Archive

Posts Tagged ‘security’

Hotel business centers can steal your life

December 2nd, 2018 Comments off

Many of us travel regularly for business or pleasure, and even though most of us probably haul along our own computer or tablet, occasionally we have to print something. Gee, right there off the hotel lobby is the business center, which today is often equipped with a nice color laser printer. How convenient! And how dangerous.

How do we get the document from our device to the printer? Most if us would probably think, oh, that’s easy. I’ll just pop it into Google Drive, or One Drive, or Apple Cloud. Then I’ll log in with the browser on the office center machine, print my stuff, and I’m done! I just did this at the hotel I’m staying at in Florida. Logged into the system, running Windows 10, and brought up Google Chrome. I looked at the photo icon on the upper right corner of the browser, and I see a picture of one of my colleagues…he never logged off from using it the day before! It turns out that closing Chrome does not log you out, even though logic says it should. I logged him off, logged in to Google, did my printing from content on Google Drive, and logged off.

Because neither Google nor Microsoft requires two-factor authentication, leaving an account logged in will allow the next system user to change your password. Once that’s done, everything in that account is theirs and not yours. Wow. Scary. Rebooting might fix it, but in normal operation, these systems hardly ever get rebooted.

Once logged off, I clicked the login icon on the upper right corner of the default Google Search screen. This took me to a list of the users that had previously logged into Google using this browser listing their name, their email address, and even their photo if their account had one linked to it. And there I was, as well as my colleague. At the bottom of the screen was a “remove login” selection. Clicking it placed an X next to each user on the list, and clicking the X removed that user from the list. Does it remove it from the system as well, or just from this list? I don’t know, and haven’t yet had time to research it.

I then moved to the machine next to this which I had used the day before. I looked at the list of Google users in Chrome, and there I was! I removed my entry and the other 10 on the screen—one at a time, of course—then I closed Chrome and logged out of the system.

I know it seems like a bit much expecting hotels to control this serious vulnerability on their office center system, but frankly most users will never even be aware of the danger, and if the hotels don’t take positive steps to control this it will never happen. I did some quick research to try to find a Chrome plugin to automatically log users out when the browser is closed, and to prevent the user list from being retained, but if there is such a beast, I didn’t find it. Clearly this is a need, and to be perfectly honest, one that the hotels and anyone else providing public access to Google logins on Chrome should expect to pay for. Free business plan: write it. Then write about it. Frankly, people are crazy not to protect their users like this.

—Ray Trygstad

Conference Week for ITM

October 4th, 2017 Comments off

The ITM Department Office will be closed on and off this week, because nearly everyone who works there will be away at conferences.

Amber Chatellier and Angela Jarka are representing the 2018 Women in Cyber Security (WiCyS) Conference at the Grace Hopper Celebration in Orlando, FL, sponsored by the Anita Borg Institute. Named for computing pioneer and U.S. Navy Admiral Grace Hopper, the celebration is the world’s largest gathering of women technologists, with over 18,000 in attendance this year. As the hosting Logistics Committee for WiCyS, Amber and Angela will be seeing sponsors and potential attendees for the WiCyS Conference to be held at the Hilton Chicago March 23rd and 24th, 2018.

ITM Associate Chair Industry Professor Ray Trygstad, Industry Associate Professor Jeremy Hajek, and Senior Lecturer Dr. Yong Zheng will represent Illinois Tech at the 2017 ACM Special Interest Group in Information Technology Education (SIGITE)/Research in Information Technology (RIIT) Conference in Rochester, NY. Ray is a member of the ACM SIGITE Executive Committee and will represent the School of Applied Technology as a Gold Sponsor of the conference. Jeremy and Yong will present papers co-authored with ITM students at the RIIT Conference.

Categories: Academic Tags: , ,

ITM Department and C2SAFE to host Women in Cyber Security 2018

October 4th, 2017 Comments off

The Department of Information Technology and Management and the Center for Cyber Security and Forensics Education are pleased to announce that we will host the Fifth Annual Women in Cyber Security (WiCyS) Conference. This National Science Foundation funded event will be held March 23 through March 24, 2018 at the Hilton Chicago. It is the mission of WiCyS to bring together women in cybersecurity from academia, research and industry from across the United States. The event is exclusively designed as the forum for speakers and guests to exchange knowledge, experience, networking, and mentoring to raise interest in the field of cybersecurity. We will be seeking volunteers to assist with the conference and to meet arriving delegates at the airports later this fall.

