Monthly Archives: May 2018

Estonian teenager rewarded $1000 for finding UI spoofing vulnerability in Chrome

Jasper Rebane, a 16-year-old Estonian computer enthusiast, found vulnerability in the Chrome browser. Google has now fixed the security bug and has rewarded him with $1000.

A security vulnerability found by Rebane was corrected in Chrome version 67.0.3396.62 where the changelog just states that he found an error CVE-2018-6135: UI spoofing in Blink. However, Rebane still can not share more precise details about the security error. In his response to Geenius, he said that in the interests of security, it is not allowed to disclose this information so that malicious people could not attack Chrome’s non-upgraded versions.

Currently, the 16-year-old Rebane is haunting plans for the future. In the near future, he plans to participate in the KüberNaaskli competition, where the best will be sent to the European Cyber ​​Security Challenge to represent Estonia. “There is also a plan to learn about things and improve skills, and to take part in the team at many of the CTF’s (Capture the Flag) competitions,” he added. There is also a plan to move on to the YouTube platform where Rebane wants to create educational cyber-security videos.

Links:
https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
https://bugs.chromium.org/p/chromium/issues/detail?id=823353
https://geenius.ee/uudis/16-aastane-eesti-arvutientusiast-leidis-google-chromeist-vea-ja-sai-selle-eest-heldelt-premeeritud/

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2017/2018

Cyber Security Msc thesis:

Cost-Benefit Analysis of a Hybrid Terrorist Attack on a Power Plant
Student: Avramenko Valeriia
Supervisor: Hayretdin Bahşi, Raimundas Matulevičius

HoneyProxy Implementation in Cloud Environment with Docker HoneyFarm
Student: Ahmed Elazazy
Supervisor: Anton Vedeshin, Truls Tuxen Ringkjob, Raimundas Matulevicius

Testing the Security Awareness Using Open-Source Tools – Spear Phishing
Student: Karina Filipczak
Supervisor: Sten Mäses, Raimundas Matulevičius

Assessing Generational Differences in Susceptibility to Social Engineering Attacks. A Comparison Between Millennial and Baby Boomer Generations
Student: Lejla Islami
Supervisor: Olaf Manuel Maennel, PhD Raimundas Matulevicius, PhD

How to Conduct Email Phishing Experiments
Student: Kaspar Jüristo
Supervisor: Sten Mäses, Olaf M. Maennel, Raimundas Matulevičius

Evaluation of Efficiency of Cybersecurity
Student: Mikko Luomala
Supervisor: Yannick Le Moullec, Jyri Paasonen, Meelis Roos

Fingerprinting a Organization Using Metadata of Public Documents
Student: Karl Mendelman
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius

Detecting Social Spamming on Facebook Platform
Student: Ghada Zakaria Mohamed
Supervisor: Innar Liiv , Raimundas Matulevičius

Forensic Data Properties of Digital Signature BDOC and ASiC-E Files on Classic Disk Drives
Student: Raul Nugis
Supervisor: Pavel Laptev, Raimundas Matulevičius

Online Cyber Security Exercise to Evaluate and Improve Individual Technical Specialists’ Cyber Incident Reporting Skills
Student: Andres Oras
Supervisor: Sten Mäses, Margus Ernits, Raimundas Matulevicius

Ensuring the Integrity of Electronic Health Records
Student: Alvar Ristikivi
Supervisor: MSc Jaan Priisalu, PhD Raimundas Matulevičius

Related thesis from other curricula:

A Tool for Supporting Multi-Perspective System Development Through Security Risk Management
Student: Madis Kaasik
Supervisor: Raimundas Matulevičius
Master – Software Engineering

Post-Quantum Secure Time-Stamping
Student: Raul-Martin Rebane
Supervisor: Dominique Peer Ghislain Unruh
Master – Computer Science

Prediction Model for Tendencies in Cybersecurity
Student: Erik Räni
Supervisor: Justinas Janulevičius, Raimundas Matulevičius
Master – Software Engineering

Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments
Student: Kristiine Saarmann
Supervisor: Dominique Unruh
Bachelor – Computer Science

Tool Support for Privacy-Enhanced Business Process Model and Notation
Student: Aivo Toots
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Bachelor – Computer Science

Dangers of Phishing Based on a Tech-Company
Student: Lauri Välja
Supervisor: Kristjan Krips
Bachelor – Computer Science

Finding Java Security Vulnerabilities Using Static Analysis: Whence the Problem?
Student: Harald Astok
Supervisor: Vesal Vojdani
Bachelor – Computer Science

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2018

Cyber Security master’s theses defense in Tallinn University of Technology (May 2018)

Monday, May 28th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Kristiina Renel
Title: Compliance with EU Personal Data Protection Framework in the Context of Public Sector Logging
Supervisor: Kaie Maennel
Supervisor: Kristjan Kikerpill
Reviewer: Andro Kull

Time: 10:10
Student: Belgin Tastan
Title: Securing Systems and Networks Using Deceptions With Cyber Kill Chain Methodology
Supervisor: Ahmed Tauseef
Reviewer: Risto Vaarandi

Time: 11:00
Student: Raquel Tabuyo Benito
Title: Forensic Analysis of a Steam Based Online Game
Supervisor: Hayretdin Bahsi
Reviewer: Jens Getreu

