New!! Authority Magazine Interviews Prof. Osgood

“Prof. Osgood On The 5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack”Read more
Categories
Blog Posts

Mason’s Pre-College Cybersecurity Student Publishes CVE

Mason’s Pre-College Cybersecurity student Tyler Schroder, a freshman at Centreville High School in Clifton, Virginia says he has always been a huge fan of all types of technology. 

This year Schroder’s passion for cybersecurity paid big dividends when he made a Common Vulnerably Exposure (CVE) discovery that earned him a publication with corporate partner MITRE and a visit to one of Mason’s Digital Forensics & Cyber Analysis classes. 

“In mid-February I was working on my computer at home, and attempting to sign into a website,” Schroder says. “A password manager product I use to sign into the website, Abine Blur, has a feature that can send a second-factor request to your cellphone to make sure it’s actually you requesting to sign into the site. My cellphone was elsewhere in the house when I attempted to sign into the website, and rather than going to get my phone I decided first to see if I could find a quick way around the sign in requirement.” What he found was a vulnerability in the product that would expose user data to a hacker without sending the request. 

Schroder credits his instructors at Mason for his knowledge of CVEs. He says they were the reason he knew that he had made a CVE-type discovery and what to do next. 

Schroder says, “I had recently learned in my Pre-College Cybersecurity Program class (taught by Jay Gala, MS Digital Forensics and Cyber Analysis student at Mason) about the entire disclosure process, to include the proper steps of how to contact the vendor of the affected product, coordinating patches to fix the vulnerability, and eventually requesting a CVE ID.” 

Armed with the knowledge about CVEs, Schroder was able to work through the proper channels so that this vulnerability could be fixed. For his work, he earned the opportunity to present his findings to a Mason Digital Forensics class of master’s students. 

For Schroder it was an exciting experience and opportunity to share his findings with other like-minded individuals. “But what made it special was the opportunity to present to an audience that was so much more experienced and educated than I was, in a field that I’d like to work in some day.” Tyler has a bright future. 

CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7213 

Presentation: https://onedrive.live.com/embed?resid=B123CF3DB421F5D8%213239&authkey=%21ABSNTE3SKNhD8pA&em=2&wdAr=1.3333333333333333&Embed=1 

Photo Of  Tyler Schroder

 

From Left to Right [Dad, Mom, Tyler Schroder, and Jay Gala (Digital Forensics Mentor)]
From Left to Right [Dad, Mom, Tyler Schroder, and Jay Gala (Digital Forensics Mentor)]

Download in PDF

Categories
Blog Posts

FBI’s data chief seeks better analytics as agency moves to cloud next year

FBI seeks better analytics

National security agencies collect hordes of data every day. But drilling down into that information and getting valuable analysis poses a whole different set of challenges. While several agencies’ offices have developed promising test cases for artificial intelligence, machine learning and automation tools, Robert Osgood, a former computer forensics examiner at the FBI, said the government has hardly scratched the surface when it comes to leveraging these tools.

“The big problem with these type of methodology platforms is that we don’t really know how to effectively drive data through them,” Osgood, now a professor of data analytics and computer forensics, said Thursday at AFCEA Bethesda’s Data Analytics Breakfast. Maria Voreh, the FBI’s chief data officer, said the bureau has so much data that it is “near impossible” for the agency to get value out of it quickly enough.

 

The amount of data I’m getting in, and the amount of sense that we can make of it, there’s a huge gap delta, and that’s our data debt,” Voreh said. “My job is to make sense and reduce that data gap. Whatever I have to do to organize the data, share the data within our agency or other agencies, I’ve got to reduce that gap, or else I can’t serve the mission.”

The FBI plans to move to the cloud within the next year in order to share its data both within the department and across other agencies.

“To be able to share broadly with other partners or to meet a joint U.S. mission, we’ve got to move our data to the cloud,” Voreh said. “These siloed, on-prem systems aren’t going to cut it. Our budgets aren’t getting any better, so buying more computers and putting them into a warehouse somewhere isn’t going to happen. We’ve got to invest in the cloud, we’ve got to move our critical systems so that we can get the data out of them.”

While the move to the cloud will take the FBI multiple years, Voreh said the migration will allow the agency to access all of its data more quickly.
“It’s going to take time,” she said. “In five years, we’ll probably get a lot further along because once we break the seal of the security, the protections, compliance and the comfort of the social understanding within the agency, then it becomes easier. It’s always that first piece going to a new technology that’s the hardest.”

The FBI put out a request for information (RFI) for commercial cloud services on Feb. 16.

page1image2289322448

Jack Barrett
SFSAFBI
Secretary, Washington, D.C. Chapter

— Article by Jory Heckman

Download in PDF.