‘Huntington 100’ Students Honored for Their Achievements
Northeastern’s newest “Huntington 100,” a group of extraordinary students selected for their impressive achievements and impact both on campus and around the world, was honored last week at a reception with university leaders, faculty, and staff.
The honor, now in its second year, recognizes seniors and underclassmen who have excelled in their respective areas—from research and entrepreneurship to experiential learning and athletics. This year’s newest “100” members were joined at the reception by underclassmen who received the distinction last year.
“We’re very proud of your accomplishments,” Aoun said. “You were chosen because you are role models, and you’ve had a great impact on the university, students, faculty, staff, and society.”
Many graduating seniors are set to begin exciting careers or prestigious graduate programs. Aoun urged soon-to-be-graduates to remain connected with Northeastern as alumni and network with fellow alums across the globe. “Your job is just beginning,” he said. “No matter where you go, you will be a Northeastern graduate and a leader. Take a piece of Northeastern with you.”
Leadership was a common characteristic among the group, which included Student Government Association President Nick Naraghi, CIS’15; women’s soccer captain Hanna Terry, SSH’14; Max Kaye, DMSB’14, CEO of IDEA, Northeastern’s student-run venture accelerator; Stanislas Phanord, SSH’14, who recently received the esteemed Rangel Fellowship and Fulbright Scholarship; and Laura Marelic, AMD’15, who has spearheaded the creation of the new student design agency SCOUT.
Many “Huntington 100” students have also had dynamic co-op experiences. Nate Bessa, CIS’14, developed a software program that monitors a physician productivity incentive program at Brigham and Women’s Hospital. Rachael Tompa, E’14, worked at NASA’s Jet Propulsion Laboratory on the Thermal Technology and Fluid Systems group. Klevis Xharda and Laura Mueller-Soppart, both SSH’14, were selected to complete experiential learning opportunities at the White House.
Students hailed co-op as both a primary factor in their choosing Northeastern and their professional growth during their time here. Keith Rayburn, E’14, completed three co-ops at CDM Smith, a Cambridge, Mass.-based consulting, engineering, construction, and operations firm. On his third co-op, he was tasked with leading a sewer system rehabilitation project.
In addition to his work on co-op, he’s a member of Northeastern’s chapter of Engineers Without Borders, which has brought clean water to families in Honduras and Bbanda, Uganda since its founding in 2005. This spring, he accepted a full-time position as an environmental engineer at Environmental Partners Group in Quincy, Mass. “The on-the-job training was so valuable for me, just learning the day-to-day operations,” he said.
Michele Bellini, DMSB’14, was part of the student leadership team that organized the university’s inaugural Global Summit on the 2008 financial crisis held on campus earlier this month. The Italy-native is also in the D’Amore-McKim School of Business’ BSIB program and chapter of Net Impact, an international nonprofit organization whose mission is to make a positive impact on society by growing and strengthening a community of leaders who use business to improve the world.
“I’ve expanded my horizons here,” he said. “Northeastern really works hard to empower its students.”
New Experiential Master’s Program Aligns Talent with High-Demand Industries
Northeastern University has launched a new master’s degree program with a built-in experiential learning component, specifically designed for professionals who want to transition into high-growth industries, but do not have undergraduate degrees or work experience to match the needs of these industries. The program, called ALIGN (Accelerated Link to Industry through Northeastern’s Global Network), offers eight master’s degrees in cutting-edge industries, such as bioinformatics, health informatics, and cybersecurity. Each master’s degree has a customized curriculum that bridges the student’s undergraduate education with the graduate degree content and includes a six to nine month co-op position with one of Northeastern’s global network of 3,000 employers.
The ALIGN program is the only experiential graduate degree program in the U.S. designed for students with undergraduate degrees in a variety of disciplines who want to switch careers and need both an advanced degree and the real-world experience to do so. The program leverages Northeastern’s leadership in combining real-world professional experience with rigorous classroom learning and utilizes the university’s global co-op infrastructure and three domestic campuses.
Delivered in a hybrid format at Northeastern’s Boston, Charlotte, N.C., and Seattle, Wash. campuses, the eight master’s degrees include bioinformatics, computer science, energy systems, engineering management, health informatics, information assurance, project management, and regulatory affairs for drugs, biologics, and medical devices—fields that closely align Northeastern’s academic and research strengths with the talent needs of high-demand global industries.