Time: 11:40
Student: Kim Vahturov
Title: Using Indicators of Compromise to Automate Incident Triage. Proof of Concept
Supervisor: Toomas Lepik
Supervisor: Lauri Palkmets
Reviewer: Hayretdin Bahsi

Time: 13:00
Student: Alejandro Guerra Manzanares
Title: Application of Full Machine Learning Workflow for Malware Detection in Android on the Basis of System Calls And Permissions
Supervisor: Hayretdin Bahsi
Supervisor: Sven Nõmm
Reviewer: Toomas Lepik

Time: 13:40
Student: Romet Saaliste
Title: Estonian Government Related Challenges in Protection of Personal Data
Supervisor: Olaf Maennel
Reviewer: Birgy Lorenz

Time: 14:20
Student: Moira Gabriella Nguegaum
Title: A Structured Approach to the Identification of IPV6 Vulnerabilities in IPV4-only Local Area Networks
Supervisor: Olaf Maennel
Reviewer: Bernhards Blumbergs

Time: 15:20
Student: Stefano Panarese
Title: Nessuno: A Friend-to-Friend Anonymous Communication Protocol
Supervisor: Olaf Maennel
Reviewer: Ahto Buldas

Time: 16:00
Student: Amirhossein Akbari
Title: A Novel Approach for Securing HTML5 Client-Side Database, INDEXEDDB
Supervisor: Olaf Maennel
Reviewer: Aleksander Lenin

Tuesday, May 29th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Andres Rauschecker
Title: User-Oriented Privacy Enhancements for Web-Browsers
Supervisor: Olaf Maennel
Reviewer: Hayretdin Bahsi

Time: 10:10
Student: Artur Luik
Title: The Design and Implementation of Automated Vulnerability Application Framework
Supervisor: Tanel Tetlov
Reviewer: Toomas Lepik

Time: 11:00
Student: Daniele Mucci
Title: TED – The ELF Doctor. A Container Based Tool to Perform Security Risk Assessment for ELF Binaries
Supervisor: Bernhards Blumbergs
Reviewer: Toomas Lepik

Time: 11:40
Student: Aleks Koha
Title: Impact Assessment of an EU GDPR Self-Assessment Qestionnaire on Entrepreneurs
Supervisor: Sten Mäses
Supervisor: Anu Baum
Reviewer: Tiia Sõmer

Time: 13:00
Student: Kayode Olaitan Omotoye
Title: Business Process-Based Cyber Risk Assessment Using Healthcare System as Case Study
Supervisor: Hayretdin Bahsi
Reviewer: Alexander Norta

Time: 13:40
Student: Mari Jääger
Title: Developing Records of Processing Activities in a Small Enterprise
Supervisor: Priit Raspel
Reviewer: Raimundas Matulevicius

Time: 14:20
Student: Simo Antero Hurttila
Title: From Information Security to Cyber Security Management – ISO 27001 & 27032 Approach
Supervisor: Andro Kull
Reviewer: Kaie Maennel

Time: 15:20
Student: Aditya Raj Das
Title: Comparing Battery Consumption of Malware Scanning Applications
Supervisor: Hayretdin Bahsi
Reviewer: Sten Mäses

Time: 16:00
Student: Danny Lopez Murillo
Title: A Balanced Lab for Teaching Ethical Hacking to Undergraduate and Graduate Students
Supervisor: Hayretdin Bahsi
Reviewer: Sten Mäses

Wednesday, May 30th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Sille Laks
Title: Basic cyber security awareness training in a paramilitary organization (RESTRICTED)
Supervisor: Sten Mäses
Supervisor: Markko Liutkevičius
Reviewer: Rain Ottis

Time: 10:10
Student: Andres Elliku
Title: Scalable Course on Cyber Attack Detection
Supervisor: Margus Ernits
Reviewer: Mauno Pihelgas

Time: 11:00
Student: Javid Asadli
Title: Proposing Action Plan in Cyber Security Capacity Building for Azerbaijan
Supervisor: Tiia Sõmer
Supervisor: Leyla Aliyeva
Reviewer: Sten Mäses

Time: 11:40
Student: Even Langfeldt Friberg
Title: The Cyber-Insurance Market in Norway: An Empirical Study of the Supply-Side and a Small Sample of the Maritime Demand-Side
Supervisor: Hayretdin Bahsi
Supervisor: Ulrik Franke
Reviewer: Birgy Lorenz

Time: 13:00
Student: Nishaant Verma
Title: Comparative Analysis of Online Privacy and Security Concerns Between Generation Y and Generation Z in North India: A Pilot Study
Supervisor: Hayretdin Bahsi
Supervisor: Mare Teichmann
Reviewer: Maria Claudia Solarte Vasquez

Time: 13:40
Student: Taimur Tufail
Title: Comparing the National Cyber Security Framework of Pakistan with India and United Kingdom
Supervisor: Hayretdin Bahsi
Reviewer: Tiia Sõmer

Time: 14:40
Student: Fernando Rafael Garcia-Granado
Title: Cybersecurity Knowledge Requirements for Non-IT Strategic Level Decision Makers
Supervisor: Hayretdin Bahsi
Reviewer: Andro Kull

Time: 15:20
Student: Hindrek Baum
Title: Detection of VLAN Hopping Attacks Using Switch’s Monitoring Options
Supervisor: Jaan Priisalu
Reviewer: Aleksander Lenin