SFS 2010 Job Fair and Symposium

January 9th, 2010 No comments

Just got back from the 2010 Scholarship for Service Annual Job Fair and Symposium yesterday afternoon, held at the Hilton Washington. I had every intention of blogging from the event, but with no free wireless service (or even wired in the rooms), I had to wait until today to do a little bit of retrospection.

The 3-day event was a flurry of activity, but every bit of it was useful and a lot of fun for over a hundred information security students, institutional PIs, and agency officials. I met several great people, in particular from Carnegie Mellon and the Air Force Institute of Technology (AFIT), as well as a couple JHUISI alums. I’ll break it down by the day:

Day 1: Wednesday

The conference opened in the afternoon with welcomes and introductions by various staff from NSF, DHS, and OPM, to name a few. What followed, along with dinner, was an excellent panel consisting of previous SFS program alumni in various positions within the government. Their advice on topics such as navigating “red tape,” advancement opportunities, and selection of mentors was exceptionally helpful, especially for those new to federal employment.

The short day concluded after dinner with a few drinks at the Hilton’s sports bar with several Carnegie Mellon students. One of the things I enjoyed most about the conference was getting the chance to meet students from other programs. Despite our late start, most of us headed to bed early. The conference was surprisingly tiring!

Day 2: Thursday

The main thrust of Thursday, the only full day of the conference, was the Job Fair itself. Dozens of federal agencies were present, and it was a feeding frenzy for a while. Thankfully, the fair was split between the morning and evening, and lunch was accompanied by a presentation by Wesley McGrew from Mississippi State about his investigative work tracking-down a hacker who had infiltrated a hospital’s HVAC systems. The talk elicited several laughs and a hearty amount of applause afterward.

Later there was a short presentation on two separate hacking challenges, one of which, the well-known DC3 competition, had been won by an AFIT SFS team. Afterward, the CyberCorps Alumni Association held its annual meeting, showcasing its plans to create a strong community of current and graduated SFS and IASP students. I found their proposed initiatives to be quite inspiring, and I’d love to see their ideas brought to fruition.

Finally, dinner was served while listening to a talk by a senior analyst from the CIA. Afterward, I met with several students who had interest in law enforcement and computer forensics, all of whom, coincidentally, were from AFIT. I had never realized just how different environments JHU and AFIT were until I asked about getting a research paper and was told, “Can’t — I think it’s FOUO.” Very different from the open environment of the University!

Day 3: Friday

Friday was another short day. Breakfast was served while listening to a presentation from OPM about working for the government for the first time. Even for those of us with prior experience, it was very detailed and the representative was quite helpful in answering specific questions and concerns.

It was closely-followed by the Keynote Presentation by Melissa Hathaway, of “Former Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils” fame. She has quite a presence! Her somewhat sobering message about the country’s current susceptibility of cyber attack was surprisingly fresh and unique, even with such an oft-cited subject. Her choice to meet with attendees beforehand to know what to focus-on was also a nice touch. After a few closing remarks, we all checked-out and headed in our separate directions.

After all was said and done, I was tired but happy to meet so many like-minded security professionals at the conference. If we’re to be the future of our nation’s cyber security, then I’m excited to see just what that future holds.

I look forward to attending the SFS Job Fair and Symposium in 2011!

- David Oxley

Categories: Education, Government Tags: , , , , , , ,

Merry Christmas from BytesAndBadges!

December 25th, 2009 No comments

Wishing you all, and your families, the best this Christmas!


(And, if the above looks familiar, you may need disinfection information from here!)

- David Oxley

Categories: About Tags: ,

Twitter Spam Leads to “Adult Dating” Site Fling.com

December 24th, 2009 1 comment

I have a love-hate relationship with Twitter. It lacks the friendliness and features of Facebook, as well as the professionalism and networking of LinkedIn, and is based-on the premise that I somehow have something to say in 140 characters that the rest of the world is just dying to hear.

That being said, I use Twitter as a tool to stay “in the know” concerning what’s happening among fellow computer security researchers. I follow a couple dozen people, and a couple dozen people follow me. It works.