“The integration of advanced learning and real-world experience is a powerful combination,” said Joseph E. Aoun, president of Northeastern University. “Northeastern’s network of the most innovative industry partners worldwide puts our graduate students in an unmatched position to lead in a global economy.”
The ALIGN programs have been strategically selected to match key industries with exceptional employment opportunities, long-term career potential, and cutting-edge challenges. For example, the global bioinformatics market is projected to nearly quadruple in the next four years.
Northeastern piloted the ALIGN program in its Seattle, Wash. campus with a master of science in computer science—a critical demand in several high-growth industries. The degree is designed to build on students’ strong quantitative and analytical skills with introductory courses in program design and computer systems. While computer science graduate students typically graduate from programs focused on math and engineering, Northeastern’s program is designed for students from a broad range of undergraduate majors, including history, economics, and physics.
ALIGN builds on Northeastern’s leadership in global experiential learning and enables participating students to take advantage of the university’s network of more than 200,000 alumni and 3,000 co-op employers.
Video: PhD Program Energy 24/7
The Ph.D. program at the College of Computer and Information Science has a rapidly growing faculty engaging in cutting edge research with our students. Watch the video below to see how our program truly has Energy 24/7:
Beware this Big iOS flaw — and it’s Not Alone
A change that Apple imposed to make iOS 7 more secure instead has dramatically weakened the security of devices running that mobile operating system, a security researcher has charged.
At the CanSecWest conference here last week, Azimuth Security researcher Tarjei Mandt said that Apple made a major mistake when it changed its random-number generator to make its kernel encryption tougher in iOS 7. The kernel is the most basic level of an operating system and controls things like security, file management, and resource allocation.
“In terms of security, it’s much worse than iOS 6,” Mandt said. Soon after his presentation Wednesday in the Grand Ballroom of the Sheraton Wall Centre, he published his presentation slides (PDF) and supporting whitepaper (PDF) as evidence.
And in a testament to the enduring challenges of getting mobile security right, other presentations at CanSecWest also called attention to flaws in the Android and in BlackBerry 10 mobile OSes.
How Apple left the iOS 7 kernel vulnerable
The technical and complicated change boils down to how Apple calculates randomly generated numbers used in the encryption of the kernel. If the numbers can be guessed, their randomness is irrelevant, and the kernel — key to control of the computer, or in this case the iOS phone or tablet — can be compromised.
Apple, he explained, recognized that the method of generating random numbers in iOS 6 could be improved on. Its security engineers leveraged the phone’s CPU clock counter on earlier version of iOS, Mandt said.
“That’s not very good, but still somewhat unpredictable,” he said.
The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has “more correlation” between the values it generates. That makes them easier to extrapolate and guess, he said.
“Normally, you shouldn’t be able to get any of these values in the first place,” Mandt said.
The kernel exploit is severe, although Mandt did not pair it with a vulnerability. Still, that means that anybody who can find an unpatched vulnerability in iOS 7, such as the “goto fail” vulnerability that was patched last month, can gain kernel-level access.
Apple appears to be taking the flaw seriously, but did not return a request for comment. CNET will update the story when the company responds.
“Apple [security engineers attending CanSecWest] approached me afterwards and they appeared to be kind of concerned,” he said. But he cautioned that this exploit should not be underestimated, and that left unfixed, it would effectively roll back 10 years of security-hardening techniques in iOS.
Using jiu-jitsu to fix Android fragmentation flaws
An Android presentation just after Mandt’s asserted that the one-two punch of Android fragmentation has placed Android users at risk of missing out on important security updates. That’s not going to be fixed anytime soon, they said.
The issue, argued Jon Oberheide of Duo Security and Northeastern University security researcher Collin Mulliner, lies in how Android devices receive — or more precisely, don’t receive — their updates.
”The Chrome guys will deliver an update within 24 hours. On Android, it can take months and years,” said Oberheide. “Your carrier doesn’t have a lot of incentive to fix your ancient HTC Evo. They want you to buy the latest and greatest device.”
