September 10, 2014

Page 1

ChargerBulletin

www.ChargerBulletin.com

ChargerBulletin

THE

@ChargerBulletin

CHARGER BULLETIN Text us! 270.UNH.NEWS (864.6397)

The official student newspaper of the University of New Haven since 1938. Volume 96, Issue 3 | September 10, 2014 | West Haven, CT

UNH adds sixth college

By MIRIAM CORREIA

STAFF WRITER MCORR4@UNH.NEWHAVEN.EDU

–––––––––––––––––––––––––

T

his fall semester has brought many exciting changes to the University of New Haven, including the Lyme Academy College of Fine Arts, which has been added as UNH’s sixth college. Lyme Academy College of Fine Arts merged with UNH this past summer and is a four-year, nationally accredited college offering Bachelor of Fine Arts degrees in drawing, painting, sculpture, and illustration. “Its mission is to provide the best education in drawing, illustration, painting, and sculpture through study of the history, traditions, and principles of the fine arts and the liberal arts, thereby establishing a comprehensive foundation for the development of the artist,” according to a handout from the Admissions Office. As part of the program at Lyme Academy, seniors get their own on campus studio. The college is located in Old Lyme, which is 30 minutes north of the UNH main campus; it is one mile from the beach and two hours from N.Y. and Boston.

The housing option for Lyme Academy students right now is the Southwick Commons Townhomes; students get full townhouse living for student prices. These townhouses are fully furnished, with two bedrooms, a full kitchen, a living room, two full bathrooms and one half, a washer and dryer unit, a one car garage and two dedicated parking spaces, and an attic. They have on-site security, are five minutes from beaches and ten minutes from the train station. Along with adding the college to the university, two highly acclaimed illustrators have been added to the Lyme Academy College Illustration Faculty: Dale Stephanos and John Sideriadis. Stephanos has been featured in The New York Times, Newsweek, Entertainment Weekly, The New York Observer, The Washington Post and many other renowned publications. He has also received awards from the Society of Illustrators, Communication Arts, American Illustration, Illustrators West, the Maggies and The Independent Newspaper Association. Sideriadis has lots of experience with fantasy art, science fiction and mythological storytelling, which has led to an array of commissioned work in feature films, television shows, video games, novels, comics, board games, trading cards and

One of many art classes offered at Lyme Academy (photo by Katherine Fainer/ Charger Bulletin Photo) album covers. Some of his major clients include Ye Olde Gaming Company, Patrick Tatopoulos Designs, Eskimo Hill Pictures, Fuller Flippers, New Lands Press, KidsCOOK Productions, XVIVO 3D Animation Studios, Narcotics Anonymous World Services, the Hartford Courant and Auf Dem Schwarzen Thron. “Art at Work: Alumni Profiles” is a mini-book of some of Lyme Academy’s alumni highlighting the achievements of graduates.

Emily Bedard, who received her BFA in sculpture from Lyme Academy in 2009 and had the honor of completing a female figure for Seaside Park’s Soldiers and Sailors Monument in Bridgeport, Conn. in 2010, shared in the book, “The small classes and sense of community between the faculty and students make an ideal learning environment.” Brad Guarino, painter, draftsman, and printmaker, graduated from Lyme Academy in 2001 and was

featured in the book. “The years at Lyme were such a rich learning experience that it is hard to imagine my work and career without them,” he said. These and more alumni profiles can be found in this mini publication. The college will be holding a Studio Faculty Exhibition from September 12 to January 10. The Opening Reception will be held Friday, Sep 12 from 6 p.m. to 8 p.m.

