Search for: All records

In this work, we analyze to what extent actors target poorly-secured cloud storage buckets for attack. We deployed hundreds of AWS S3 honeybuckets with different names and content to lure and measure different scanning strategies. Actors exhibited clear preferences for scanning buckets that appeared to belong to organizations, especially commercial entities in the technology sector with a vulnerability disclosure program. Actors continuously engaged with the content of buckets by downloading, uploading, and deleting files. Most alarmingly, we recorded multiple instances in which malicious actors downloaded, read, and understood a document from our honeybucket, leading them to attempt to gain unauthorized server access. 

While the computer science community has explored the importance of Undergraduate Research Experiences (UREs) and, separately, collaboration in computing (e.g. pair programming), little research has studied collaboration in the context of a URE. We performed a qualitative thematic analysis of how students collaborate within a group-structured, academic-year, inclusive computing URE catered towards second-year students at two large public research universities in the United States. We analyzed free-response and Likert-scale survey data collected early and late in the program from a total of 106 students who comprised three program cohorts. We studied their overall group function, what aspects of group work led to positive or negative group experiences, how their group affected their feelings of being supported, and how their group affected their sense of belonging in computing. We found that group experiences were overwhelmingly positive. Further, we found that students’ experiences in groups centered around three themes: group fit and belonging, emotional and academic support, and logistics. Within each theme, their experiences were rich and nuanced, and we observed variations by gender, and to a lesser degree by race. Our work suggests that group-structured UREs are both feasible and beneficial for students, and we give concrete suggestions for how to make these experiences successful.