Thursday, March 31, 2016

How To Combat WiFi Security Risks When Connecting To A Public Network

How To Combat WiFi Security Risks When Connecting To A Public Network

How To Combat WiFi Security Risks When Connecting To A Public Network

wifi securityAs many people now know, connecting to a public, unsecured wireless network can have serious risks. It's known that doing this can provide an opening for all manner of data theft, particularly passwords and private information.

The specifics of why an unsecure connection can be a problem is more obscure, however – as are the methods that can be used to beef up your security even when using an unsecured public hotspot. Let's have a look at the exact WiFi security risks of public networks, and the solutions available to counter those risks.

Ah! My Airwaves!

security of wifi connections

The problem of unsecured wireless networks is a part of the way radios work. Unless specifically designed to do so, a radio won't broadcast in any particular direction. It will send information across the airwaves in all directions.

As a result, anyone nearby can potentially pick up the data sent by a wireless radio, and if that data is unsecured, it can be read. WiFi security works by encrypting the data sent. It can still be picked up, but can't be easily read because of the algorithm used to scramble it.

Most people understand this broad summary of the issue, but it's actually a bit misleading, because it seems to imply that someone can simply open a notepad, connect to a public network, and watch passwords drop in. In truth, obtaining data even over a public WiFi network requires a certain level of knowledge about software such as WiFi scanners, and your average person simply doesn't possess the necessary skills. Yes, there are tools like the FireSheep extension for Firefox that can hijack sessions easily in theory, but in practice some technical knowledge is usually required to do anything truly malicious.

HTTPS Security Is Your Friend

Attempts to read data can sometimes be thwarted by the first line of defense on a public WiFi network – site or service encryption. For example, when you type in and send your password across a network, it does not need to be, and ideally should not be, sent as "plain text". It should instead be encrypted via HTTPS or SSL. The same goes for all potentially sensitive information.

security of wifi connections

Many sites will automatically switch to HTTPS when you visit a page that requires the exchange of potentially sensitive information. Some sites, like Google, Twitter and Facebook, give you the option to remain in HTTPS at all times. You can decrease your risk when using any public network by making sure that any site on which you are entering potentially sensitive information is secured. Usually this is as simple as watching for the "https" prefix on the URL. If you're on a public network, and the site is not secured, then just wait until you're home before entering any important information.

Use a VPN

security of wifi connections

Although HTTPS can be great, it does depend on the website's implementation, which is something you have no control over. A poorly designed HTTPS site could have huge security holes – and it's never wise to assume that a site has great security just because it's popular.

A VPN is a great way to make public WiFi secure for your use 100% of the time. VPN stands for Virtual Private Network, and it's a method of creating a secured connection even on a network that is public and unsecured. Instead of connecting directly to the Internet, you connect to a specific server, which is itself connected to the Internet. The connection between your device and the server is encrypted, so the information you send is protected even on unsecured WiFi.

There are quite a few different ways to set up a VPN, but the easiest is to use a free VPN service. Free use of a VPN is usually limited to a certain amount of traffic per day or month, after which you'll have to pay for more bandwidth. The speed of your connection might also be handicapped unless you pay up.

Tunnel For Safety

laptop security using wifi

Another common method of creating a secure connection even on public WiFi is to use tunneling. Leave your shovel in the shed – this method is a server capable of SSH protocol.

Tunneling is the process of placing a packet sent via a specific network protocol inside another packet using a different network protocol. In the case of SSH tunneling, all packets are placed inside SSH packets, which are encrypted. The packets are then sent to the designated SSH server.

This method can also be used to work around attempts to block access to specific websites, which can be handy if you're on a WiFi hotspot that's trying to prevent you from accessing certain content without paying up. You can tunnel either by using a virtual server or by using your own server, which presumably would be left at home.

Conclusion

The best way to make sure your information isn't obtained when using a public WiFi network is to not send any sensitive information over the network. This is not always practical, however, so the methods above can help provide extra security.

