fall of 2018, and growing the program by a new cohort of 24 students every year after that, for a total of just under 100 students thereafter.

In the news:

Alternative (short) links to this page:

What is Mechatronics?

Mechatronics is a fast growing area of Engineering that is interdisciplinary by nature, as it combines aspects of Mechanics, Control Theory, Computer Science, and Electronics, in order to improve and optimize the design and functionality of systems, as well as making them more economical and reliable. Industrial robots and drones are quintessential examples of mechatronics systems: they include aspects of electronics, mechanics, and computing. Modern production equipment consists of mechatronic modules that are integrated according to a suitable control architecture. Popular examples include automotive subsystems, including anti-lock brakes and spin-assist, as well as everyday equipment, such as autofocus cameras, video, hard disks and CD players.

The complexity of mechatronics requires at least a bachelor’s degree to get into the field. Although the U.S. Bureau of Labor Statistics (BLS) does not provide specific salary information for mechatronics engineers, it does show that median annual wages for all specialized engineers not categorized was $92,680 as of May 2013. The middle 50% of these professionals earned between $68,610 and $117,930 yearly.

The need for mechatronics at ci

CSU Channel Islands is the only public university in the County of Ventura. The campus is strategically located on the so called “101 Tech Corridor,” sharing the neighborhood with companies such as Amgen, Haas, Teledyne Technologies, HRL Laboratories, and many others, not to mention Point Mugu and Port Hueneme Naval bases, as well as Lockheed, Rocketdyne, and other companies in the greater Los Angeles area. Therefore there is a great need and demand for engineers in the local industry and community.

The local companies strongly support the establishment of an Engineering program on the CI campus, and a comprehensive report was produced in 2013 with recommendation for an engineering degree that would meet the needs of the community. In this report it was noted that Ventura County hires about 290 engineers each year, not to mention that the local Naval Bases send their officers to complete their Engineering degrees across the nation, which results in high costs for the Navy, and a loss of revenue for Ventura County.

Mechatronics curriculum

Note that this is still a provisional curriculum; we may make small changes to it as we are implementing the program for the start date of fall 2018.

Code Name Units GE Prerequisites in Place
CHEM 105 Introduction to Chemistry 3 No prerequisites
MATH 150 Calculus I 4 3 Calculus Placement Exam. or MATH 105
COMP 150 Object Oriented Programming 4 3 MATH 105 or equiv., COMP 105 or permission
MATH 151 Calculus II 4 MATH 150
MATH 250 Calculus III 3 MATH 151 with at least a C
COMP 151 Data Structures and Program Design 4 COMP 150
COMP 162 Computer Architecture and Assembly Language 3 COMP 150
MATH/PHIL 230 Logic and Mathematical Reasoning 3 3 No prerequisites
MATH 240 Linear Algebra 3 MATH 151
COMP 232 Programming Languages 3 COMP 150, COMP 151, COMP 162
COMP 262 Computer Organization and Architecture 3 COMP 151, COMP 162
EMEC 200 Logic Circuits 4 MATH 150, MATH 230, COMP 162
EMEC 225 Engineering Design 3 EMEC 200
PHYS 200 General Physics I 4 3 MATH 150
PHYS 201 General Physics II 4 PHYS 200, MATH 151
EMEC/PHYS 221 Engineering Materials 3 CHEM 105, PHYS 200
PHYS 301 Classical Mechanics 3 PHYS 200, MATH 350
COMP 350 Introduction to Software Engineering 3 COMP 232, COMP 262
MATH 350 Differential Equations & Dynamical Systems 3 MATH 250
MATH 352 Probability and Statistics 3 MATH 351
EMEC/PHYS 310 Electronics 4 PHYS 201
EMEC 311 Digital Systems Design 3 EMEC 200
EMEC 315 Modeling of Mechatronics Systems 3 MATH 350
EMEC 316 Sensors and Measurements 3 COMP 151, EMEC/PHYS 310
EMEC/COMP 462 Embedded Systems 3 COMP 350 or consent
EMEC/COMP 470 Mobile Robotics 3 COMP 350, MATH 240 or consent
EMEC 463 Feedback Control Systems 3 MATH 240, MATH 350
EMEC 491 Capstone Preparation 1 Senior standing in Mechatronics Major
EMEC 499 Capstone 3 Senior standing in Mechatronics Major
Major 93
GE/AIR 39
Total 132
Optional Electives:
EMEC 401 Fluid Mechanics 3 Senior standing in Mechatronics Major
EMEC/PHYS 305 Thermal and Statistical Physics 3 MATH 350, PHYS 201
COMP/ART/IT 464 Computer Graphic System and Design I 3 COMP 350, MATH 240

