I’m back from San Jose finally and while I won’t be breaking down a full review of HotSec and USENIX Security like I did for WOOT, I thought I would point out some of the more interesting presentations I was able to attend.
Day one of my trip out to San Jose to attend the WOOT, HotSec, and USENIX Security trifecta is over. The 2nd Workshop on Offensive Technologies (WOOT) took place today and I’ll be breaking it down with “The Good, The Bad, and The Ugly”.
While receiving phishing emails in my University inbox is a common occurrence, a recent email caught my eye due to its increased sophistication and University-specific information.
A recent xkcd comic related to malware visualization is eerily similar to a system we’re currently running at the University of Michigan.
I recently attended the USENIX Security Symposium in Boston, MA. I also attended two of the co-located workshops: the Workshop on Hot Topics in Security (HotSec), at which I presented a research paper focusing on a new paradigm for antivirus deployment, and the Workshop on Offensive Technologies (WOOT).
I just got back from Switzerland, and despite numerous flight delays, cancellations, and lost luggage (thanks NWA!), it was a great trip. I presented some of my research at the Fourth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), and got to spend some vacation time in Zurich, Lucerne, and Milan, Italy.
During an independent audit, I discovered a critical vulnerability in Cosign, a web-based single sign-on (SSO) platform which is currently in use at numerous large universities.
Given my previous experience with the Mcard identification system at the University of Michigan, I was interested when I heard that RFID technology was being integrated into the Mcards. I will explore the Mcard RFID and other current uses of RFID on campus.
mPrint is a useful service provided by ITCS of the University of Michigan to allow web-uploaded documents to be printed on campus printers. Unfortunately, the designers of mPrint included several “features” that violate the privacy of its users without their knowledge.
After investigating the security of the Mcard magnetic card system at the University of Michigan, which is used for student and faculty identification cards, I discovered that it is trivial to forge anyone’s Mcard given only their UMID/uniqname.