Of the three, relying on HTTPS is by far the worst, because only specific information will be encrypted and that information is designated by the site, rather than the user. Still, it's better than nothing.

Let us know in the comments if you have any other good WiFi security tips for protecting yourself while on a public WiFi network.

Image Credits: proXPN, vwbike.com



^ed

Wednesday, March 30, 2016

Today’s Lesson: End Users in the Education Sector Are Twice as Likely to Visit Malicious Sites

Today's Lesson: End Users in the Education Sector Are Twice as Likely to Visit Malicious Sites

Today's Lesson: End Users in the Education Sector Are Twice as Likely to Visit Malicious Sites

Posted: 07 Jul 2015 10:45 AM | Sindyan Bakkal |


The threat landscape today is both dynamic and diverse. On one end of the spectrum are mass infections and threats that, while not very sophisticated, cast a wide net. On the other hand, we have very advanced targeted threats that are crafted painstakingly with a single target in mind, and executed over multiple stages possibly over a long period of time. Whatever the type of attack, it is clear that cybercrime is a business, and attackers are utilizing all marketing concepts like segmentation and targeting to zone in on their victims of interest.  

Just like other aspects of the web are dynamic and targeted to you, such as your location, browser type, and browsing history, to maximize the chances of being relevant to you, malware targets its victims using multiple factors. It doesn't have to be custom crafted or targeted at a single entity, but can be targeted automatically at dynamic subgroups—for example, specific industries, and geographies.

The industry (sector) and nature of business play a key role in the type of threats malware uses to target its victims. Using Threat Galaxies to cluster a variety of indicators across diverse threat channels, we found some very interesting behavior. As we clustered our telemetry data gathered via our Websense® ThreatSeeker® Network and the Websense Advanced Classification Engine  by type of threat, we saw a thick cluster of injection in every high level Threat Galaxy. Injection is a generic term for a class of attacks that rely on injecting data into web applications in order to facilitate the execution or interpretation of malicious data in an unexpected manner. It falls into the lure stage of the attack kill chain.

To illustrate how attacks are targeted by industry (or sector), let's take a journey into our latest Threat Galaxy, (shown below) that encompasses all industries and threats. Specifically as a case study, the dominant green cluster represents compromised websites that have been injected with malicious elements.

Isolating the education sector by coloring it in the same color as injection in the second graph below, we see that the majority of the users that visited compromised websites (colored green in the first graph) are from the education sector.

Clearly, users in the education sector are more likely to visit compromised websites. Additionally, according to our study based on the large sample set, users in the education sector are:

  • 20 times more likely to encounter websites impacted by BlackHat SEO than any other sector. 
  • Twice as likely to visit malicious websites.
  • Twice as likely to be impacted by Spyware / Adware.

Another interesting point to note from the sample set study is that although users from the education sector display more risky behavior in terms of visiting compromised websites, some threats are less likely to descend further down the attack kill chain for these users. A specific case that illustrates that different threats affect different industries is highlighted in our Websense Security Labs™ 2015 Financial Services Drill-Down report where we found that the Financial Services sector sees 400 percent more attacks using Geodo than other industries see. On the other hand, users in the education sector are hardly ever impacted by Geodo.

In terms of behavior profiling, we find that users in the education sector are three times as likely to visit websites on topics, such as cultural and religious institutions, political organizations, supplements and unregulated compounds. Clearly this behavior also affects the threats they are impacted by. All traffic is not created equal—certainly not to attack infrastructure. There are multiple factors that have a role to play in terms of which threats impact which victim, and the data shows that the company you keep does matter in how likely you are to have your valuable assets breached by a threat. The lesson for organizations is to keep a close watch on the threats affecting other organizations in the same or similar industry and to look for indicators of compromise in their environment that target such organizations.