 student learning outcomes

We envision the following Program Learning Outcomes; our graduates will:

  1. Be competent engineers and problem solvers.
  2. Possess a high level of erudition in the field of Mechatronics Engineering.
  3. Have knowledge of standard engineering tools, and their application in the field.
  4. Be effective communicators.
  5. Be prepared to undertake engineering jobs in a wide variety of engineering fields.

Based on our experience, and the experience of other programs, we propose the following initial small set of Student Learning Outcomes:

  1. Apply knowledge of Mathematics, Science, and Engineering.
  2. Design experiments to evaluate the performance of a mechatronic system or component with respect to specifications.
  3. Design a mechatronic system, component, or process to meet desired needs.
  4. Define and solve an Engineering problem.
  5. Develop and defend a written statement of professional ethical responsibility related to their field of study.
  6. Ability to communicate effectively.

1 will be covered in the first two years’ science and introductory courses (programming, calculus, chemistry, physics, etc.), and rigorous logical / critical thinking will be taught in many courses, for example MATH/PHIL 230. 2, 3, 4 will be covered in multiple courses, for example Engineering Design will be taught in EMEC 225, while solving engineering problems will be taught in Mobile Robotics (EMEC/COMP 470) or Embedded Systems (EMEC/COMP 462). Communication skills will be taught in General Education courses, such as first-year writing courses.

summary of new courses

EMEC 200 – Logic Circuits: Basics of digital electronic devices and methodologies used in digital circuit design. Design, analysis and trouble shooting of logic gates, counters, registers, memory units, pulse and switching circuits, and control circuits. Comparison of digital TTL integrated circuits with other families of logic devices. Includes student projects.

EMEC/PHYS 221 – Engineering Materials: Examines the interrelationships between processing, structure, properties, and performance of various engineering materials such as metals, polymers, ceramics, composites, and semiconductors. Studies the effects of heat, stress, imperfections, and chemical environments upon material properties and performance. Emphasizes developing an ability to select appropriate materials to meet engineering design criteria.

EMEC 225 – Engineering Design: Introduction to engineering design processes, methods, and decision making using team design projects; design communication methods including graphical, verbal, and written.

EMEC 311 – Digital Systems Design: Introduces students to the design of digital systems using hardware description languages. The student will the use computer-aided design tools to design, simulate, prototype, and verify complex digital systems using programmable logic devices and field-programmable gate arrays.

EMEC 315 – Modeling of Mechatronic Systems: Introduces students to modeling techniques and analysis of mechatronic systems. Topics such as state-space and transfer function representation, linearization, and frequency domain analysis are covered. Simulation software will be utilized to quantify and visualize system performance.

EMEC 316 – Sensors and Measurements: Basic measurements with standard laboratory instruments and common sensor interfaces are introduced. Topics include the calibration, transient responses, and statistical characterization of common sensors used in mechatronic systems.

EMEC 401 – Fluid Mechanics: Principal concepts and methods of fluid mechanics are introduced. Students will learn to apply these concepts and methods to the design of fluid systems.

EMEC 463 – Feedback Control Systems: Analysis and design of feedback control systems. Topics include representing dynamical systems with transfer functions and state variables, stability and dynamic analysis using techniques from both the time and frequency domains, the design of feedback regulators and controllers, and computer aided design and analysis.

EMEC 491 – Capstone Preparation: Research and develop a proposal for a significant Mechatronics project under faculty supervision.

