Blog Entries - Umich

xkcd Malware Visualization

November 30th, 2007

A recent xkcd comic related to malware visualization is eerily similar to a system we’re currently running at the University of Michigan.

Read the rest of this entry »

Posted in Technical, Umich | No Comments »

USENIX Security, HotSec, WOOT 2007

August 10th, 2007

I recently attended the USENIX Security Symposium in Boston, MA. I also attended two of the co-located workshops: the Workshop on Hot Topics in Security (HotSec), at which I presented a research paper focusing on a new paradigm for antivirus deployment, and the Workshop on Offensive Technologies (WOOT).

Read the rest of this entry »

Posted in Security, Umich | No Comments »

DIMVA 2007

July 20th, 2007

I just got back from Switzerland, and despite numerous flight delays, cancellations, and lost luggage (thanks NWA!), it was a great trip. I presented some of my research at the Fourth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), and got to spend some vacation time in Zurich, Lucerne, and Milan, Italy.

Read the rest of this entry »

Posted in Personal, Security, Umich | No Comments »

Cosign SSO Vulnerability

April 12th, 2007

During an independent audit, I discovered a critical vulnerability in Cosign, a web-based single sign-on (SSO) platform which is currently in use at numerous large universities.

Read the rest of this entry »

Posted in Code, Security, Technical, Umich | No Comments »

RFID on Campus

January 17th, 2007

Given my previous experience with the Mcard identification system at the University of Michigan, I was interested when I heard that RFID technology was being integrated into the Mcards. I will explore the Mcard RFID and other current uses of RFID on campus.

Read the rest of this entry »

Posted in Analysis, Physical, Security, Umich | No Comments »

mPrint Privacy Violations

August 31st, 2006

mPrint is a useful service provided by ITCS of the University of Michigan to allow web-uploaded documents to be printed on campus printers. Unfortunately, the designers of mPrint included several “features” that violate the privacy of its users without their knowledge.

Read the rest of this entry »

Posted in Opinion, Umich | No Comments »

Mcard Vulnerability

April 6th, 2005

After investigating the security of the Mcard magnetic card system at the University of Michigan, which is used for student and faculty identification cards, I discovered that it is trivial to forge anyone’s Mcard given only their UMID/uniqname.

Read the rest of this entry »

Posted in Analysis, Physical, Security, Technical, Umich | No Comments »

Wolverine Access Vulnerability

July 25th, 2004

While arranging my class schedule at the University of Michigan, I discovered a vulnerability in Wolverine Access that allowed unrestricted access to the social security numbers, names, and addresses of every student in the University including recent alumni.

Read the rest of this entry »

Posted in Code, Security, Technical, Umich | No Comments »