Contributors: Amy Steier, Ruchika Pandey, and Rajiv Motwani





^ed 

Unemployment Crisis is America

Unemployment Crisis in America

May 4th 2009
After being rejected from a job that pays $18,000 / year at the women's prison, a job that pays $21,000 teaching Head Start, getting fired from Red Lobster (because apparently, I am just not Red Lobster "material" I decided to go to the Tennessee Career Center to take advantage of their high speed internet, free printer paper, and ink...

now would not be the best time to mention my senior thesis-- or my grad school major, or the fact that i spent the better part life as a volunteer and advocate for children at-risk.. working to give them hope and a second chance at life.

systematically invalidating such bogus, barnum-type feedback that one typically gets from a MBTI type of personality test that is given during high school or in college. i won't bother to mention the standardization of SAT scores to help our country feel better-- or the fact that the stanford-binet was created for military issue only.

who gives a shit anymore??? if you told a me a fat bearded lady at the circus could decide my fate and tell me what direction i should choose next-- i'd take it! and throw in a fat tip for being smart enough to know that any answer-- no matter how grim, is far better than just wandering aimlessly through life looking back on what might have been-- at THIRTY? at THIRTY-SIX???

after receiving five letters of rejection from jobs that require nothing more than a GED or a high school diploma, i decided to go to the tennessee career center hoping to find a job that will allow me to afford the most basic necessities of life. toothpaste, toilet paper, cat food... i got hooked up with a counselor that afternoon. he has two masters degrees-- one in educational career counseling, and a second in counseling psychology. could this be the guidance counselor i have been asking for since.. well... since... i was old enough to know was in need of guidance?

surely someone else must have recognized i was in need of guidance, but god knows my parents weren't paying attention, and having good genes just doesn't cut it these days. but now more than ever, i realize that having all the smarts in the world won't get you anywhere if you never learned how to apply them.

i am the exact same five year old who needed to win the spelling bee. in college, i was the one to set the curve, not just make it. the one to break the rules, and, break them i did, but there is no glory in being second best, second smartest, second brightest, or second anything.

i wish i could say that after all this time i developed other ego strengths and finally felt okay with who i am, you know.... "just being me," but i am sad to report that my "condition" (diagnosis) was amazingly accurate and predictable. just like all the doctors said! i wonder if they derive joy out of being right-- if they crack open a bottle of aged liquor in my fathers office and say, "see, we told you so. we told you their was nothing you could do." and so nothing they did.

and by doing nothing, and i do mean nothing-- the illness will just take will its course. and i am now, in fact, nothing. nothing costs nothing (at least to them) and daddy made another fine investment. on the other hand, nothing has drained every hope, fear, security-- every chance-- and every last breath from my body. i might have believed in me. but i know i'm alive because a tear just rolled down the side of my cheek. i am home.

but i still haven't learned. for some reason with all of my failures i am reminded of in so many ways... me, myself, as i watch them play out every time i shut my eyes or open them. yes- blink.

sometimes i ask myself, how did i get here? how did this happen? what happened to all of the plans i made for myself? where did they go? where did I go? constantly replayed over and over and over again in my mind. i must be F---ING CRAZY!

but at this moment, here, even as i say the words, i am not truly insane, i am merely in pain. what a tragedy that those two words rhyme-- they ruin what could have been a very profound misnomer of the human condition and the labels we hold so dear.

i am the exact same 5 year old who needed to ACE the spelling bee, set the curve, not just make it; break the rules, and, break them i did. there is no glory in being second best. second smartest, second brightest, or second anything. being second sucks. it sucks every god-damned second of the day.

and so my search for mediocrity continues and i wait for it each and every day hoping it will find me beaten and worn from the storm. all of the storms, but dammit, its still there. i still have questions those damn elyssa questions that made all my professors so proud, damn ideas, damn thoughts, damn hope.

my mother still calls me everyday to see if i went to get food stamps to feed myself, #EFF her, and her #EFF'n things. #EFF diamonds, couture, and #EFF that life. i was here mom, the whole #EFF'n time. just not pretty enough with out any surgery. not pretty at all, with all those damn scars.

i hope someone out there still loves me. i do actually believe that i deserve love and kindness despite the obvious fact that i am a royal pain in the ass. i refuse to work in burger king. for right now, at least.

so goodnight my dear friends. let's all try to have sweet dreams. pepe awaits, as does alanis, and a pack of smokes that i can already taste.

yes, what could have been, what should have been-- what MIGHT have been if you let me be

m.e.