EMEC 499 – Capstone: Design, implement and present a significant Mechatronics project under faculty supervision.

abet accreditation

From the ABET website:

We are a nonprofit, non-governmental accrediting agency for programs in applied science, computing, engineering and engineering technology and we are recognized as an accreditor by the Council for Higher Education Accreditation.

ABET accreditation provides assurance that a college or university program meets the quality standards of the profession for which that program prepares graduates.

A scrutiny of the ABET requirements for Mechatronics shows that many of the courses required for such a degree are already being offered at CI. We have a strong offering in Computer Science, Mathematics, and Physics, and with a modicum of effort we could have a program meeting the requirements for an ABET accreditation. The main investment would be three new faculty members, and appropriate lab equipment. We have already hired a new faculty (starting date fall 2017), Houman Dallali, and we are going to hire further two new faculty. Our goal is to seek ABET accreditation within 4 to 5 years.

LAb space

The new lab space in the Sierra Hall building opened in the fall of 2015. We have 3 general labs, and 3 dedicated labs (Robotics, Embedded Systems, and Networks & Security), as well as a tutoring center. More information about our labs can be found here: http://compsci.csuci.edu/resources/labs.htm. We are also in the process of organizing further space for our Mechatronics needs, but the current labs are well set up for the initial needs.

Share

Larger than proof

David Hilbert, the great German mathematician (he died in 1943), had a stupendous, dazzling vision. He hoped and believed that some day mathematicians would construct one vast formal deductive system with axioms so powerful that every possible theorem in all of mathematics could be proved true or false. Such a system would have to be both consistent and complete. Consistent means it is impossible to prove both a statement and its negation. Complete means that every statement in the system can be proved true or false.

In 1931, to the astonishment of mathematicians, a shy, reclusive Austrian, Kurt Gödel, aged twenty-five, shattered Hilbert’s magnificent dream. Gödel showed that any formal system rich enough to include arithmetic and elementary logic could not be both consistent and complete. If complete, it would contain an infinity of true statements that could not be proved by the system’s axioms. What is worse, even the consistency of such a system cannot be established by reasoning within the system. “God exists,” a mathematician remarked, “because mathematics is consistent, and the devil exists because we can never prove it.”

I recall a cartoon by Robert Monkoff which shows a man in a restaurant examining his bill. He is saying to the puzzled waiter: “The arithmetic seems correct, yet I find myself haunted by the idea that the basic axioms on which arithmetic is based might give rise to contradictions that would then invalidate these computations.”

Fortunately, arithmetic can be shown consistent, but only by going outside it to a larger system. Alas, the larger system can’t be proved consistent without going to a still larger system. Many formal systems less complex than arithmetic, such as simple logic and even arithmetic without multiplication and division, can be proved consistent and complete without going beyond the system. But on levels that include all of arithmetic, the need for meta-systems to prove completeness and consistency never ends. There is no final system, such as Hilbert longed for, that captures all of mathematics. “Truth,” as the authors of this new book encapsule it, “is larger than proof.”

Source: Larger than proof | The New Criterion

Share

Ransomware Attack Sweeps Globe

A major global cyber-attack disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.

The rapidly spreading cyber extortion campaign, which began on Tuesday, underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

Source: Ransomware Attack Sweeps Globe, Researchers See WannaCry Link | Technology News

Share

Global ransomware attack causes chaos – BBC News

Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

Ukrainian firms, including the state power distributor and Kiev’s main airport were among the first to report issues.

Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.

Source: Global ransomware attack causes chaos – BBC News

Share

12 PhD fellowships in Computer Science at the University of Pisa, covering three years: Nov 2017 – Oct 2020

This PhD is a joint collaboration between the University of Pisa and the Universities of Florence and Siena. One of the 12 PhD fellowships is specifically reserved to students which got their master degree outside Italy, all the other fellowships can be accessed by any master student independently of her/his country and degree. Fellowships are increased by 50% for periods of research visits abroad.  Extra funding is available for participation to international conferences, schools, workshops, and short research visits. The language of the PhD program is English.

The deadline for applications is 19 July 2017 (hr 13:00).