ITM Associate Chair Ray Trygstad will serve as conference co-chair, while Amber Chatellier and Angela Jarka of the ITM Department comprise the conference logistics staff.

New New York regulations will drive cybersecurity advances

September 27th, 2017 Comments off

New regulations on cybersecurity have been published by the New York State Department of Financial Services. 23 NYCRR Part 500 will have a major impact on American business as it has serious requirements and mandates for all financial services companies doing business in New York state–which of course are almost all of them. A good article on the topic is is at https://digitalguardian.com/blog/what-nydfs-cybersecurity-regulation-new-cybersecurity-compliance-requirement-financial. Significant requirements include:

  • Policy & Program: Covered entities must instate and maintain a documented cybersecurity policy, and adopt a robust cybersecurity program, by August 28, 2017.
  • CISO: Designate a qualified Chief Information Security Officer (CISO) to oversee and implement the cybersecurity program and enforce policy.
    • The CISO must submit a written report annually to the Board of Directors and an annual compliance certification to the Department of Financial Services.
  • Data encryption: Organizations must enact controls, including encryption of sensitive data, depending on the outcome of a risk assessment.
  • Continuous monitoring: Covered entities must continuously monitor cybersecurity functionality OR conduct annual penetration testing and bi-annual assessments.
  • Enhanced multi-factor authentication: Covered institutions must employ multi-factor authentication for all inbound connections to the entity’s network.
  • Incident reporting: Covered entities must document and report all cybersecurity events.

How much do you know about cybersecurity?

August 31st, 2017 Comments off

PEW quiz header
Take the Cybersecurity Knowledge Quiz from Pew Research! Then see how you did in comparison with a nationally representative group of 1,055 randomly selected adult internet users surveyed online between June 17 and June 27, 2016.
https://www.pewinternet.org/quiz/cybersecurity-knowledge/

Categories: Security Tags: ,

Cybersecurity Scholarships from (ISC)²’s Center for Cyber Safety and Education

January 3rd, 2017 Comments off

Graduate, undergraduate, and women’s scholarships are offered by the Center for Cyber Safety and Education of the International Information System Security Certification Consortium (ISC)². They will begin accepting applications on February 28, 2017 for graduate and undergraduate scholarships of up to $5,000, and are currently accepting applications for women’s scholarships of $8,000 or more. One undergraduate student may also be selected for the Harold F. Tipton Memorial Scholarship; the most recent award recipient for this scholarship is Kyle Dean Murbach from Wheaton, IL. Please see the (ISC)² scholarship page at https://www.isc2cares.org/Scholarships/ for full details.

ACM RIIT 2016 Best Paper Award earned for ITM research by Anthony Ramirez and Alfredo Fernandez

September 29th, 2016 Comments off

Anthony and RayITM is happy to be in Boston! In the photo at right, Master of Cyber Forensics and Security alumnus Anthony Ramirez receives the Best Paper Award for the 2016 ACM Research in Information Technology (RIIT) conference in Boston. Anthony and Alfedo Fernandez earned this award for their paper MP3 Stegonography: Analyzing and Detecting TCSteg. This is the third time in five years that Illinois Tech Information Technology and Management researchers have received this award. The School of Applied Technology and the ITM Department are Silver Sponsors for the RIIT conference and the concurrent ACM Special Interest Group in Information Technology Education (SIGITE) conference. ITM Associate Chair Ray Trygstad serves on the SIGITE Executive Committee.

ITM’s Jeremy Hajek quoted in Security Sales & Integration magazine

February 25th, 2015 Comments off

Jeremy Hajek’s, Industry Associate Professor of Information Technology and Management, comments appear in the article “Home Security Systems, Peripherals Said to Be Vulnerable to Hacking” in Security Sales & Integration magazine.

Learn more

Categories: Research, Security Tags: , ,

ITM Professor Louis McHugh Interviewed for Channel 2 News

January 15th, 2015 Comments off

CBS Chicago Channel 2 News (WBBM) interviewed ITM Professor Louis McHugh for a story “ATM App Is Convenient, But Is It Secure?” about the security of ATM applications for mobile devices.

See the video

WGN Television Interviews ITM’s Ray Trygstad

December 19th, 2014 Comments off

Ray Trygstad, ITM Associate Chair, Director of IT and Industry Professor, appeared on WGN News on Thursday, December 18. Professor Trygstad was interviewed for a story on the Sony Pictures cyber attack and the precedent they set by pulling the movie “The Interview.”

See the video (Professor Trygstad appears at the 1:41 mark)