We are always hearing about data breaches and leaks from websites we visit on a daily basis. Hack This is an easy to use web extension for your internet browser to make surfing the web more secure. With Hack This, you can check to see whether or not your favorite websites have open vulnerabilities, hidden elements on the page, and can run scripts to pentest the site you’re visiting.

Industrial control systems, a type of cyber-physical system, control critical infrastructures such as national power distribution (nuclear, electrical, etc), manufacturing, and communication infrastructures. The increased internet-connectivity of devices within these networks create apertures for malicious actors to access and control these critical infrastructures. Teaming with FireEye, we retrieved publicly available information about IP addresses that were recorded port-scanning an ICS system. We extracted a list of features that indicate the IP address may be malicious, and created a confidence level to help clients determine potential maliciousness. Using improved capabilities, companies can have increased visibility into their ICS environment.

Mito, derived from Latin for “giving with ease”, provides a social platform that lets users purchase products online to send to each other without exchanging physical addresses. Our solution offers a seamless process for buying goods for recipients while protecting users’ address information at all cost. A transaction on Mito no longer requires users to share their private address with one another.

Small business owners are often willfully ignorant to the threats of data breaches, deeming it too costly and unnecessary which leaves them prime targets to cyber-attacks. Schniffer, created by INFO students Jason Peacher-Ton and Jingyu Yang, is a low-cost, all-encompassing network monitoring and vulnerability scanning tool, acting as a first line of defense for small businesses against cyber-threats.

Containers allow application developers to work with lighter weight virtual machines capable of running on the cloud and provide increased flexibility for sharing existing code. Although the benefits are appealing to developers, the security of networks and data in the containerized world must not be overlooked. This whitepaper outlines known breach vectors of Docker containers by analyzing five common vulnerabilities and exposures (CVEs) while providing a consultative review on why container security is integral. This research addresses the importance of balancing technological convenience with security and advocates for the development of a culture of security awareness amongst container users.

In 2015, over 112 million medical records were breached worth 12 million total cost from data breaches. Today, healthcare organizations understand the benefits of investing in cloud security but with constant change in security landscape, fear of data breach and loss of control over their data, they are concerned about adopting to cloud. To help these concerned organizations navigating safely in cloud, I have made an attempt to present to them a comprehensive list of security considerations to be taken into account for navigating safely in cloud. This would better enable them to focus on healthcare operations. Through this project, I have conducted an initial literature review on the topic and then interviewed security professionals and analyzed the overall risk benefit of using cloud in healthcare industry. My analysis covers the elements of patient data security, cloud vendor selection, industry standard security controls along with final results on key ways to assess security implications of cloud in healthcare.

With the increase in internet connected devices, the number of unprotected and compromised devices is on the rise. While many corporations can afford security systems, homeowners and small businesses are left with traditional host-based antivirus that is limited to specific devices and operating systems. IC3 represents a prototype of a consumer-grade network intrusion detection system, providing users with enterprise-grade network security at an affordable cost and entry-level technical capability requirements. IC3 comes in the form of a router, with a built-in web interface for accessing detections and steps on how to remediate them.

Our everyday devices such as smartphones, tablets, wearable technology and home appliances are now being connected to the Internet and to each other. As we continue to embed these interconnected objects, the security risks posed by the IoT is becoming more complex and may have serious consequences. However, vulnerabilities of IoT devices can be significantly mitigated if end users take necessary actions to secure their devices. IoTExposed will inform users about vulnerabilities of their IoT devices, and provide mitigation steps to prevent such vulnerabilities from exploiting their devices. Visit our website to find out how vulnerable your devices are!

Our capstone project addresses the issue of improving phishing awareness among employees at UW Medicine. The project consisted of three phases: i) Designing and sending bait phishing emails targeting new employees who just completed their orientation (which included a presentation on phishing, and a warning that they would be phished), ii) Sending out a questionnaire to those employees asking why they did or did not click on the bait phishing email, iii) Designing and drafting a short, interactive, and engaging learning module to educate employees on how to identify phishing emails.

According to many studies, older patrons that struggle with technology will often turn to their library for support. Our sponsor noticed this trend at Kitsap Regional Library’s Sylvan Way Branch. However, two issues were apparent: first, there were inherent privacy concerns in helping patrons with their online needs and second, many patrons needed extensive help beyond the time that could reasonably be devoted to helping one patron. Through observation and research, our team created a series of handouts on a variety of targeted topics. Our work bridges the gap between protecting information privacy, education, and staff time constraints.