"When written in chinese, the word Crisis is composed of tvo characters: One represents danger and the other represents opportunity." -JFK

Tuesday, March 29, 2016

Severe Poverty Affects Brain Size and Explains Poor Performance in School

Severe poverty affects brain size, researchers find

Study explains poor performance in school, expert says.


BY GUY BOULTON TRIBUNE NEWS SERVICE


A six-year study by researchers at the University of Wisconsin-Madison has added to the mounting evidence that growing up in severe poverty affects how children's brains develop, potentially putting them at a lifelong disadvantage.


The study — which combined the expertise of neuroscientists and economists — found that the parts of the brain tied to academic performance were 8 percent to 10 percent smaller for children who grow up in very poor households.

It was based on a relatively large sample of predominantly white children whose mothers were much more educated than the general population. And the results show a biological link between growing up in extreme poverty and how well children do academically.


"The significance of the study is providing a hard physical link between the experience of growing up in poverty and how well children do on cognitive tests," said Barbara "Bobbi" Wolfe, an economist at UW-Madison and one of the co-authors of the study.


The study, published in JAMA Pediatrics, builds on animal studies and other research suggesting that poverty affects the parts of the brain tied to self-control, attention, planning and other traits important for success in school and life.


The children often receive less nurturing from parents and live in environments characterized by increased stress from crowded housing, instability, poor nutrition, limited stimulation and more exposure to violence.


That children who grow up in poverty do less well in school is well documented. But studies increasingly show that at least part of that overall poor performance stems from how their brains grow and work.


The UW study estimated that as much as 20 percent of the gap in test scores could be explained by slower development of two parts of the brain: the frontal lobe and the temporal lobe.


The frontal lobe is important for controlling attention, inhibition, emotions and complex learning. 


The temporal lobe is important for memory and language comprehension, such as identifying and attaching meaning to words.


Both areas of the brain develop through adolescence.


"It provides a brain-based explanation for why children living in poverty are not performing academically as well," said Joan Luby, a professor of child psychiatry and director of the Early Emotional Development Program at Washington University School of Medicine. Luby was not involved in the study.


The UW-Madison study was led by Wolfe and Seth Pollak, a professor of psychology and director of the Child Emotion Lab.



^ed 

Do Not BCC Your Client When Emailing Opposing Counsel

Do Not BCC Your Client When Emailing Opposing Counsel

Do Not BCC Your Client When Emailing Opposing Counsel

shutterstock_309423188

The New York State Bar Association recently released an ethics opinion that, at first, blush, seems unnecessary: it warned you, gently, not to bcc your client on correspondence to opposing counsel. This seems rather far afield for an ethics opinion, particularly as that bcc is often a convenient way to keep your client apprised of what you are doing (and a regular cc gives your client's email address to opposing counsel, which you also do not want.)

The ethics opinion does conclude that neither a cc nor a bcc raises any ethical concerns as such. What the opinion is really warning you about is something we should all be terrified of, lawyers or no: the horror of an incorrect use of "reply all." Your client isn't likely to inadvertently create an email storm like the one that hit Thomson Reuters employees, where 33,000 (!) people were caught in a "reply all" chain, but a client's careless use of "reply all" can create a different sort of disaster.

For lawyers, the stakes are, of course, even higher.  As the committee pointed out, "if the enquirer and opposing counsel are communicating about a possible settlement of litigation, the inquirer bccs his or her client, and the client hits "reply all" when commenting on the proposal, the client may inadvertently disclose to opposing counsel confidential information otherwise protected by Rule 1.6."