Imagine my surprise when my email inbox began to alert me to five back-to-back follows, and from sexy-sounding ladies interested in information security, no less! (Hey, a guy can dream, right?) The follows were from the following profiles, with which I’ve included their associated tweets (all of which have been reported and, as of the time of this post, have been removed):

Paula Langley (PaulaLangley52)

Clik the link to Browse My Pictures hxxp://tinyurl.com/lj98tv “make sure you frisk me good. Check my panties and my bra.”

(hxxp://206.225.86.7/tw.html?x=42271)

Bobbie Carrasco (BobbieCarras)

(No tweets)

Sara Deschenes (SaraDeschene)

COME LOOK AT MY CRAZY PICTURES… HXXP://TINYURL.COM/LNEPKZ I AM READY FOR BED

(hxxp://206.225.86.7/tw.html?x=193663)

Nicholas Chapman (NicholsChpman)

look at my sexy profile. hxxp://tinyurl.com/ybmjood Hello people, I just wake up and still very sleepy

(hxxp://206.225.86.7/tw.html?x=3756212)

Carol Gonzalez (CarolGonzale)

look at my sexy profile. hxxp://tinyurl.com/ybmjood these dudes jus dont kno they act lyk they can talk my panties off NEXT

(hxxp://206.225.86.7/tw.html?x=3756212)

Arlene Rascon (ArleneRascon)

(No tweets)

Charming, all of them.

Firing-up the VMWare malware analysis machine, I followed the links, carefully, eagerly anticipating a tangled web of malware and cybercrime. The above IP resolves to:

hxxp://bestadultstar.com/tw.php

Other sites hosted on this IP? A selection…

seductivematch.com
bestadultstar.com
towex.com
sexylolitagirl.com
sexygirlheaven.com
dateup.org

Yeah, I wouldn’t visit any of the above, if that wasn’t already clear. The registration information is protected by WhoisGuard, and the bestadultstar.com domain has been around since January 2007.

Anyway, the tw.php page redirects to:

hxxp://www.fling.com/enter.php?prg=1&t=best&id=perfectmoney&cmp=t1

And just what would I find?

Zeus? Nope.

0-Day exploits? Nope.

Russian organized crime? YES!

(Just kidding)

Naked ladies? Yeah, a few. (The following is heavily censored, but still not worth explaining to your boss)

It turns-out that the Twitter spam is intended to generate traffic, and new members, at Fling.com, which bills itself as “World’s Best Personals for Sexy Adult Dating.” Charming, indeed.

No malware. No criminal activity. Profiles breaking the Twitter Terms of Service, of course, and a sleazy way of pushing your site. The only interesting bit? What could be the ID of the affiliate pushing the “dating” (to stretch the term mightily) site, contained in the link URLs:

hxxp://hot.fling.com/zbigger/?prg=1&id=perfectmoney&tour=zbigger&cmp=t1

Along the same lines, the following link was set as an “image source” in the above site:

hxxp://www.hugetraffic.com/ct/imgcount.cgi?a=perfectmoney&w=fl&t=zbigger&p=pps&r=http%3A%2F%2Fbestadultstar.com%2Ftw.php&i=[redacted]&u1=t1&u2=

And in the site’s client-side cookie:

fl_acct_id=perfectmoney
fl_tour=zbigger

So it’s unclear whether this spam campaign was orchestrated by the site itself, or by an affiliate. From the following, though, I don’t think I’d trust the site even were I looking for what it’s pushing:

PING www.fling.com (208.91.207.91) 56(84) bytes of data.
64 bytes from adultsinglesnet.com (208.91.207.91): icmp_seq=1 ttl=54 time=68.0 ms
64 bytes from flingworldwide.com (208.91.207.91): icmp_seq=2 ttl=54 time=70.6 ms
64 bytes from redtubedating.com (208.91.207.91): icmp_seq=3 ttl=54 time=68.2 ms
64 bytes from partysexdates.com (208.91.207.91): icmp_seq=4 ttl=54 time=65.8 ms
64 bytes from meetrealguys.com (208.91.207.91): icmp_seq=5 ttl=54 time=67.7 ms
64 bytes from remotedate.com (208.91.207.91): icmp_seq=6 ttl=54 time=64.4 ms
64 bytes from mate1adult.com (208.91.207.91): icmp_seq=7 ttl=54 time=64.0 ms
64 bytes from adultmate1.com (208.91.207.91): icmp_seq=8 ttl=54 time=73.0 ms
64 bytes from letsbang.com (208.91.207.91): icmp_seq=9 ttl=54 time=68.4 ms
64 bytes from mobile.fling.com (208.91.207.91): icmp_seq=10 ttl=54 time=64.9 ms
64 bytes from highdef-dating.com (208.91.207.91): icmp_seq=11 ttl=54 time=78.0 ms
64 bytes from rompinthesack.com (208.91.207.91): icmp_seq=12 ttl=54 time=85.9 ms
64 bytes from rawtubedating.com (208.91.207.91): icmp_seq=13 ttl=54 time=75.6 ms
64 bytes from adultdatebook.com (208.91.207.91): icmp_seq=14 ttl=54 time=89.5 ms
64 bytes from datingerotic.com (208.91.207.91): icmp_seq=15 ttl=54 time=66.0 ms
64 bytes from meetlocals.com (208.91.207.91): icmp_seq=16 ttl=54 time=66.1 ms
64 bytes from hookuparea.com (208.91.207.91): icmp_seq=17 ttl=54 time=64.7 ms
64 bytes from wildcard.fling.com (208.91.207.91): icmp_seq=18 ttl=54 time=63.2 ms

Ugh. Stay classy, Fling.com.

- David Oxley

Categories: Researching, Spam Tags: , , , ,

First Semester at JHUISI Complete

December 23rd, 2009 No comments

I’m happy to say that I’ve completed my first semester at the Johns Hopkins University Information Security Institute (JHUISI) with good grades and more than a little excitement for what the next semester has to offer. This semester I took Computer Forensics, Security & Privacy, and the Law and Policy of Information Assurance.I’d love to share some of the work that I did, but have to clear this with professors beforehand. Expect more on this in the future.

Next semester, I’m tackling:

  • Advanced Computer Forensics: This will be team-taught by Mike Lavine and Eoghan Casey (who is teaching SANS Mobile Forensics, btw!). It promises to be my most work-intensive course, but advanced forensic practices, including extended mobile device work, is right up my alley.
  • Practical Cryptographic Systems: So, cryptography is far from my favorite area of information security study. In fact, I’d say it’s my least favorite (hard math and David don’t mix very well). This class, however, looks to be a much more accessible and practical look at the subject. I’ll leave the heavy stuff to the professionals…
  • Healthcare Security Management: This course is taught by Darren Lacey, the CISO of Johns Hopkins. I have heard nothing but glowing remarks about the class, and it’s definitely something that’s not my usual forte. It’ll be a good balance to my technology courses, as well.

After this semester, I’ll have completed all my technology courses for JHUISI, save for my Masters Project. As I’m working on both my Masters in Security Informatics and a Certificate in National Security Studies, though, I’ll have no lack of courses to take before May 2011 rolls-around. Coupled with a new internship, I’ll be busy, but doing things that I know and love!

Can’t ask for much more than that, can I?

- David Oxley

Categories: Education Tags: , , , , ,

Howard Schmidt for Cyber Security Coordinator: A Damn Fine Pick

December 22nd, 2009 No comments

(Courtesy WhiteHouse.gov)

As announced at WhiteHouse.gov, Obama has tapped well-known cyber security expert Howard Schmidt to be the new White House Cyber Security Coordinator. Schmidt has an impressive resume, including:

  • Military service in the National Guard, Air Force, and Army Reserves
  • Law enforcement experience on both the local and federal levels, as well as with the Air Force OSI
  • Leadership in industry associations such as the ISSA and (ISC)²
  • Private-sector work at Microsoft and several other companies
  • Previous federal cyber security knowledge with the National Strategy to Secure Cyberspace

Obviously, this is far from an exhaustive list, but I think its indicative of Obama’s wisdom in selecting Schmidt for the position. The man has decades of military, law enforcement, private-sector, and federal experience, and he’s well-known (and generally well-liked, I’d venture) in the security community as a whole. I’m excited especially to see a Cybersecurity “Czar” with a strong law enforcement background, who understands the needs of the FBI, Secret Service, and numerous other federal law enforcement agencies while fighting crime in the 21st Century.

In short, I’m thrilled with Obama’s selection. Just how much of a difference Mr. Schmidt will be able to make, and how much power he wields, is yet to be determined.

- David Oxley

Categories: Government Tags: , , , , , , ,