Daniel Vournazos is a Software Engineer for the Android platform at Google; he graduated from CI with a bachelors in CS and Mathematics. He originally got started with Android development through a directed study and capstone under CI Computer Science professor AJ Bieszczad. From there he worked at a local company doing some light Android work until he got a job in Glendale at Mobileforming. There he worked with amazing peers that created an environment for substantial growth, on a variety of Android apps, which helped him with getting hired at Google.
The Government Accountability Office (GAO) found “mission-critical” cyber-vulnerabilities in nearly all weapons systems tested between 2012 and 2017.That includes the newest F-35 jet as well as missile systems.
Pentagon officials had no immediate response to the 50-page report from the Senate Armed Services Committee.
The committee’s members expressed concerns about how protected weapon systems were against cyber-attacks.
Anyone working in the field of Digital Forensics is aware that a substantial portion of time is dedicated to reverse engineering passwords. That is, in most cases a digital forensics investigator receives a password-protected handheld device, or a laptop with an encrypted hard disk, or a Microsoft Word document which has been password protected.
It is then the task of the investigator to try to retrieve the evidence, and that in turns requires reverse engineering the password; in some cases this can be achieved by recovering the hash of the password, which is stored somewhere (the locations are often known) on the device’s memory.
In order to obtain the password from the hash, we have to run a brute-force search algorithm that guesses passwords (the guesses can be more or less educated, depending on what is known about the case). Sometimes we get lucky. There are two programs that are used extensively for this purpose: John the Ripper and hashcat.
As we have been studying methods for recovering passwords from hashes, we have been using AWS EC2 instances in order to run experiments and help HTTF with their efforts. Together with senior capstone students as well as graduate students in Cybersecurity, we have been creating a set of guidelines and best practices to help in the recovery of passwords from hashes. AWS EC2 instances are ideal as they can be crafted to the needs and resources of a particular case. For example we are currently running a
t2.2xlarge instance on a case where we have to recover the password of a Microsoft Word document; we have also used a
p2.16xlarge with GPU-based parallel compute capabilities, but it costs $14/hour of usage, and so we deploy it in a very surgical manner.
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
— Read on www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Zane Gittins is a Systems Security Engineer at Haas Automation and recently graduated from CSUCI with a bachelors in Computer Science. Zane started his journey at Haas as an intern through CSUCI partnerships with local business and was recently hired full time. During his undergraduate career he worked under Dr. Pilarcyzk as an assistant in research focused on Persistent Homology. During his capstone project he worked closely with Dr. Soltys to provide a security best practices document to Haas. He continues to expand his education in the CI masters of Computer Science program (MSCS).