App Secrets By SAMANTHA MATHEWSON

W

hat started as a class project in the University of New Haven’s digital device forensics course has since become world renowned after students discoverd security flaws, breaches of privacy and additional vulnerabilities in chat, dating and social media apps used by nearly one billion subscribers on the Android platform. “Anyone who has used or continues to use the tested applications are at risk of confidential breeches involving a variety of data, including their passwords in some instances,” said Ibrahim Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering, and head of the cFREG. The tested applications include Instagram, Okcupid, ooVoo, Tango, Kik, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike, textPlus, MyChat, WeChat, GroupMe, Whisper, LINE, Vine, Voxer, Words With Friends, Tinder, Wickr, BBM, Plenty of Fish, Snapchat, Kakao Talk, and Telegram. “We did not find issues in all of these applications, but the majority

EDITOR-IN-CHIEF SMATH3@UNH.NEWHAVEN.EDU

––––––––––––––––––––––––––

of them had anywhere from minor to severe issues that affect user security and/or privacy,” said senior information technology major Daniel Walnycky. “The application issues can be broken down into two categories: data security issues and data privacy issues,” said Walnycky. “Data security issues relate to unencrypted network transmissions from one user to another. Data privacy issues relate to unencrypted data being stored on user devices and/or app servers.” UNHcFREG made five videos outlining the problems that include passwords available in plain text and private information stored on company servers. The videos identifying the apps were posted starting Monday, Sept.8 and will continue through Friday, Sept. 12. The videos can be found at http://www.youtube. com/unhcfreg. “Each of the five videos discusses three or four applications with their specific issues. We explain the severity of the issues, how we found them, and a list of devices/tools used so that others can easily recreate our findings,” said Walnycky. “Although all of the data trans-

mitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user has no clue.” Baggili said this is especially true when there is a “manin-the-middle attack.” A man-in-the-middle attack is when an attacker finds a way to intercept traffic going between two victims. The victims believe they are talking directly to each other, but in actuality, the messages are going through the attacker before they reach the designated recipient. Many people feel they have nothing to hide. Yet, strangers can easily tap into a variety of “private” data without informing the app user, said Baggili. “The underlying problem that allows private conversations to be observed is a lack of encryption. A large percentage of applications still haven’t switched from HTTP (unencrypted) to HTTPS (encrypted),” said Walnycky. “In order for developers to use HTTPS, certifications are required. Certifications cost money and can take time to imple-

ment. A lot of developers don’t want to spend the money or time going through the process. This creates a lot of potential security and privacy holes.” “It’s wrong for a stranger to be able to look at your private information without you even knowing they are doing it,” Baggili said. “Depending on the app, user locations, passwords, chat logs, images, video, audio and sketches can be viewed by people invading the user’s privacy.” Strangers who tap into private conversations have the potential of observing user GPS locations, chat logs, images, videos, audio files, sketches, and even passwords. What they do with this information depends on the goal of the hacker. It could lead to black mail, extortion, account hijacking, etc. The security issues were discovered by the cFREG team, which ran a network forensics experiment. The team was made up of UNH students including Walnycky, Armindo Rodrigues and Jason Moore. Details of how this was done is included in the videos. The team was also joined by new faculty member, Frank Breitinger from Germany, and a PhD

research student from China. Walnycky described that in order to find data security and privacy issues he and his team conducted three tests: network transmission analysis, server storage analysis, and device storage analysis. “For the network transmission analysis the students conducted a man-in-the-middle attack through the use of a rogue Wi-Fi access point. A device was connected to this Wi-Fi access point and another device was connected outside the network. This setup forced all traffic to go through the rogue access point and be monitored by network traffic analysis software. They then proceeded to conduct conversations within applications and viewed the traffic logs for unencrypted traffic to determine what being sent/received was intercepted,” said Walnycky. “For the server storage analysis they looked deeper into these traffic logs to find direct HTTP links to files that were sent/received by users and stored on app servers without encryption or authentication. For the device storage analysis they searched through database files that applications use to store information.

CAMPUS

OPINION

ENTERTAINMENT

SPORTS

UNH’s Music Department is expanding to Nashville, Tenn. P. 2

Do you think WNHU should be played throughout campus? P. 4

Maroon 5 debuted their fifth album, V, last week. P.7

Chargers faced West Chester for the first game of the season. P. 11

See App page 3

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.