Blog Participation Grading

May 5, 2010 by

Hey folks,

We welcome you to keep posting to the blog (even after the semester is over), but for the purposes of your participation grade the blog is now closed.  If you made a bunch of posts in the past few days (since Sunday evening) that you want to be considered in your participation grade, please email Ikpeme.


Another Internship Opportunity

May 3, 2010 by

Email me if you’re interested.  Open to US and foreign nationals:
Seeking individuals with experience in writing and performance
optimizing Snort rules. Must understand linux and UNIX environments and
networking tools very well, CVS and databases basics, and able to work
remotely for the next 6-8 weeks. This will be a short initial
assignment, those that excel will be offered part to full time contract
employment, also remote work.

Chapters from Textbook

May 1, 2010 by

Hey folks,

The only  chapter covered in the textbook not covered on midterm 2 is chapter 11, so you can expect an emphasis (maybe 50%) on chapter 11 and guest-lecturer-related questions on the final.  For the record, these chapters were covered this semester:

Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 7
Chapter 5
Chapter 11

Mike’s Notes from Gunter’s Talk

April 29, 2010 by

Biggest clouds ever are botnets Amazon EC2: 200,000. Botnets: 10,000,000

History of botnets: IRC as command and control

Nuke switches: Eliminate evidence by zeroing hard drive

Standardization of botnet languages

Botnet operators use multiple agents to avoid detection

Lots of free-market services available (malware QA, bot rental)

Very professional management tools

Domain flux: Generating new domains to maintain C&C

Microsoft botnet take-down was not successful because one C&C was left on for too long

For-Credit Summer Project

April 29, 2010 by

Hey folks,

GTISC  is looking for a student to implement a novel security feature on the android platform over the summer.  This is currently a for-credit opportunity.  Please send me an email if you’re interested to find out more.

Security Internship Available

April 29, 2010 by

Hey folks.  GTISC just got word from a local company that they’re looking for a summer intern in the area of information security.  This offer is only for US Citizens.  If you’re interested to find out more, please send me an email with your resume.

Notes from George Cox’s Talk

April 28, 2010 by

Notes on George’s security design talk:

Security as an afterthought, aka add-on, aka “wax job” == fail

The security of a product is a lifecycle consideration (you can’t “fire and forget”); field remediation will be necessary

Secure hardware design requires cross-module thinking

Time to market == time to money

Avoiders focus on cost, security professionals focus on value

Remote reprovisioning functionality  built into computers these days, great for good guys, great for bad guys if done poorly

Course/Instructor Opinion Survey (Deadline: May 9)

April 25, 2010 by

Hey folks,

As a reminder, Rich and I would appreciate it if you fill out your surveys for the class; it’s helpful to us as instructors and to the institute to get a sense of what can be done to improve.

Project 3 grades

April 23, 2010 by

Hey folks,

Project 3 grades are up with comments.  They look pretty straight-forward to me…if you got points taken off for not seeing the webcam you can get those points back (send me an email), it crashed hard toward the end of the assignment so not everybody might have seen it.

Ethics and Intellectual Property

April 22, 2010 by

Hey folks,

A student (Andrew Mishoe) mailed me with a few links related to our discussion today.  Enjoy and/or post follow-ups below:

1) Difference between ethics and morals:
Brief discussion here:
1. Ethics relates to a society whereas morality relates to an individual person.
2. Ethics relate more in a professional life while morals are what individuals follow independently

2) Discussion on intellectual property rights in other countries:

Basically you can try to register you property in those countries, but some might not have any enforcement mechanism in place.

I think these two topics might spurn some good conversation on the blog.