Archive for the ‘Uncategorized’ Category

Another Internship Opportunity

May 3, 2010

Email me if you’re interested.  Open to US and foreign nationals:
Seeking individuals with experience in writing and performance
optimizing Snort rules. Must understand linux and UNIX environments and
networking tools very well, CVS and databases basics, and able to work
remotely for the next 6-8 weeks. This will be a short initial
assignment, those that excel will be offered part to full time contract
employment, also remote work.


For-Credit Summer Project

April 29, 2010

Hey folks,

GTISC  is looking for a student to implement a novel security feature on the android platform over the summer.  This is currently a for-credit opportunity.  Please send me an email if you’re interested to find out more.

Security Internship Available

April 29, 2010

Hey folks.  GTISC just got word from a local company that they’re looking for a summer intern in the area of information security.  This offer is only for US Citizens.  If you’re interested to find out more, please send me an email with your resume.

Ethics and Intellectual Property

April 22, 2010

Hey folks,

A student (Andrew Mishoe) mailed me with a few links related to our discussion today.  Enjoy and/or post follow-ups below:

1) Difference between ethics and morals:
Brief discussion here:
1. Ethics relates to a society whereas morality relates to an individual person.
2. Ethics relate more in a professional life while morals are what individuals follow independently

2) Discussion on intellectual property rights in other countries:

Basically you can try to register you property in those countries, but some might not have any enforcement mechanism in place.

I think these two topics might spurn some good conversation on the blog.

High-Level Take-Aways from Matt and Oscar’s Talk

April 16, 2010

Matt Woods and Oscar Salazaar (Application Security Group at HP)

They will send their presentation — look for the link  –> here.  It has details on all these examples.  There was a lot of good discussion, so please add comments to this post.

They have down-loadable tools to help check for website vulnerabilities.   A lot can be done with static analysis.

  1. The first thing to do is to look at the source code on the web page.  For example, there is a “load compressed file” command, so what else can I get them to load?  A configuration file?  Executable code?  This is useful information for a hacker:  you can put code into a web page and execute it.
  2. The Web Hacker Rule:  You can modify everything you send to  a web server, so explore and experiment to find out what you can do.
  3. Google Hacking Vectors
    1. Hacking (e.g., the xss demo; SQL injection)
    2. Misplaced Trust
    3. Resource Enumeration
    4. Session Hijacking
    5. Parameter Manipulation
  4. Client-side validation is ridiculous.  Easily defeated
  5. Clever evasive maneuvers without an underlying model is very dangerous (compare this to what we talk about in operaating system security: adhoc security through obscurity does not work).  You can’t just assume because you’ve done something complicated that the hacker will not figure it out. For example, hiding “script” in “scrscriptipt” is discovered by grepping script.

Bonus points

April 6, 2010

Hey folks,

Re the 5 bonus points, here’s the secret sauce, I’ll let you guys read the various man pages for more info.  Run on bastion:

sudo socat SCTP-CONNECT:candyland:19000 STDOUT
Wed Apr 7 01:02:38 2010

Wed Apr 7 01:02:38 2010

Sandia Infosec Contest this Weekend @GT ($$$)

April 5, 2010

Hey folks,

Check this competition out, it’s sponsored by Sandia. They’re looking for interns so please consider this if you’re interested/able to work for them.  Here’s a pretty Sandia Design Flyer

Begin forwarded message—


I am a GT graduate and an engineer at Sandia National Laboratories, and I am leading a one-day design competition next Saturday, April 10 for Juniors, Seniors, and M.S. students majoring in C.S., C.E., or E.E. (min 3.2 GPA). We are limiting participation to six four-member teams, and over $1000 worth of prizes will be awarded to the top three teams.


The design competition differs substantially from typical approaches in that the students will not physically build anything or write any code.  Rather, teams will be presented with a cyber security-related scenario at the beginning of the day and will have three hours to analyze the scenario, design a solution, and develop a presentation. The review panel (two Sandia engineers and one GT faculty member) will judge each team based on creativity, elegance, engineering feasibility, and presentation
quality. This type of competition is meant to mimic the initial design and proposal phase of an engineering project.

This is a new type of event for Sandia and we chose to pilot it this spring at Georgia Tech and the University of Michigan. Michigan successfully held their event this past weekend and received great feedback from the participants. The Sandia recruiting department has high expectations for the GT event since we have been fortunate enough to
partner with the GT chapter of IEEE.

The schedule of events is:

10:00 – 10:15 Sign-In and Welcome
10:15 – 10:30 Competition Overview and Problem Assignment
10:30 – 1:30 Team Design
1:30 – 3:30 Lunch, Sandia Presentation, and Team Presentations
3:30 – 4:00 Awards


More information on the event can be found here:



Jobs @ Sandia
Sandia is hiring! There is currently a high demand for BS, MS, and PhD-level students with CS, CE, and EE backgrounds. Internships, co-ops and full-time positions are available.

Apply online at

Note: Most positions at Sandia require the ability to obtain a DOE security clearance, which requires US citizenship.

About Sandia
Sandia National Laboratories is a premier national security laboratory that is managed by Lockheed Martin Corporation for the U.S. Department of Energy. Sandia’s core purpose is to help the nation secure a peaceful and free world through technology. We develop technologies to sustain, modernize, and protect our nuclear arsenal, prevent the spread of weapons of mass destruction, protect our national infrastructures, defend our nation against terrorism, provide new capabilities to our armed forces, and ensure the stability of our nation’s energy and water supplies.

Sandia has research focus areas in advanced computing, information systems and mathematics, bioscience and technology, combustion, chemical and plasma sciences, engineering sciences, geosciences, intelligent systems and robotics, materials science and technology, microelectronics and microsystems, nanoscience and technology, pulsed power and directed
energy, and remote sensing and satellite systems.

Mid-term(Question 4)

March 18, 2010

As earlier mentioned in class by the professors, all those who got less than the full points for question 4 should bring their exam papers to my office tomorrow between 11:30-12:30pm.

Answer key

March 18, 2010

Hey folks,

Sorry for the delay, here’s an answer key for exam 1.Spring 2010 Exam 1 Key

Class 15: More On Protection Models and Access Control

March 15, 2010

Check the lecture notes for Class 14.  They have been updated with more material for Tuesday March 16.