Archive

Posts Tagged ‘cybersecurity’

DoD Cyber Scholarships for 2020-2021

December 5th, 2019 Comments off

The U.S. Department of Defense is offering Cyber Scholarships to U.S. citizens who will be Juniors, Seniors, or graduate students in the fall of 2019. Because we are a National Center of Academic Excellence in Cyber Defense Education, you may be eligible to apply.  This is a one-year scholarship covering full books, tuition, and a $25,000 stipend for undergraduates or a $30,000 stipend for graduate students. The scholarships are renewable but require a new application each year. After graduation, scholarship recipients will work one year of federal service in a cyber security or digital forensics role for each year of scholarship support, or four years of military service. Applicants must be eligible for a security clearance. Applicants are not limited to students in the Department of Information Technology and Management but may also be students in Computer Science, Computer Engineering, Electrical Engineering, and Business, but because of the nature of the application, knowledge of and a clear understanding of cyber security is a necessity. Please read the scholarship details document carefully and completely before filling out the application. An official transcript must accompany your application and should be attached, unopened, to the application. A complete printed and signed physical application must be delivered to the ITM Department office, Perlstein Hall suite 223 no later than 8:30am Monday February 17th so we can evaluate and include your scholarship in our funding request, which is due February 28th. When you submit your physical application, you will be given instructions for uploading a digital copy of your application in PDF format. Multiple files may be submitted as a .zip file but all files must be PDF files.

The application and full details of the scholarship are included below.

If you have read all of the materials and you still have questions, please contact Professor Ray Trygstad at trygstad@iit.edu. Please include “DOD Cyber Scholarship” as the first thing in the subject line of your email.

Hotel business centers can steal your life

December 2nd, 2018 Comments off

Many of us travel regularly for business or pleasure, and even though most of us probably haul along our own computer or tablet, occasionally we have to print something. Gee, right there off the hotel lobby is the business center, which today is often equipped with a nice color laser printer. How convenient! And how dangerous.

How do we get the document from our device to the printer? Most if us would probably think, oh, that’s easy. I’ll just pop it into Google Drive, or One Drive, or Apple Cloud. Then I’ll log in with the browser on the office center machine, print my stuff, and I’m done! I just did this at the hotel I’m staying at in Florida. Logged into the system, running Windows 10, and brought up Google Chrome. I looked at the photo icon on the upper right corner of the browser, and I see a picture of one of my colleagues…he never logged off from using it the day before! It turns out that closing Chrome does not log you out, even though logic says it should. I logged him off, logged in to Google, did my printing from content on Google Drive, and logged off.

Because neither Google nor Microsoft requires two-factor authentication, leaving an account logged in will allow the next system user to change your password. Once that’s done, everything in that account is theirs and not yours. Wow. Scary. Rebooting might fix it, but in normal operation, these systems hardly ever get rebooted.

Once logged off, I clicked the login icon on the upper right corner of the default Google Search screen. This took me to a list of the users that had previously logged into Google using this browser listing their name, their email address, and even their photo if their account had one linked to it. And there I was, as well as my colleague. At the bottom of the screen was a “remove login” selection. Clicking it placed an X next to each user on the list, and clicking the X removed that user from the list. Does it remove it from the system as well, or just from this list? I don’t know, and haven’t yet had time to research it.

I then moved to the machine next to this which I had used the day before. I looked at the list of Google users in Chrome, and there I was! I removed my entry and the other 10 on the screen—one at a time, of course—then I closed Chrome and logged out of the system.

I know it seems like a bit much expecting hotels to control this serious vulnerability on their office center system, but frankly most users will never even be aware of the danger, and if the hotels don’t take positive steps to control this it will never happen. I did some quick research to try to find a Chrome plugin to automatically log users out when the browser is closed, and to prevent the user list from being retained, but if there is such a beast, I didn’t find it. Clearly this is a need, and to be perfectly honest, one that the hotels and anyone else providing public access to Google logins on Chrome should expect to pay for. Free business plan: write it. Then write about it. Frankly, people are crazy not to protect their users like this.

—Ray Trygstad