D-D-D Defense! (or rather, C-C-D-C Defense!)

The Pace Cybersecurity Team based on the Pleasantville campus started the spring semester by competing in the virtual qualifier for the regional Collegiate Cyber Defense Competition (CCDC).

IMG_1351 IMG_1371NECCDC 2015 Nick

Out of the twenty problems our cyber warriors had to address over the eight-hour competition, challenges included things like defending a small business network against a big bad Red team, the configuration of a Palo Alto firewall, implementation of SSH on Linux servers, and an internal vulnerability audit with OpenVAS, to name a few.

NECCDC Team 2015
(L to R): Mayrimar Vega-Vasquez (BS/IT), Joseph Glasser (BS/IT), Kaila Letteri (BS/IT) co-captain, Joseph Jacob (BS/IT), Brian Bounos (BS/CS), Joel Thomas (BS/CS), Nick Terrasi (BS/IT) co-captain, and Patrick Prescott (BS/IS).

Kaila Marie Letteri, a senior Information Technology major reflects on her experience.

“I found out about the Pace Cybersecurity Team in my junior year. I was very interested in getting involved in activities that would prepare me for a career in IT Security since my long-term goal is to work for the FBI or the CIA. I felt this cyber defense competition would be the perfect opportunity to expand my IT Security skills. However, after a few meetings I was intimidated because I did not know a lot, and I felt that the students on the team knew so much more than me. Now, in my senior year, I decided to give the competition one more try. After attending the first few meetings, the team held elections for captain positions. I told myself that this time I would not give up no matter what, and that it was meant to be a learning experience. It soon turned out to be one of the best learning experiences I have had at Pace.

I decided to run for team captain, and I was surprised to find out that I had been chosen to lead the team! We quickly started getting into gear by hosting meetings every Monday and Friday throughout the entire fall semester. We spent 60+ hours preparing the virtual environment for practice, running through different competition scenarios, and getting up to speed. The security-related courses most of us have taken provided a good base for the competition.

The team was a lot of fun this year! We had great chemistry and worked very well together. We were from different majors within Seidenberg, from different years, and with different levels of experience, but we made it work perfectly! I had so much fun spending time with the team and making new friends. We created a lot of great memories and inside jokes that I will remember for many years to come. However, it was not all fun and games because we all worked very hard learning new things and improving our skills. So when we had to get serious and go to work, we did.

I gained quite a bit of technical knowledge by joining this team and I would recommend the competition to any student interested in security. It is a learning process for many so do not get intimidated the way I did at first. You will learn what you need to know along the way. You will also learn how to work as a team and that is a skill an IT professional needs to master!”

The team was supported by the IT Department in Westchester, and was coached by adjunct professors Andreea Cotoranu and John Watkins. Those interested in joining the team next year should get in touch with professor Cotoranu at acotoranu@pace.edu.

What Makes the New ‘Ms. Marvel’ so Marvelous?

Quick, name your top 5 favorite Muslim superheroes. If you came up with three, I’d be impressed. If you came up with even one who wasn’t shoe-horned into a story in the name of “diversity” you may have thought of Marvel’s latest Ms. Marvel.Seidenberg_MsMarvel4

For over 75 years, comics have been a safe haven for children and adults alike, and comics are back in the limelight. Marvel Studios is making hit after hit, and America can’t get enough of comics. But one thing doesn’t sit right with about half the viewers/readers/consumers. You’ve got Iron MAN, BatMAN, SuperMAN, and a slew of other manly-men thrashing around in tights. They also happen to be white (except Superman, who one can argue is a literal illegal alien). It took Black Widow in “The Avengers” to show many people unfamiliar with the comics that it was indeed possible to have some kick-butt women heroes. And comics have started delivering said women role models.Seidenberg_MsMarvel2

Enter Kamala Khan, a dorky but lovable teenage Muslim girl from Jersey City. Sounds like the lead character to a teen RomCom. But she’s so much more. She’s a second generation Muslim struggling to find a balance between her parent’s traditions and America’s youth culture. She goes to her local mosque. She writes fan fiction on the internet. She’s a normal teenage girl. And isn’t that just how Peter Parker started? (With the exception of his second X-chromosome being a Y-chromosome.) Soon enough that normal teenage girl finds out she’s a class of mutated human (not to be confused with Marvel’s ‘mutants’) called Inhumans. She’s got alien DNA that triggers a transformation when it reacts to a special crystal, or in her case, mist. With the help of some classic Marvel characters (which are totally not just there to sell comics of a new/unknown hero ((yes they are))), Kamala starts to get a hold of her new powers, and even dons the now vacant position of her favorite super hero: Ms. Marvel!