The ethics opinion recommends solving this by just taking the extra step and forwarding an email to your client rather than copying them, blind or otherwise. That is an excellent idea, not only because it means you avoid the "reply all" possibility. Forwarding allows you to provide your client with a couple sentences of context or explanation  about that communication with opposing counsel. So there you have it—(at least) two good reasons to make a point of forwarding emails instead of copying your client.

Featured image: "Speech bubble illustration of information technology acronym abbreviation term definition BCC Blind Carbon Copy" from Shutterstock.



^ed

Neal Rauhauser Brags About SWATting To Sunstein On

Neal Rauhauser Brags About SWATting To Sunstein On Reddit And LinkedIn by share, opuniteblue.com



In light of that I thought it time to update this post where Neal brags to Cass Sunstein about his accomplishments in creating conspiracies in comments to an article Sunstein wrote.

I am Bloomberg View contributor Cass Sunstein: my latest book focuses on Conspiracy Theories and other Dangerous Ideas. AMA! (self.IAmA) submitted 2 hours ago* by CassRSunstein

[–]nrauhauser -2 points 2 hours ago

I have implemented many of the ideas you set forth in your 2008 paper on cognitive infiltration, doing so under the brand name 'Conspiracy Brokers'.

I shut it down at the first of the year but we had a great deal of fun at the expense of Breitbart.com, Michelle Bachmann, National Blogger's Club, the Romney campaign team, the DOJ, Groundswell, and a number of less notable conspiracy theory nests.

At one point during the summer of 2012 a group of 87 House offices sent the DOJ a letter about some of our alleged doings. Has any of this grassroots effort been noticed at the level where you work?

There is a Wordpress site called ConspiracyBrokers and a companion site Kookpocalypse that show a bit of the history of the effort, which ran roughly from early 2011 until the end of 2013.


Reprinted with permission. © 2016




^ed

Friday, March 11, 2016

A Poem for my Mother

 

 

YouTube - Avril Lavigne-nobody's Home

 

 

 

 

 

 

I can no longer protect the one who hurt me the most, and I officially declare myself as independent and free.

 

 Goodbye for now to The Powers That Beat, I am growing so tired of that nightmare where I cannot move my feet.

 

I am one today, but I am not alone; my DNA and birthright does not make me a clone.

 

Any genetic disorders, whatever they may be; will never again stand in the way for my fight to be free.

 

My bloodline alone comes right back to you, and your ridiculous denials are nothing new.

 

I must protect myself from your twisted mind, never forget, late last night, you left me behind.

 

You may think I have forgotten all your hysterical pleas, but I am legally required to remind you of these.

 

I hope you are ready for what lies ahead, because I do not think anyone else will agree this was all in my head.

 

You may dispose of my photos, writings, and more, I am sorry you do not realize you have officially now escalated funny money into a full-fledged war.

 

You declared this yourself, on March the Fourteenth, and I will expect it in writing before the next April 15th.

 

You no longer manipulate my ID or actions and blame; for I am not the one who falsely claims to be poor.

 

 You may find it a little bit harder to blame it on crazy and point the finger at me; I am posting it here for the whole to see.

 

Do not blame my siblings or my father's new wife; material wealth should mean more value than your own child's life.

I got excluded from the human genome, stop feeding me crazy, just bring it back home.

 

The suicide note I once left in your possession, should no longer be guarded as your greatest protection.

 

I defy the heritage that left me broken inside; any tears I have shed will finally subside;  I no longer will allow myself to be tried by the ridiculous facade that has given YOU a false sense of pride.

 

I am now on my own, as was always the case; it is so very sad you thought of this as a race.

 

I will honor your request to sever all ties; it is long overdue that I be free from your lies.

 

I never signed on to your game of deception, there was much more at stake than a strangers' perception.

 

So just as you once photographed my tattoo, sadly but surely, this one joke is on you.

 

I doubt you heard my very last words, but they were words of sincerity I hope that you'll review because my concern was genuine; just too familiar, we discussed nothing new.

