We’ve all heard about the new software in all of the classrooms in IST. Come out and learn how it works, what it’s capable of doing, and what that means in terms of privacy and legality. We’ll discuss the key logging capabilities of the software (which have now been disabled) and some other potential misuses (such as rogue teacher machines). We’ll end with an open discussion on both Insight and monitoring software in general.

The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants. The Capture The Flag contest is multi-site, multi-team hacking contest in which a number of teams compete independently against each other. The goal of each team is to maintain a set of services such that they remain available and uncompromised throughout the contest phase. Each team also has to attempt to compromise other teams’ services...

Learn how to think like a hacker! This seminar will cover the 5 phases of an attack: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks. It is a great way to prepare for the iCTF competition.

  The IA Club Executive Board demonstrated seminars from this year in the newly revamped Kimberly-Clark Security Lab, and the Nittany Lion, Dean Foley, and even President Graham Spanier stopped by to watch Saturday at IST’s 10th year anniversary celebration. On October 10th, 2009 the College of IST celebrated its first 10 years at Penn State. [...]

The goal of this seminar was to raise awareness of increasing use of Adobe PDFs as a vector for other malware. IA Club members learned a little about the history of PDFs as well as the internal workings of the document format. We also explored a few PDF based exploits using /JavaScript and the /OpenAction functions. This seminar gave a very high level overview of buffer overflows and heap sprays and focused more on the practical application of such techniques. We also looked at some detection and mitigation strategies and best practices when dealing with PDFs.

Insider Threat is a growing problem for today’s organizations. Often overlooked in favor of technological solutions, the “trusted insider” can commit tremendous damage to an organization. CERT has researched hundreds of cases of actual insiders, from a combination of open source reporting, Secret Service case files, and voluntary contributions from organizations. Using these case files, and statistical, psychological, and technical analysis, CERT was able to develop a model of malicious insiders and why they commit their crimes. This presentation will discuss some of the major cases we have studied, profiles of malicious insiders, and best practices for reducing the risk of insider threat.

Cyber attacks and their viral ability to infect networks, devices, and software must be the concern of all Americans. This month, we highlight the responsibility of individuals, businesses, and governments to work together to improve their own cybersecurity and that of our Nation. We all must practice safe computing to avoid attacks. A key measure of our success will be the degree to which all Americans educate themselves about the risks they face and the actions they can take to protect themselves and our Nation’s digital infrastructure.

This presentation covered some of the basics of Linux, its history, its business uses, and a hands-on portion encouraging attendees to try out Ubuntu 9.04 for themselves. This event was held in conjunction with the student club Women in IST (WIST) as part of their Successful Women in IT series, and members of both clubs got to interact and learn more about each club over ice cream after the seminar. Thirty Ubuntu 9.04 Live CDs were distributed to encourage members to try Linux on their own computers at home without permanently changing anything. Members also got a look at the powerful command line under the hood of Linux through SSH by using Penn State’s Linux cluster.

This presentation covered some of the basics of web security using Firefox. It was meant to serve as an introduction to SQL Injections, Cross Site Scripting (XSS), as well as form data manipulation. We have chosen Firefox because it has some powerful addons that make security testing as easy as point and click.

Join Booz Allen Hamilton, a leading strategy and technology consulting firm, as we discuss the future of DoD in cyberspace during an interactive panel discussion for Penn State students and faculty. Our panel of Cyber specialists—comprised of Penn State Alumni and a Happy Valley native—will also address audience questions, drawing on important client work and their own expertise.

Our introductory meeting was a success. We filled the room and had over 45 members in attendance! We discussed our plans for the upcoming semester, appointed new officers to the executive board, talked about our certification program, and Garrett and Brian wrapped it up with a Bluetooth hacking demo.

Missed IST Connections Day, or want to see a copy of what we were showing? You can download our slideshow from IST Connections Day.