Monday, December 16, 2019
Digital forensics major takes on bug bounty hunting
As a 10-year-old playing video games Jeremy Dilliplane had his first experience with the darkness of cyberspace. Battling against online cheating and game-based cyberattacks fostered a passion for cybersecurity.
That passion and now hobby — further sparked by a digital forensics class on small devices last year — led the Bloomsburg University digital forensics major to uncover a data exposure by a well-known networking company. “My discovery was quite shocking,” Dilliplane said. “Not only did I find sensitive information, but my own data was also at risk.”
According to Dilliplane, the foundation of his digital forensics skills on small devices started with Diane Barrett, professor of mathematical and digital sciences and director of BU’s cyber defense education. “I learned how to interface with small devices to see data and acquire a forensic snapshot of the phone,” Dilliplane said. “I also learned key places to look for evidence in Apple iOS and Android OS file systems that hold different kinds of valuable information, such as address books, call logs, web browsing history, application configurations, and several other locations that a typical user wouldn’t see unless they are using forensic tools.”
A special interest immediately developed and Dilliplane started exploring on his own smartphone in his makeshift digital forensics lab at home. “I was able to pull data from my phone, which led me to uncover a networking company’s sensitive information that was exposed to all users who had downloaded this application,” Dilliplane said. “While I was going through the acquired data for all of the applications I installed on my smartphone, and with my hobby being information security, my alarm went off when I recognized private API keys and a private server authentication key.”
Dilliplane said API keys are generally not considered secure, however, are mainly distributed to only customers and clients for usage. In this instance, he said the networking company was a client to multiple other companies that provided different types of services from storing application usage statistics to containing other private information.
“The exposed keys were a vulnerability and could have been abused to pull and read private data belonging to customers and employees,” Dilliplane said. “As soon as I encountered the vulnerability, I wrote a full, thorough report on my findings and contacted the networking company’s security team right away.” According to Dilliplane, he was a tad late. In a good way. “I was thanked by the team for reporting the issue,” Dilliplane said. “However, no bug bounty was rewarded for the find, because they were already processing a report from another bug bounty hunter.”
A bug bounty is a deal offered by websites and software developers for reporting bugs and vulnerabilities. According to Dilliplane, bug bounty hunting can be very competitive.
“A common courtesy when finding such vulnerabilities — especially those that could lead to massive data leaks — is to keep it private until the company can securely patch the vulnerability and no one can exploit it for personal gain,” Dilliplane said. “Bug bounty hunters and hackers know that where there’s one vulnerability, there are often more. In this case, the company asked to not be disclosed.”
Dilliplane’s ability to uncover the data exposure and to “compete” in the bug bounty world can be directly attributed to groundwork laid by BU’s digital forensics program.
“The digital forensics program (here) provides students with not only the investigative and recovery skill sets, but also the knowledge and skills in almost every area I can think of when it comes to cybersecurity,” Dilliplane said. “All of the material is covered in depth, and most importantly, the faculty care about you and your future. It’s also recommended and encouraged that all students in the major join available clubs, such as the Digital Forensics and Cyber Defense Club, where you can learn even more.”
Dilliplane, who for the past two years has assisted NETGEAR Inc. privately test its products for bugs prior to market release, has his sights set on a cybersecurity career somewhere in the government sector. “We can see in the news that hackers (both foreign and domestic) often attempt and are sometimes successful at hacking into our critical information systems to steal or exploit them,” Dilliplane said. “These critical information systems can contain intellectual property, control our infrastructure (like power grids), or even allow us to vote. I believe (BU’s) digital forensics program has prepared me to apply my skills to identify these malicious actors and hopefully defend against them.”