 

I defy my heritage and reject your faith; I think I am worth more than an aborted mistake.

 

I declare my freedom and reject your "good faith" I am sorry you believe I was your biggest mistake.

 

You are so transparent it is easy to see, I hope you leave this behind the same way you left me.

 

My bloodline runs deeper than your maternal pride; I pray for your sake psychosis is real, for I see no other way your pain will ever be healed.

 

I am over and done with this stupid game, I gave you more than one warning to amend your tax claim.

 

So as I fight for my freedom, my health and my name, I hope your psychosis protects you from shame.

 

I must no longer allow trauma to guide me through life; I cannot worry about details as you become a new wife, you are correct in your assessment that you have earned all the "things" you cling to for dear life.

If there ever was a time to say, "This too shall pass...," then please go ahead and kiss my tattooed fat ass!

 

 

 

 

YouTube - Savage Garden - Crash 'n' Burn

 

 

 

 

 

It is time to start to focus on answers...

The events leading me into this circle of despair must no longer guide me through life.

 

If I am to escape the vivid memories of past,

Now, it is time to live free or die, I hope for one day that my focus can last.

 

Today I am asking for hope, "please give me one last chance to live free from fear."

                                                    

 

                                                                              

YouTube - Alanis Morissette - You owe me nothing in return

 

 

Thank you,  

 

E


Thursday, March 10, 2016

How a hacker's typo helped stop a billion dollar bank heist | Daily Mail Online

How a hacker's typo helped stop a billion dollar bank heist | Daily Mail Online

How a hacker's typo helped stop a billion dollar bank heist

By Reuters 08:09 10 Mar 2016, updated 08:09 10 Mar 2016

By Serajul Quadir

DHAKA, March 10 (Reuters) - A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.

Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

The hackers breached Bangladesh Bank's systems last month and stole its credentials for payment transfers, two senior Bangladesh Bank officials said.

They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh bank's account there to entities in the Philippines and Sri Lanka, the officials said.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organisation got held up because the hackers misspelled the name of the NGO.

The full name of the non-profit could not be learned. But one of the officials said the hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

Deutsche Bank declined to comment.

At the same time the unusually high number of payment instructions and the transfer requests to private entities - as opposed to other banks - made the Fed suspicious, which also alerted the Bangladeshis, the officials said.

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

The transactions that got stopped totalled between $850 million and $870 million, one of the officials said.

Last year, Russian computer security company Kaspersky Lab said a multinational gang of cyber criminals had stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years.

Iraqi dictator Saddam Hussein's son Qusay took $1 billion from Iraq's central bank on the orders of his father on the day before coalition forces began bombing the country in 2003, American and Iraqi officials have said. In 2007, guards at the Dar Es Salaam bank in Baghdad made off with $282 million.

MONEY RECOVERED

Bangladesh Bank has said it has recovered part of the money that was stolen, and is working with anti-money laundering authorities in the Philippines to try to recover the rest of the funds.

The recovered funds refer to the Sri Lanka transfer, which got stopped, one of the officials said.

The dizzying, global reach of the heist underscores the growing threat of cyber crime and how hackers can find weak links in even the most secure computer networks to steal money and wreak havoc.

More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems. They said there is little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.

Security experts said the perpetrators had deep knowledge of the Bangladeshi institution's internal workings, likely gained by spying on bank workers.

The Bangladesh government, meanwhile, is blaming the Fed for not stopping the transactions earlier.

Finance Minister Abul Maal Abdul Muhith told reporters on Tuesday that the country may resort to suing the Fed to recover the money.

"The Fed must take responsibility," the minister said.

The New York Fed has said that its systems were not breached and that it has been working with the Bangladesh central bank since the incident occurred.

The hacking of Bangladesh Bank happened sometime between Feb. 4 and Feb. 5, over the Bangladeshi weekend, which falls on a Friday, the officials said. The bank's offices were shut for the holiday.

