Press

Why secure email may be an illusion
May 22, 2018 | Steven Nelson, Washington Examiner

It's a wake-up call that some experts believe is overdue. “If you want confidential communications, you can't use email period,” said Nicholas Weaver, a computer science professor at the University of California at Berkeley, though he believes few people can exploit the vulnerabilities.

Bitcoin Could Be a Problem for U.S. Security Clearances
May 22, 2018 | Daniel Flatley, Bloomberg

But Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California, Berkeley, said the Pentagon is right to scrutinize clearance applicants who own cryptocurrencies, even those who are buying and holding them as investments, known as "HODL’ers."

Serge Egelman, one of the paper's co-authors, notes that thousands of apps are violating this law every day. In just one example, an advertising SDK (software development kit) made by ironSource is harvesting personal data from 466 child-directed apps.

Suspect Identified in C.I.A. Leak Was Charged, but Not for the Breach
May 15, 2018 | Scott Shane and Adam Goldman, New York Times

Despite the scale of the breach, Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, Calif., said WikiLeaks had exaggerated the danger to civil liberties from the C.I.A. hacking tools, which he said were actually designed to target small numbers of high-priority targets.

Narseo Vallina-Rodriguez, one of the authors of the recent Proceedings on Privacy Enhancing Technologies study, says he and his team did not know why the apps they examined were collecting personal data from children – whether they were doing it intentionally or by mistake, and whether that data was used for commercial purposes or internal purposes.

Nicholas Weaver, a senior researcher at the International Computer Science Institute at the University of California, Berkeley, told Motherboard in a Twitter message "This once again shows that data is like an oil spill: the contamination gets everywhere. The notion that a chain of 3+ companies, including one specifically intended for marketing, is able to resell access to everyone's real-time location with pretty high precision is disturbing but it shouldn't be surprising."

“I don't see it as any riskier than any of the other gazillion databases from a technical front,” Weaver told me via email. “Rather, it seems more likely to cause damage from a social front by needlessly and cruelly denying benefits due to innocent mistakes such as a transposed digit or forgotten social security number.”

“Most third-party services operate in the background and do not provide any visual cues inside the apps, effectively tracking users without their knowledge or consent while remaining virtually invisible,” wrote researchers in a February 2018 study. Meanwhile, the collected data is virtually untraceable as it is passed from data broker to marketers to others.

Researchers from the International Computer Science Institute at the University of California, Berkeley downloaded apps on a smartphone between November 2016 and March 2018. They then used an automated testing process where they ran the apps as a simulated user.

With this tool, AI could identify new malware as readily as it recognizes cats
April 18, 2018 | Jackie Snow, MIT Technology Review

“The hacker will find an example anyway,” says Gerald Friedland, a computer science professor at the University of California, Berkeley.

Pages