For more info on the call please look at the site:

–          English version: http://dottorato.unipi.it/index.php/en/application-process-for-the-academic-year-2017-2018.html

–          Italian version: http://dottorato.unipi.it/index.php/it/concorsi-d-ammissione-a-a-2017-2018.html

Since 1982, when it was established, our PhD in Computer Science aims to train researchers and innovators in Information Science and Technology, so our PhD students are involved since the beginning in the research activities, they are invited to attend monographic courses and international PhD schools, as well as to spend study and research periods in academic and industrial research centers in Italy and abroad. Our PhD offers strong relationships for research projects, internships and job placements with prestigious ICT companies worldwide in the area of Big Data and Web, Smart Communities and Social Networks, FinTech and Industry 4.0, BioInformatics and Smart Health, etc. Special attention will be devoted to internships in startups with an international visibility and, additionally, students will have the opportunity to attend the course “PhD+ : Research Valorization, Innovation and Entrepreneurial mindset”, launched by UniPI since 2011, in which young researchers are thought and trained on those soft skills with seminars on business modeling and planning, IP protection and valorization, communication tools and techniques, fund raising from public and private bodies, start-up creation, and so on.

At the end of the PhD, our students will be able to contribute to the definition of new models and theories for computation and information processing; foundations, algorithms and SW/HW platforms for the organization, storage and analysis of (Big) data; new languages and tools to support emerging programming paradigms, such as the ones required or designed in the area of Artificial Intelligence, Cloud and Fog computing, Internet of Things, Cyber Security, Networking, Programming paradigms and methodologies, etc..

For more information, please contact Prof. Paolo Ferragina at paolo.ferragina@unipi.it

Share

Personal details of nearly 200 million US citizens exposed

From: http://www.bbc.com/news/technology-40331215

Sensitive personal details relating to almost 200 million US citizens have been accidentally exposed by a marketing firm contracted by the Republican National Committee.

The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population.

The data was available on a publicly accessible Amazon cloud server.

Anyone could access the data as long as they had a link to it.

Political biases exposed

The huge cache of data was discovered last week by Chris Vickery, a cyber-risk analyst with security firm UpGuard. The information seems to have been collected from a wide range of sources – from posts on controversial banned threads on the social network Reddit, to committees that raised funds for the Republican Party.

The information was stored in spreadsheets uploaded to a server owned by Deep Root Analytics. It had last been updated in January when President Donald Trump was inaugurated and had been online for an unknown period of time.

“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Deep Root Analytics’ founder Alex Lundry told technology website Gizmodo.

“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”

Apart from personal details, the data also contained citizens’ suspected religious affiliations, ethnicities and political biases, such as where they stood on controversial topics like gun control, the right to abortion and stem cell research.

The file names and directories indicated that the data was meant to be used by influential Republican political organisations. The idea was to try to create a profile on as many voters as possible using all available data, so some of the fields in the spreadsheets were left left empty if an answer could not be found.

“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” Dan O’Sullivan wrote in a blog post on Upguard’s website.

“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”

Privacy concerns

Although it is known that political parties routinely gather data on voters, this is the largest breach of electoral data in the US to date and privacy experts are concerned about the sheer scale of the data gathered.

“This is deeply troubling. This is not just sensitive, it’s intimate information, predictions about people’s behaviour, opinions and beliefs that people have never decided to disclose to anyone,” Privacy International’s policy officer Frederike Kaltheuner told the BBC News website.

However, the issue of data collection and using computer models to predict voter behaviour is not just limited to marketing firms – Privacy International says that the entire online advertising ecosystem operates in the same way.

“It is a threat to the way democracy works. The GOP [Republican Party] relied on publicly-collected, commercially-provided information. Nobody would have realised that the data they entrusted to one organisation would end up in a database used to target them politically.

“You should be in charge of what is happening to your data, who can use it and for what purposes,” Ms Kaltheuner added.

There are fears that leaked data can easily be used for nefarious purposes, from identity fraud to harassment of people under protection orders, or to intimidate people who hold an opposing political view.

“The potential for this type of data being made available publicly and on the dark web is extremely high,” Paul Fletcher, a cyber-security evangelist at security firm Alert Logic told the BBC.

Share