Initially, the central bank was not sure if their system had been breached, but then cyber security experts, brought from the outside to investigate, found hacker "footprints" that suggested their system had been compromised, the officials said.

These experts could also tell that the attack originated from outside Bangladesh, they said. The bank is still looking into how they got into the system and an internal investigation is also continuing, they said.

The bank suspects money sent to the Philippines was further diverted to casinos there, the officials said.

The Philippine Amusement and Gaming Corp, which oversees the gaming industry there, said it has launched an investigation. The country's anti-money laundering authority is also working on the case. (Additional reporting by Jim Finkle in BOSTON, Jonathan Spicer in NEW YORK, Farah Master in HONG KONG and Shihar Aneez in COLOMBO; Editing by Paritosh Bansal and Raju Gopalakrishnan)



^ed 

College Hackers Compete to Shine Spotlight on Cybersecurity - ABC News

College Hackers Compete to Shine Spotlight on Cybersecurity - ABC News


College Hackers Compete to Shine Spotlight on Cybersecurity

Students from MIT and Britain's University of Cambridge will spend the weekend hacking one another's computers, with the blessing of their national leaders.

The two schools are competing in a hacking contest that U.S. President Barack Obama and British Prime Minister David Cameron announced last year among other joint cybersecurity projects between the two nations. The White House billed it as a showdown between the two prestigious schools, both known as heavyweights in the world of computer science.

But the colleges opted to make it a friendlier match. Instead of facing off against each other, the schools assigned their top hackers to six teams made up of students from both institutions. Teams will gather at MIT on Friday and then, for a frenzied 24 hours, try to hack into their opponents' computers and steal a trove of files.

"This isn't us versus them," said Howard Shrobe, a principal researcher at MIT's Computer Science and Artificial Intelligence Laboratory, which is hosting the event. "It's the best of both schools working together."

Along with bragging rights, winners will receive cash prizes of more than $20,000. It's intended to be the first in a series of global cybersecurity competitions.

After a summit in Washington last year, Obama and Cameron jointly called for wider collaboration on cybersecurity. It was only weeks after the U.S. government accused North Korea of hacking computers at Sony Pictures Entertainment Inc. The leaders also agreed to form a joint "cyber cell" among their national security agencies, among other measures.

Major breaches like the Sony hack have underscored what experts say is a shortage of cybersecurity professionals. An industry group reported last year that 86 percent of its members believe there is a shortage of skilled workers. The contest at MIT aims to spark interest in the field and to promote cooperation among academics.

"It is essential for us to work together and compare notes," said Frank Stajano, leader of the Academic Centre of Excellence in Cyber Security Research at the University of Cambridge, which is sending 10 students to the competition. "If you're not at least as good as the bad guys, then you have no chance against them."

Hacking competitions have been gaining popularity in recent years, both as sport and to train students for jobs in cybersecurity. By carrying out attacks, students learn to uncover weak spots in security systems and, in turn, build better defenses. On Friday, students will use computers that have hidden vulnerabilities already built-in.

"You have to identify them and patch them before other competitors notice them," said Rahul Sridhar, a sophomore competitor from MIT.

The event is styled after other so-called "capture the flag" hacking competitions, including an annual contest at the Def Con hacking conference that draws top professionals.

For the competition Friday, teams are encouraged to use any means necessary to retrieve the files they're hunting for. They can stick to hacking or try to trick opponents into divulging key information. It's meant to replicate a real cyberattack, with students thrown into the middle. Side events will let students tackle other challenges, including a lock-picking contest.

"Part of cybersecurity is physical security, too," Shrobe said. "Plus it's fun to learn how to pick a lock."

Both schools provided training to their students in recent weeks to sharpen their hacking skills. At the University of Cambridge, Stajano is already planning to add that training to the broader curriculum.

Meanwhile, organizers are already talking about arranging a sequel next year, perhaps with other institutions from around the world.

"The bad guys are organized," Stajano said, "so the good guys have to be organized as well."



^ed