Tuesday, February 28, 2012

Crowd Sourced Pentesting

Google is hosting its Pwn2Own competition again and offering 1 million dollars in total prizes for those that can remotely commandeer a full patched Chrome browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts.

Without major flaws the Chrome developers have a harder time finding where the browser needs to be improved. It is a pretty cool concept and opportunity. Not only are they open to anyone taking a stab at their browser, they'll reward you hansomly as well. Not to mention it would be a great bullet point on a resume ;)



The DoD CyberCrime Center is creating a institutional certification much like the CAE/IA. The

National Centers of Digital Forensics Academic Excellence Program

is affectionately known as CDFAE (C D Fay). UAT is exploring this as a forensic credential. Check out the mission and the website at:

Develop a partnership between academia and the government to establish standards and best practices for digital forensics practitioners, educators, and researchers to advance the discipline of Digital Forensics and increase the number of qualified professionals to meet the needs of law enforcement, counterintelligence, national defense and legal communities.


Monday, February 13, 2012

What is a System and Network Administrator?

I only wish my mother understood this excerpt because it would make my life sooooo much easier.

An excerpt from the book preface of

The Practice of System and Network Administration

What Is an SA?

If you asked six system administrators to define their jobs, you would get seven different answers. The job is difficult to define because system administrators do so many things. An SA looks after computers, networks, and the people who use them. An SA may look after hardware, operating systems, software, configurations, applications, or security. A system administrator

influences how effectively other people can or do use their computers and networks.

A system administrator sometimes needs to be a business-process consultant, corporate visionary, janitor, software engineer, electrical engineer, economist, psychiatrist, mindreader, and, occasionally, a bartender.

As a result, companies calls SAs different names. Sometimes, they are called network administrators, system architects, system engineers, system programmers, operators and so on.

This book is for “all of the above.”

We have a very general definition of system administrator: one who manages computer and network systems on behalf of another, such as an employer or a client. SAs are the people who make things work and keep it all running.

The book "The Practice of Network and System Administration" on Amazon.com


Syrian President's Email Compromised

So i was in my cloud computing class the other day when i over heard one of my friends talking about the Syrian Presidents email being hacked. I thought, wow... must have been some elaborate hack to pull that off. But then i remembered the hacker that compromised Sarah Palin's email not too long ago via a simple wiki search and figuring out her secret question. I decided to look into it and as it turns out, it was certainly not an elaborate hack. The president of Syria had been using the password, '12345'

In our field it is common knowledge not to use such weak passwords but it seems some people still missed that memo. It was an interesting occurrence and im surprised it took this long to reveal that a nations president had such little focus on his communications security. I guess this is a good example of job security for us :)


Thursday, February 9, 2012

I love TED Talks ...

I love TED Talks ... Have you seen this one?

The speaker is Misha Glenny - a British journalist who leaves no stone unturned in his underworld investigations of criminal globalization. AND he loves HACKERS!

...from the TED Talk abstract: Despite multibillion-dollar investments in cybersecurity, one of its root problems has been largely ignored: who are the people who write malicious code? He tells the stories and profiles several convicted hacker/coders from around the world and reaches a startling conclusion.



Wednesday, February 1, 2012

NatGeo: Inside the NSA: America's Cyber Secrets

“Inside the NSA” aired on National Geographic on Monday, 30 JAN at 2100 (9:00pm). The camera crew was out at the NSA filming last year. I had several reports from UAT alumni that saw them walking around the buildings and filming.
Below is the link to the trailer to Nat Geo TV special
National Geographic TV special “Inside the NSA” seems to be running regularly on the Nat Geo TV. Below is the excerpt from the Nat Geo TV site.

Inside the NSA: America's Cyber Secrets

For decades, the U.S. government refused to acknowledge the very existence of the National Security Agency (NSA). And its still considered one of the most secretive intelligence agencies in the world. But thats about to change. With the first access given to a documentary film crew since 9/11, National Geographic goes Inside the NSA for a new one-hour special to demystify the modern-day spy agency.