Seidenberg_MsMarvel0One of the most important things about the new Ms. Marvel series is that it is a major triumph for representation. Also important is that Kamala’s character faces some struggles regarding being a Muslim, but it doesn’t define her. She’s not a one dimensional character whose defining trait is being Muslim. The author of the series, G. Willow Wilson (@GWillowWilson) is a Muslim woman who writes from her own personal experience and from the experiences of those she grew up with. One can argue the story of Kamala Khan is that much more interesting, that much more personal, because it’s not a coming-of-age story about a teenage Muslim girl written by a middle age white guy.

This is an all new, all powerful Muslim teenager / superhero / fanfic writer who is breaking her way into the hearts and minds of comic readers. She’s a super heroine with character growth and family issues on par with those of Peter Parker back in the 1960s. She’s a hero for a new age, a new demographic, and a more inclusive comic market. Kamala Khan is the new Ms. Marvel.

 If you’re interested in getting into the Ms. Marvel series, stop by The Seidenberg School at 163 William Street and take a look at the first 5 issues in “Ms. Marvel Vol. 1: No Normal”.

Written by –

Brent_McDonald_SeidenbergBrent McDonald is a Pace University Alumnus, and a revered Yarn-Weaver of the Seidenberg School. He enjoys computer science, and his creativity (read: incessant prattling) allows him to keep people entertained.

 

JTAG’d by the Law: Phones and Forensics

No phone’s secret is safe from the forensic skills of Seidenberg’s James Ossipov and Dr. Darren Hayes. At first glance, it appears that James is ironing a piece of paper, but what is under the paper is what is helping law enforcement retrieve photos, texts, and various information from most phones—even if it’s deleted.

Dr. Darren Hayes, professor at Seidenberg, and James Ossipov have been working together with a method of evidence extraction called JTAG, which in time could revolutionize the way law enforcement agencies use computer forensics.

James Ossipov

Hayes mentions that, “James is actually working on a project where we are trying to automate something called JTAG. JTAG is accessing user data on a phone when you can’t use traditional methods for extracting evidence from a phone. So, we extract evidence directly from the printed circuit board using JTAG. Sometimes a phone may have encryption, so you need JTAG for that. Sometimes the phone is damaged, for instance, someone may have dropped it in water, and therefore JTAG is your only method to get the phone’s data. JTAG is the only option for examining Windows smartphones.”

JTAG sounds like an amazing innovation to restore information from a phone, even if it is damaged. However, this method is not for everyday use yet — it is primarily used in investigations to retrieve evidence.

CircuitBoard
A circuit board after solution, before it is cleaned with acetone.

“This method is generally only used by law enforcement. Many law enforcement agencies don’t have the capabilities to perform JTAG, so they have to bring in outside experts. What we are trying to do is make it easier for law enforcement by automating the process so more law enforcement agencies can actually use this method of extracting evidence.”

Unfortunately for law enforcement, this method of extracting data cannot be used on an iPhone.

“iPhones are very tricky. They have very good security and are well locked down,” says Hayes. “You can’t perform chip off, meaning you cannot take a memory chip from an iPhone and put it into another phone because all of the firmware, the system software, is mapped to the memory chip. So, if you try to move it to another phone, you won’t be able to access it. But LG phones and Samsung’s are the easiest phones for this process.”

Using the board to look at a phone's NAND
Using the board to look at a phone’s NAND

Computer forensics is advancing every day and Seidenberg is proud to be at the forefront of it all. If you are interested in learning about computer forensic, Dr. Darren Hayes is currently teaching a Cyber Law Class (CIT 363). If you’re not registered for that class, don’t worry—in the fall he is offering a Mobile Forensics course where he will teach how to extract evidence from mobile devices and obtain evidence from third-parties such as Facebook.

Also worth mentioning is that James also worked on JTAG last semester with two other veterans (David Cano – Navy & Gordon Wildrick III – Marines), and he himself is a veteran of the Army. We’re proud to support our forces and we’re more proud of the work they’ve accomplished with Seidenberg.

Pace Joins Forces with Jr 100

For the first time ever, Pace University has joined forces with One Hundred Black Men of New York for the Jr. 100/Pathways to Success program. The Jr. 100 program is a world-class leadership and educational enrichment program that helps prepare High School students (such as the four students pictured below) to become intellectually sophisticated citizens with a vigor for personal growth and learning. This partnership will feature a rigorous and enriching curriculum that will not only challenge scholars academically but also help shape their perspectives on society.

Jr.100 ParticipantsKaliv Parker from One Hundred Black Men’s Board of Directors mentioned that the organization is enthusiastic about their partnership with Pace University. He states that,

“This level of engagement will allow us an opportunity to up-level our offerings during this year’s program while catalyzing new opportunities for our scholars. We are very confident that our scholars will be immensely prepared not only for college academia but for all of their next stages of life.” 