So, the pair said, even when Google patches Android security flaws, the handset manufacturer and the carrier effectively stop patches from reaching the people who need them.
Android security apps can’t be relied on, Mulliner said, because they’re fighting Android malware — something that he said just isn’t a big problem in most regions.
“None of the big antivirus or security companies are doing a really good job because they’re all concerned with stopping malware,” he said.
Another dead-end, he said, is that Android architecture “doesn’t allow” partial updates.
“Google should be able to update anything that’s not kernel, but to do that you have to separate everything much better in the code,” Mulliner said. “Technically, it’s possible, but I could see the manufacturers not wanting to allow that because then you lose part of the device.”
However, they did hit on a method that flips unpatched exploits into tools for patching the bugs. Starting work at the end of 2012, it uses third-party vulnerability patches, independent of both device and Android version.
“Version numbers don’t tell you anything anymore, whether you buy one device for yourself or 100 devices for your company,” Mulliner said.
“There’s one patch for many devices, with no performance problems, and the patch self-contained,” Oberheide told the crowd.
Their first app, called ReKey, delivers a fix for the MasterKey bug.
They’ve built it to require the owner to root the phone first, so that it can’t be turned into a universal malware delivery tool, and they caution that it’s not for all Android owners. People who use Nexus devices and third-party custom ROMs such as CyanogenMod generally get updates much faster than the rest of Android owners.
Afterward, Mulliner dispensed some advice to people who want to buy Android phones. From a security point of view, he said, “Buy only Nexus devices.”
New BlackBerry era brings new risks
The QNX-based BlackBerry 10 is a major change for BlackBerry for many reasons, not the least of which are its security implications. The hardened, security-focused platform of the legacy BlackBerry OS made that the ideal mobile operating system for large businesses and governments.
Security researchers Ben Nell of Accuvant and Zach Lanier of Duo Security said that BlackBerry 10 opens itself up in ways that previous versions of BlackBerry didn’t, because it was fused on top of QNX, which powers everything from space shuttles to car operating systems.
“Some of the security enhancements introduced in BlackBerry 10 might help mitigate core issues in QNX, but not in other iterations of QNX,” said Lanier. But combining QNX with legacy BlackBerry, he said, “they inherited some bugs, fixed others, and introduced some new ones.”
Lanier noted that BlackBerry is pushing for QNX to be the top “Internet of Things” platform, but by combining QNX with mobile BlackBerry, the company could be putting at risk some of the infrastructure implementations of QNX — such as power plants.
“You may not want to shut down a nuclear reactor [running QNX] for maintenance,” he said. “If QNX continues to gain popularity outside of BlackBerry 10, there will be other issues that will crop up.”
One area where BlackBerry 10 is at risk, they said, is app permissions. “There are a couple of permissions that are in there that allow sockets to be open to the Internet. Any app can do it,” they said.
“We did report things like oversights in file permissions,” said Nell, “the sorts of things that were related to legacy bugs.”
Another problem with BlackBerry 10 is that minor vulnerabilities and weaknesses, along with some of those legacy bugs, could be chained together to cause bigger problems.
“If you had corporate email on the device, we could read your corporate email. It was a series of small issues that chained together were a bigger problem,” Nell said. He was reluctant to talk further about specifics, for fear of revealing problems that haven’t yet been reported publicly.
Nell got his start on BlackBerry research when his company was hired by a potential BlackBerry client to check out how secure BlackBerry 10 actually was. He and Lanier refused to discuss specifics because of a two-year nondisclosure agreement that Nell signed, a common practice in the security world.
Other areas they thought of looking at, but wouldn’t comment on because of their nondisclosure agreement, included checking on how the processes communicate with each other, and privilege escalations of the kind that had Mandt looking into iOS. A bug of either of those types likely would apply to both BlackBerry and QNX.
In the end, Lanier said that he’d recommend BlackBerry 10 as an enterprise device, but not for “bring your own device” customers. Unfortunately for BlackBerry, the dual-use feature of BlackBerry 10 that lets owners switch between work and home modes was designed to appeal precisely to the BYOD crowd.
“To BlackBerry’s credit,” said Lanier, “they baked in all the management features, the separation of work data and user data, from the get go. Now if only they could get people to use it.”
Article from CNET.com