~from bloomsburgu.tumblr.com
Friday, December 6, 2019
Food Drive, Clothing Drive, and Ornament Contest
The Biological and Allied Health Science club held a
food drive for the Columbia County Volunteers in Medicine Clinic. The clinic,
located in Mifflinville, and founded by BU Biology alumnus Bette Grey, provides
free health care for those without health insurance. The clinic also maintains
a small food/personal hygiene pantry for those patients needing this additional
support. Club members, faculty, and staff from the College of Science and
Technology collected non-perishable food and personal care items for the
clinic. Dr. Angela Hess and Dr. Jennifer Venditti serve as co-advisors for the
club.
This food drive was held in connection with the 2nd
annual ornament contest where students and their faculty mentors were
encouraged to make an ornament from laboratory supplies. The first place
ornament was created by Ian Whiteside and Vitoria Nery from Dr. Beishline’s
lab. The runners up were submitted by Alex
Shaffer from Dr. Klingerman’s lab, Rachel Nenstiel and Taylor Bozza from Dr.
Surmacz’s lab, and a submission from the Exercise Science department.
First place ornament -Ian Whiteside, Dr. Beishline, and Vitoria Nery |
Honorable Mention Winners - Rachel Nenstiel, Taylor Bozza, Wendy Hoyt (exercise science reprsentative) and Alex Shaffer |
COST and Tri
Beta also sponsored a professional clothing drive to benefit the Career Closet
for Bloomsburg students. The career closet is professional clothing
service provided by the Alumni & Professional Engagement office to help
students dress for success. BU students who are in need of attire for an
upcoming interview, career fair, or even class presentation, can obtain one
professional outfit from the closet each semester. The Career Closet is
available to all BU students and is stocked through donations from alumni, faculty,
and members of the community. All
donations not utilized by the BU Career Closet will be donated to Goodwill.
Rachel Nenstiel, Dr. Hare-Harris, and Taylor Bozza |
Tuesday, December 3, 2019
Pennsylvania Academy of Audiology (PAA) 26th Annual Convention
Dr. Jill McClelland, students Chelsea Hoy, Jamie Daigle, and Miranda Mikelson, and
Dr. Joseph Motzko |
Dr.
Jim Zeigler, Dr. Nicole Balliet, Dr. Jill McClelland, Dr. Renee Monahan, Dr. Joseph Motzko, and Dr. Lucy Corbin |
Audiologists and
students from all over the state came together to learn and hear from
nationally renown researchers, educators, and industry professionals at the Pennsylvania Academy of Audiology (PAA) 26th Annual Convention in Lancaster, PA. Attendees included Bloomsburg University graduates Dr. Jim Zeigler,
Dr. Nicole Balliet (Secretary of PAA), Dr. Jill McClelland (President
Elect of PAA), Dr. Renee Monahan, Dr. Joseph Motzko (Vice President of
Membership of PAA), and Dr. Lucy Corbin (Past President of PAA). Current Bloomsburg University graduate students Chelsea Hoy, Jamie
Daigle, and Miranda Mikelson also attended. Bloomsburg University of Pennsylvania is
one of three accredited universities in Pennsylvania to grant Doctor of
Audiology degrees. The other two are Salus University and the University
of Pittsburgh.
The Pennsylvania Academy of Audiology represents
the "Voice of Audiology" within the Commonwealth of Pennsylvania. The
academy is the only state organization that is truly dedicated to meet
the need of audiologists. The academy was started in 1991 by ten
audiologists from all parts of the Commonwealth and now has a membership
of over 140 audiologists.
The Academy is a professional organization of
university-trained audiologists practicing in a variety of settings
within the Commonwealth of Pennsylvania and adjacent states. PAA
audiologists are dedicated to serving all people with hearing problems.
The Academy promotes the profession of audiology as an autonomous
profession to serve the hearing health care needs of all people.
Further, the Academy fosters the ability of our members to achieve their
career and professional objectives, provides quality continuing
educational experiences, promotes public and consumer awareness of
hearing problems and solutions to improve hearing, and advocates the
profession of audiology to regulatory agencies and legislatures in the
Pennsylvania general assembly.