This new relationship between Pace and One Hundred Black Men has been spearheaded by Pace Government & Community Relations‘ assistant VP Vanessa Herman, and Seidenberg’s Associate Dean Dr. Jonathan Hill. Alongside Herman and Dr. Hill, Olga Bogomolova and Caitlin Grand have been in charge of Pace’s content for the upcoming events with Jr 100. These two women are also acting as mentors within the program, and helping them are student mentors Sabiya Bacchus (CS ’15) and Siobhan Wilmot-Dunbar (CS ’16).

Sessions will be held on Saturdays, February to June, at both Pace University and TD Bank, and will include multiple interactions between Pace’s affiliated universities (Aalto U and Duoc U, for example) as well as companies and associations that are proud to join with 100 Black Men of New York. The primary objective of the program is to enhance life, leadership and team-building skills, while expanding awareness in college academia, entrepreneurship, and corporate careers.

Additional sponsors for the events and partnership include Macy’s, Bloomingdales, CIA, and Estee Lauder. To keep up with the progress of Jr. 100, check out the follow social media handles for updates!

twitter information jr 100

 

The Answers to the Burning Question: What is a Shmoo?

Seidenberg student Anthony C. Martini (MS/CS ’16), recipient of the NSF CyberCorps®: Scholarship for Service, reflects on his recent experience at ShmooCon. He writes:

“Readers,

First and foremost, thank you to the ‘Shmoozers’ who sponsored my trip thought the Shmooze-a-Student Scholarship awarded to 25 attendees each year to help subsidize the trip expense for students. I have received the scholarship for 2 years in a row and found the experience invaluable and encourage all students to apply.

ShmooCon is different; “ShmooCon is an annual East Coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues” (Shmoocon.com). The philosophy is to keep the conference at around 1400 attendees, and thus manageable by Mr. Bruce Potter, Mrs. Heidi Potter, and the ‘ShmooGroup’ team.

Big1
(Left to right: Anthony Martini, Bruce Potter, Heidi Potter, Nolan Hsu a student)

ShmooCon itself is a very affordable conference, which allows many young students and professionals to attend. However, spots at this conference are highly coveted and often sell out within 20 seconds after spots become available online (we like to call this “Happy F5 Day!” in reference to the online browser refresh key). I feel that this conference’s InfoSec industry to hacker-con ratio would be about 30/70. This dynamic leaves room for being silly over professional, spontaneous over regimented, and laid back rather than rushed. Also if you are a swag-monger, you could easily leave the conference with enough security vendor t-shirts to impress your friends with one for each day of the week.

20150116_123711-276x300
Real life representation of a ‘Shmoo’ made by contest winners of Barcode-Shmarcode
Anthony
Anthony Martini himself, showing of some #PacePride

ShmooCon is very entertaining, offering 3 tracks of talks all weekend as well as events such as Lock Pick Village by Toole, ShmooCon Labs, Hack Fortress, Wireless CTF and just so many more. Winners of events often win the most up-to-date gadgets ranging from tablets to entire 3D printing machines to tickets for next year’s con. Below is the winner of this year’s ‘Barcode-Shmarcode,’ in which contestants must make the most impressive and functionally scanning barcode.

The Theme:The Shmoo: What is a Shmoo?

The Shmoo is a mythical creature and does not have much significance in the ways of security or hacking, per se, but it does promote the individuality that is the essence of the con. All in all, this conference has a very unique culture that is sure to remain so for many years, andif you need a hacker or security conference to attend as your first, this should be the one. You can view many of the talks for free at the website, in their archive that is provided free of charge to the public; however, the benefit is to be amongst others in the community — to mingle, make friends and build a professional network. Did I mention that many of the vender booths are hiring students for internships and full-time positions? I hope to see you at ShmooCon of 2016!”

If anyone has any questions please feel free to reach out to the ShmooGroup at info@shmoocon.org. We also offer more opportunities for conference scholarships! You can get all the information here.

 

#SeidenbergPride in Washington DC

Seidenberg students and cybersecurity scholars Cynthia Shaw (BS/IT ’15), Anthony Martini (MS/CS ’16), and Luke Babak (BS/IT ’14) traveled to Washington DC in mid-January to attend the CyberCorps®: Scholarship for Service (SFS) Job Fair. The annual event is an opportunity for students in the SFS cybersecurity scholarship program to meet and network with federal employers with the scope of securing an internship or permanent position. The students had the chance to interact with representatives from over 40 federal agencies, and it is expected that they will get to parse through some interesting offers in the months to come. 

Seidenberg’s own SFS alum, Christopher White ’13, ’14, a Cyber Security Engineer with the Johns Hopkins – Applied Physics Lab, was one of the four alums to speak in the SFS Job Fair Alumni Panel.

So very proud of all of you!

CyberCorps Attendees

Pictured from left to right: Anthony Martini (MS/IT ’16), Cynthia Shaw (BS/IT ’15), Luke Babak (BS/IT ’14), and Li-Chiou Chen, Professor, IT WEST Department Chair and Cybersecurity Scholarship Program Director.

 

Skip to toolbar