jakem.co

Jake Maskiewicz Cordero

Security Engineer

Publications

On the Practical Exploitability of Dual EC in TLS Implementations - Usenix Security 2014

August 2014 - research, security, TLS

I worked with Steve Checkoway, Matt Green, DJB, Hovav Shacham, and others to demonstrate the exploitability of a potential backdoor in NIST’s Dual EC random number generator. Provided that a server uses Dual EC to supply its TLS connections with randomness, my proof of concept program, given a single passive network capture of a HTTPS handshake, is able to retrieve the server’s long-lived ECDSA private key.

Mouse Trap: Exploiting Firmware Updates in USB Peripherals - Usenix WOOT 2014

August 2014 - research, security, reverse engineering, firmware

I worked with Ben Ellis, James Mouradian, and Hovav Schacham to demonstrate an end to end firmware exploitation of a gaming mouse. Although many users are aware of the threats that malware pose, users are unaware that malware can infect peripheral devices. Many embedded devices support firmware update capabilities, yet they do not authenticate such updates; this allows adversaries to infect peripherals with malicious firmware. We present a case study of the Logitech G600 mouse, demonstrating attacks on networked systems which are also feasible against air-gapped systems.

Experience

Security Research Intern - Raytheon SI

June 2015 - September 2015 - security, vunerability research, mobile

Raytheon SI is a research group at Raytheon focused on software and hardware security research. While there, I worked on mobile vulnerability research with a focus on fuzzing low-level OS functions.

Software Development Engineering Intern - Xbox

June 2014 - September 2014 - graphics, multiplayer, xbox one, game engines

I worked on the Xbox HEMI team to integrate Xbox Live Compute, the platform running dedicated servers on Azure for games such as Forza 5 and Titanfall, into leading game engines. As part of this integration effort, I worked closely with first party game developers such as Lionhead on their game Fable: Legends, and third party engine developers such as Epic on their Unreal Engine 4. Additionally, I worked on graphics features, such as a depth of field effect using compute shaders, and optimized them for Xbox One.

Engine Developer - 5 Second Rule

April 2014 - June 2014 - graphics, networking, game engines

In spring quarter of my third year at UC San Diego, I enrolled in the CSE 125: Software System Design and Implementation course. My 7 student team 5 Second Rule, spent 10 weeks building Vein: Rivers of Blood, a 3D networked real-time multiplayer video game without the use of any game engines or large libraries. I was responsible for overall engine architecture, graphics, and some gameplay. At the end of the quarter, I presented our game to professors, friends, and family at a large final event.

Software Development Engineering Intern - Microsoft

June 2013 - September 2013 - windows, azure, .net, c#

As part of Windows Azure’s move to a more distributed API management system, I worked with the Core Runtime team to create a data replication consistency checking tool. This tool verifies that internal subscription data was properly replicated across various data centers. This tool was integrated into the code base as both a single-subscription troubleshooting tool and a long-running process that can generate quality of service reports.

Summer Engineering Intern - Cisco Systems

June 2012 - September 2012 - ruby, selenium-webdriver, objective-c, iOS, oracle, sql

I worked as an engineering intern for Cisco in the summer of 2012 in the Cloud Collaboration Application Technology Group on the WebEx Meetings Collaboration system. In addition to fixing various Oracle database issues in the on-premise version of the system, I developed a series of black box UI tests using Ruby and the Selenium framework, and then went on to develop the prototype iOS application for our product.

Front End Developer - Variable Action

August 2011 - June 2012 - php, mysql, javascript

I was hired in Summer 2011 part time to help develop sites in Variable Action’s innovative content management system, Zesty. My job is to develop brand new Zesty websites, and to convert existing websites to Zesty. I work with PHP and MySQL on a remote server and focus on page load times and site usability. I also help maintain the Zesty Front End and its documentation to make sure that new developers can learn the system quickly.

Lab Assistant - The Salk Institute for Biological Studies

June 2010 - December 2011 - matlab, maximally-informative-dimensions, statistical-analysis

I was selected out of hundreds of applicants to work in the Computational Neurobiology Lab, under Dr. Tatyana Sharpee as part of the Salk High School Scholars program. I worked in Matlab processing large amounts of visual, auditory, and neural data, and then ran various algorithms on the data. My project was to participate in the UC Berkeley Neural Prediction Challenge, using our lab’s neural analysis algorithm, Maximally Informative Dimensions (MID) to predict neural response to natural stimuli. After completing this project, I worked to prepare various data sets for further analysis by my team’s researchers.

Education

B.S. / M.S. Computer Science - University of California, San Diego

Class of 2015/2016 - Security, Graphics, Operating Systems, Networks, Compilers

I am currently enrolled in the five-year BS/MS program, and plan to finish my graduate study in Winter 2016. I completed my undergraduate study as a Computer Science major in Winter 2015. I was a recipient of the Jacobs Engineering Scholarship, which is a full scholarship (tuition, housing, food, books, etc.) awarded to only eleven students in my class.

Skills

Examples